Leakage of sensitive data in exception message

  • Rule ID: php_lang_exception
  • Languages: php
  • Source: exception.yml

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

Remediations

  • Do not include sensitive data in exception messages. This can inadvertently expose private information.
    throw new Exception("error for {$user->email}"); // unsafe
  • Do use non-sensitive, unique identifiers in exception messages to avoid revealing personal information.
    throw new Exception("error for {$user->uuid}");

Associated CWE

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_exception

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_exception