mirror of
https://github.com/github/codeql.git
synced 2026-03-15 12:06:51 +01:00
25 lines
918 B
Plaintext
25 lines
918 B
Plaintext
/**
|
|
* @name Information exposure through an exception
|
|
* @description Leaking information about an exception, such as messages and stack traces, to an
|
|
* external user can expose implementation details that are useful to an attacker for
|
|
* developing a subsequent exploit.
|
|
* @kind path-problem
|
|
* @problem.severity error
|
|
* @security-severity 5.4
|
|
* @precision high
|
|
* @id py/stack-trace-exposure
|
|
* @tags security
|
|
* external/cwe/cwe-209
|
|
* external/cwe/cwe-497
|
|
*/
|
|
|
|
import python
|
|
import semmle.python.security.dataflow.StackTraceExposureQuery
|
|
import StackTraceExposureFlow::PathGraph
|
|
|
|
from StackTraceExposureFlow::PathNode source, StackTraceExposureFlow::PathNode sink
|
|
where StackTraceExposureFlow::flowPath(source, sink)
|
|
select sink.getNode(), source, sink,
|
|
"$@ flows to this location and may be exposed to an external user.", source.getNode(),
|
|
"Stack trace information"
|