AWS logo
Amazon CodeGuruDetector Library

Stack trace exposure Medium

Stack traces can be hard for users to use to debug issues. We recommend that you use exception handling and send an error message to the user.

Detector ID
javascript/stack-trace-exposure@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1var express = require('express')
2var app = express()
3function stackTraceExposureNoncompliant() {
4    app.get('www.example.com', (req, res) => {
5        try {
6            throw new Error('')
7        }
8        catch (e) {
9            var stackTrace = e.stack || e.stacktrace
10        }
11        // Noncompliant: it is returning exception.
12        res.send(stackTrace)
13    })
14}

Compliant example

1var express = require('express')
2var app = express()
3function stackTraceExposureCompliant() {
4    app.get('www.example.com', (req, res) => {
5        try {
6            throw new Error('')
7        }
8        catch (e) {
9            var stackTrace = e.stack || e.stacktrace
10        }
11        // Compliant: it is not returning exception.
12        res.send("foo")
13    })
14}