Stack trace is exposed, which gives unnecessary architectural information. This information may give an attack information on how to trigger more attacks.
1def exposure_of_stack_trace_noncompliant
2 # Process
3 rescue => e
4 # Noncompliant: Rendering the stack trace information
5 render body: e.backtrace, content_type: "text/plain"
6 end
1def exposure_of_stack_trace_compliant
2 # Process
3 rescue => e
4 # Compliant: Rending a simple error message.
5 render body: "An error occurred", content_type: "text/plain"
6end