Leakage of sensitive data in exception message
- Rule ID: ruby_lang_exception
- Languages: ruby
- Source: exception.yml
Description
Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability occurs when sensitive information is included in exceptions, making it accessible to unauthorized users.
Remediations
- Do not include sensitive data in exception messages. This can inadvertently expose private information.
raise CustomException.new(user.email) # unsafe
- Do use non-sensitive, unique identifiers in exception messages to avoid revealing personal information.
raise CustomException.new(user.uuid)
Associated CWE
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=ruby_lang_exception
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=ruby_lang_exception