Application Properties Validation (SL014)
Validates application*.properties for debug flags, unsafe log levels, and metrics exporting settings.
Description
Scans application.properties and application-<profile>.properties for disallowed 'debug=true', warns on DEBUG/TRACE log levels, and when using mobile-framework >= 2.4.0, enforces metrics exporting properties in SQA/PROD profiles.
Rationale
Prevent unsafe debug flags, excessive logging, and ensure required metrics exporting in production-like profiles.
Findings
-
ERROR
-
debug=true is present in application*.properties
-
Required metrics exporting property missing in application-sqa.properties or application-prod.properties for mobile-framework >= 2.4.0
-
-
WARNING
-
logging.level.<package> set to DEBUG or TRACE
-
Noncompliant
Disallowed debug and log level
# Debug flag should not be enabled
debug=true
# Excessive logging level should be avoided
logging.level.com.example.svc=debug
logging.level.gov.va.mobile.tools=TRACECompliant
Compliant production properties
# No global debug flag
# debug=false
# Reasonable logging levels
logging.level.com.example.svc=INFO
# Required metrics exporting when mobile-framework >= 2.4.0 (for prod)
management.dynatrace.metrics.export.enabled=true
management.prometheus.metrics.export.enabled=true