contrib.nodejsscan.error_disclosure.generic_error_disclosure

returntocorp

Author

Download Count*

GPLv3

License

Error messages with stack traces may expose sensitive information about the application.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: generic_error_disclosure
    patterns:
      - pattern-either:
          - pattern: |
              console.trace(...)
          - pattern: |
              try {
                  ...
              } catch($ERR){
                  console.error(<... $ERR ...>, ...);
              }
    message: Error messages with stack traces may expose sensitive information about
      the application.
    languages:
      - javascript
    severity: WARNING
    metadata:
      owasp: A03:2017 - Sensitive Data Exposure
      cwe: "CWE-209: Generation of Error Message Containing Sensitive Information"
      category: security
      technology:
        - node.js
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Short Link: https://sg.run/8yZj