Leakage of sensitive data in exception message

• Rule ID: python_lang_exception
• Languages: python
• Source: exception.yml

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.

Remediations

• Do not include sensitive data in exception messages. This can inadvertently expose private information.

  raise Exception(f"User '{user.email}' is unauthorized") # unsafe

• Do use non-sensitive, unique identifiers in exception messages to avoid revealing personal information.

  raise Exception(f"User '{user.uuid}' is unauthorized") # unsafe

Associated CWE

• CWE-210: Self-generated Error Message Containing Sensitive Information

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_lang_exception

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_lang_exception