# Leakage of sensitive data in exception message

## Overview

* **Rule ID**: `java_lang_exception`
* **Applicable Languages**: Java
* **Weakness ID**: CWE-210

## Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

## Remediation Guidelines

* **Avoid** including sensitive data in exception messages to prevent inadvertent exposure of private information.

  ```java
  throw new Exception("error for " + user.email);

  ```
* **Use** non-sensitive, unique identifiers in exception messages to avoid revealing personal identifiable information (PII).

  ```java
  throw new Exception("error for " + user.id);
  ```

## References

* [**CWE-210: Self-generated Error Message Containing Sensitive Information**](https://cwe.mitre.org/data/definitions/210.html)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)