Leakage of sensitive data in exception message

• Rule ID: javascript_lang_exception
• Languages: javascript
• Source: exception.yml

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

Remediations

• Do not include sensitive data in exception messages. This can inadvertently expose personal or confidential information.

  throw new CustomError(`Error with ${user.email}`) // unsafe

• Do use non-sensitive, unique identifiers in exception messages to maintain user privacy and data security.

  throw new CustomError(`Error with ${user.uuid}`)

Associated CWE

• CWE-210: Self-generated Error Message Containing Sensitive Information

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_lang_exception

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_lang_exception