Leakage of sensitive information in exception message
- Rule ID: php_lang_information_leakage
- Languages: php
- Source: information_leakage.yml
Description
Leakage of sensitive information in exception messages poses a significant security risk. When an exception message is printed to the default output, it might reveal sensitive details about your application's technical setup or environment. This could potentially open the door to attacks, such as path traversal. Even more concerning is the possibility of exposing user-specific data, which could lead to serious privacy breaches.
Remediations
- Do not print the full stack trace to the default output. This can inadvertently reveal sensitive information.
echo $e->getTrace(); // unsafe
- Do log only the essential details required for error messages. This minimizes the risk of sensitive data exposure.
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_information_leakage
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_information_leakage