System Information Leakage
Learn how to prevent system information leakage with real code examples and best practices. Protect your application from exposing sensitive system details and technical information.
Tools recognizing this:
Opengrep Fortify Checkmarx SonarQube Snyk Semgrep CodeQL
What is System Information Leakage and How Does it Work?
System Information Leakage occurs when an application inadvertently reveals sensitive technical information, such as stack traces, error messages, or system details. This information can be valuable to attackers, helping them understand the system's architecture and potential vulnerabilities.
The exposed information might include:
Stack traces with internal code paths
Database error messages
Server versions and technologies
Internal IP addresses or hostnames
System file paths
Debug information
This guide covers System Information Leakage, examples, prevention methods, and how to secure your application using real-world techniques.
One Simple System Information Leakage Example
Consider this common example of error handling:
try {
processRequest();
} catch (Exception e) {
response.sendError(500, e.toString());
}
This could expose sensitive information like:
java.sql.SQLException: Error executing query at line 42 in /var/www/app/dao/UserDAO.java
The error message reveals: Internal file pathsImplementation detailsDatabase information
System Information Leakage Prevention Methods: How to Fix Your Code
The most effective way to fix System Information Leakage is to implement proper error handling with custom error messages and logging. This involves catching specific exceptions, logging them securely, and showing generic error messages to users.
Code Samples
Vulnerable Code
try {
processRequest();
} catch (Exception e) {
response.sendError(500, e.toString());
}
Fixed Code
try {
processRequest();
} catch (Exception e) {
String errorId = generateErrorId();
logger.error("Unexpected error: " + errorId, e);
response.sendError(500, "An unexpected error occurred. Reference: " + errorId);
}
Fix Explanation
The vulnerable code exposes detailed error information to users.The fix generates a unique error ID for tracking.Internal details are logged securely but hidden from users.Users receive a generic message with a reference ID.
Need more help in preventing System Information Leakage?
Mobb supports fixing many forms of System Information Leakage vulnerabilities, and can mitigate your issues in batch.
Start now for free at app.mobb.ai
We'd love your feedback!
We're excited to hear your thoughts and ideas about fixing vulnerabilities.
Book a meeting or Contact us if you have any corrections, questions or suggestions. Start now for free at https://app.mobb.ai
Last updated
Was this helpful?