Application Properties Validation (SL014)

Validates application*.properties for debug flags, unsafe log levels, and metrics exporting settings.

Description

Scans application.properties and application-<profile>.properties for disallowed 'debug=true', reporting ERROR on its appearance. Warns on DEBUG/TRACE log levels, and when using mobile-framework >= 2.4.0, enforces metrics exporting properties in SQA/PROD profiles, specifically Prometheus, reporting ERROR on incorrect formatting.Warns when va.mobile.web.use-trailing-slash-match or va.mobile.web.error.format are set to default in application.properties when using mobile-framework >= 2.5.0

Rationale

Prevent unsafe debug flags, excessive logging, and ensure required metrics exporting in production-like profiles.

Findings

  • ERROR

    • debug=true is present in application*.properties

    • Required metrics exporting property missing in application-sqa.properties or application-prod.properties for mobile-framework >= 2.4.0

  • WARNING

    • logging.level.<package> set to DEBUG or TRACE

Noncompliant

Disallowed debug and log level
# Debug flag should not be enabled
debug=true

# Excessive logging level should be avoided
logging.level.com.example.svc=debug
logging.level.gov.va.mobile.tools=TRACE

# Required metrics missing for exporting when mobile-framework >= 2.4.0 (for prod)
management.prometheus.metrics.export.enabled=false

Compliant

Compliant production properties
# No global debug flag
# debug=false

# Reasonable logging levels
logging.level.com.example.svc=INFO

# Required metrics exporting when mobile-framework >= 2.4.0 (for prod)
management.prometheus.metrics.export.enabled=true

Configuration

This rule has no configuration.