Leakage of sensitive data in exception message

Overview

Rule ID: java_lang_exception
Applicable Languages: Java
Weakness ID: CWE-210

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

Remediation Guidelines

Avoid including sensitive data in exception messages to prevent inadvertent exposure of private information.
```
throw new Exception("error for " + user.email);
```
Use non-sensitive, unique identifiers in exception messages to avoid revealing personal identifiable information (PII).
```
throw new Exception("error for " + user.id);
```

References

CWE-210: Self-generated Error Message Containing Sensitive Information

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive data in cookie NextLeakage of sensitive data to Airbrake

Last updated 12 months ago