Leakage of sensitive information in exception message

Rule ID: go_lang_information_leakage
Languages: go
Source: information_leakage.yml

Description

Leakage of sensitive information in exception messages can compromise your application's security. This occurs when exception messages reveal too much about your application's internal workings or user-specific data, potentially aiding attackers in crafting targeted attacks such as path traversal.

Remediations

Do not include sensitive information in exception messages. This prevents accidental exposure of application details or user data.
Do limit the information logged in error messages to only what is necessary for troubleshooting. This minimizes the risk of information leakage.

References

Web Application Security Consortium: Information Leakage

Associated CWE

CWE-209: Generation of Error Message Containing Sensitive Information

OWASP Top 10

A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_information_leakage

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_information_leakage