Spring Security's debug mode is useful during development and debugging, but could expose sensitive information to attackers such as request parameters, passwords, tokens or headers and should not be included in production code.
@Configuration
@EnableWebSecurity(debug = true) // Noncompliant
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
...
}
@Configuration
@EnableWebSecurity(debug = false) // Compliant
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
...
}