Possible information leakage detected.

Description

Printing an exception message to the default output is risky because it may contain sensitive information such as the technical details of your application or environment (which in turn could expose your application to path traversal attacks, for example), or worse, user-specific data.

Remediations

❌ Avoid printing the full stack trace

✅ Less is more! Only log the minimum required details in error messages

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_information_leakage

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_information_leakage

Ready to take the next step? Learn more about Bearer Cloud.