Stack trace exposure Medium

Stack traces can be hard for users to use to debug issues. We recommend that you use exception handling and send an error message to the user.

Detector ID
typescript/stack-trace-exposure@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1import express, {Request, Response} from 'express'
2var app = express()
3function stackTraceExposureNoncompliant() {
4  app.get("www.example.com", (req: Request, res: Response) => {
5    try {
6      throw new Error("");
7    } catch (e: unknown | any) {
8      var stackTrace = e.stack || e.stacktrace;
9    }
10    // Noncompliant: it is returning exception.
11    res.send(stackTrace);
12  });
13}

Compliant example

1import express, {Request, Response} from 'express'
2var app = express()
3function stackTraceExposureCompliant() {
4  app.get(
5    "www.example.com",
6    (req: Request, res: Response) => {
7      try {
8        throw new Error("");
9      } catch (e: unknown | any) {
10        var stackTrace = e.stack || e.stacktrace;
11      }
12      // Compliant: it is not returning exception.
13      res.send("foo");
14    },
15  );
16}