Leakage of sensitive information in exception message

Description

Leakage of sensitive information in exception messages poses a significant security risk. When an exception message is printed to the default output, it might reveal sensitive details about your application's technical setup or environment. This could potentially open the door to attacks, such as path traversal. Even more concerning is the possibility of exposing user-specific data, which could lead to serious privacy breaches.

Remediations

  • Do not print the full stack trace to the default output. This can inadvertently reveal sensitive information.
    System.out.println(e); // unsafe
  • Do limit error messages to only include the necessary information for understanding the issue without exposing sensitive data.
    System.out.println("An error occurred. Please try again.");

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_information_leakage

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_information_leakage