No `if (false)` / `if (true)` debug blocks

Why it matters

if (false) blocks are code that never executes — AI commonly uses them to 'disable' logic without deleting it, leaving dead branches that confuse static analysis, obscure actual code paths, and make security reviews unreliable. if (true) debug toggles expose internal state (request bodies, database rows, session tokens) to logs that may be shipped to log aggregators, error trackers, or observability platforms. CWE-489 (Active Debug Code) applies: these patterns signal that the code was never cleaned up after prototyping and likely contains other unfinished logic nearby.

Remediation

Delete if (false) blocks entirely — they are dead code with no runtime value. For if (true) debug toggles, replace them with environment-gated flags in src/lib/logger.ts or equivalent:

// Remove these:
if (false) { doOldThing() }
if (true) { console.log('debug:', sensitiveData) }

// Replace debug logging with:
if (process.env.DEBUG === 'true') {
  console.log('debug:', safeToLogData)
}

// Or use a structured logger that respects log level:
import { logger } from '@/lib/logger'
logger.debug({ event: 'auth-check', userId }) // no raw data

Search non-test source files for the literal strings if (false), if(false), if (true), if(true) and remove every match.

Detection

ID: ai-slop-half-finished.incomplete-impl.if-false-debug-blocks
Severity: medium
What to look for: Walk all non-test source files. Count all occurrences of these exact literal conditional patterns: if (false), if(false), if (true), if(true), if (0), if(0), if (1), if(1), if (!true), if (!false), while (false), while (true) { ... break } (infinite loops with immediate break). Also count named constant patterns at module scope: const ENABLED = false; if (ENABLED) { ... }, const DEBUG = true; if (DEBUG) { ... }.
Pass criteria: 0 if (true/false) debug blocks in non-test source files. Report: "Scanned X source files, 0 debug-flag conditionals."
Fail criteria: At least 1 source file contains an if (true) or if (false) conditional.
Skip (N/A) when: Project has 0 source files.
Detail on fail: "2 debug blocks: 'if (false) { /* old auth logic */ }' in src/lib/auth.ts line 15 (dead code), 'const DEBUG = true; if (DEBUG) console.log(data)' in src/lib/logger.ts line 8"

Remediation: if (false) blocks are dead code — AI commonly uses them to "disable" features without deleting the code. if (true) blocks are debug toggles that were never turned off. Remove both:

// Bad: dead code kept "just in case"
if (false) {
  doOldThing()
}
if (true) {  // debug toggle
  console.log('debug:', data)
}

// Good: delete dead code, use env-based debug flags
// Remove the dead block entirely
// For debug: if (process.env.DEBUG) { console.log(...) }

Why it matters

Remediation

Delete if (false) blocks entirely — they are dead code with no runtime value. For if (true) debug toggles, replace them with environment-gated flags in src/lib/logger.ts or equivalent:

// Remove these:
if (false) { doOldThing() }
if (true) { console.log('debug:', sensitiveData) }

// Replace debug logging with:
if (process.env.DEBUG === 'true') {
  console.log('debug:', safeToLogData)
}

// Or use a structured logger that respects log level:
import { logger } from '@/lib/logger'
logger.debug({ event: 'auth-check', userId }) // no raw data

Search non-test source files for the literal strings if (false), if(false), if (true), if(true) and remove every match.

Detection

ID: ai-slop-half-finished.incomplete-impl.if-false-debug-blocks
Severity: medium
What to look for: Walk all non-test source files. Count all occurrences of these exact literal conditional patterns: if (false), if(false), if (true), if(true), if (0), if(0), if (1), if(1), if (!true), if (!false), while (false), while (true) { ... break } (infinite loops with immediate break). Also count named constant patterns at module scope: const ENABLED = false; if (ENABLED) { ... }, const DEBUG = true; if (DEBUG) { ... }.
Pass criteria: 0 if (true/false) debug blocks in non-test source files. Report: "Scanned X source files, 0 debug-flag conditionals."
Fail criteria: At least 1 source file contains an if (true) or if (false) conditional.
Skip (N/A) when: Project has 0 source files.
Detail on fail: "2 debug blocks: 'if (false) { /* old auth logic */ }' in src/lib/auth.ts line 15 (dead code), 'const DEBUG = true; if (DEBUG) console.log(data)' in src/lib/logger.ts line 8"

// Bad: dead code kept "just in case"
if (false) {
  doOldThing()
}
if (true) {  // debug toggle
  console.log('debug:', data)
}

// Good: delete dead code, use env-based debug flags
// Remove the dead block entirely
// For debug: if (process.env.DEBUG) { console.log(...) }

No `if (false)` / `if (true)` debug blocks

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

No `if (false)` / `if (true)` debug blocks

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History