Information Disclosure

ruby.checkdetailedexceptions

Severity

low

Resource

Language

Ruby

Description

Generation of error messages containing sensitive information.

Rationale

Checks for information disclosure displayed via detailed exceptions

Remediation

To remediate instances of information exposure through error messages, the primary action is to limit the detail provided in exceptions sent to the end-user. Consider the following steps:

Generic Error Messages: Ensure that user-facing error messages do not reveal detailed system information. Use generic language and avoid technical specifics.
Centralized Error Handling: Employ a global exception handling strategy using a framework that standardizes error responses across your applications.
Logging: Utilize logging frameworks to log detailed error information securely, ensuring logs do not expose sensitive data.
Security Review: Review all instances where exceptions are caught and handled, ensuring they follow the guidelines above, particularly in areas of code that are publicly accessible.

Following these steps reduces the risk of sensitive data exposure through error messages, thereby strengthening the security posture of the application.

Configuration

This detector does not need any configuration.

References

CWE-209 : Generation of Error Message Containing Sensitive Information.
OWASP Top 10 2021 - A4 : Insecure Design.