Skip to content

Ensure 'debug_print_parse' is disabled

Description

The debug_print_parse setting enables printing the resulting parse tree for each executed query.

These messages are emitted at the LOG message level.

Unless directed otherwise by your organization's logging policy, it is recommended this setting be disabled by setting it to off.

Rationale

Enabling any of the DEBUG printing variables may cause the logging of sensitive information that would otherwise be omitted based on the configuration of the other logging settings.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the debug_print_parse option is off
 */

function validate(databaseSettings) {
    const settingName = 'debug_print_parse'
    const expectedValue = 'off'
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);