Stack Trace Exposure High

Stack trace is exposed, which gives unnecessary architectural information. This information may give an attack information on how to trigger more attacks.

Detector ID
ruby/stack-trace-exposure@v1.0
Category
Common Weakness Enumeration (CWE) external icon
Tags
-

Noncompliant example

1def exposure_of_stack_trace_noncompliant
2      # Process
3    rescue => e
4      # Noncompliant: Rendering the stack trace information
5      render body: e.backtrace, content_type: "text/plain"
6 end

Compliant example

1def exposure_of_stack_trace_compliant
2  # Process
3  rescue => e
4    # Compliant: Rending a simple error message.
5    render body: "An error occurred", content_type: "text/plain"
6end