ajinabraham.njsscan.error_disclosure.generic_error_disclosure

ajinabraham

Author

2,040

Download Count*

GPLv3

License

Error messages with stack traces may expose sensitive information about the application.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: generic_error_disclosure
    patterns:
      - pattern-either:
          - pattern: |
              console.trace(...)
          - pattern: |
              try {
                  ...
              } catch($ERR){
                  console.error(<... $ERR ...>, ...)
              }
    message: Error messages with stack traces may expose sensitive information about
      the application.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp-web: a3
      cwe: cwe-209
      license: LGPL-3.0-or-later

Short Link: https://sg.run/YvRD