Remove debug dump helpers from production PHP | Critiq Docs

#Metadata

Rule ID: php.security.debug-function-exposure
Severity: medium
Confidence: 0.86
Languages: php
Presets: security, strict
Stability: stable
Applies to: block
Tags: debug, information-leakage, php, rules-catalog, security

#Why it matters

Debug helpers can leak secrets, PII, and internal object state to logs or HTTP responses.

#Remediation

Remove debug helpers from production paths or route diagnostics through structured logging with redaction.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/php/php.security.debug-function-exposure.rule.yaml.

Back to directory Open rule in repository