Leakage of sensitive data in exception message
Overview
Rule ID:
java_lang_exception
Applicable Languages: Java
Weakness ID: CWE-210
Description
Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.
Remediation Guidelines
Avoid including sensitive data in exception messages to prevent inadvertent exposure of private information.
throw new Exception("error for " + user.email);
Use non-sensitive, unique identifiers in exception messages to avoid revealing personal identifiable information (PII).
throw new Exception("error for " + user.id);
References
Configuration
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL
Last updated