Stack trace exposure via output
Description
Avoid printing stack traces directly to output streams. This may expose internal application information useful to attackers.
Examples
Insecure Code
scala
try { ... } catch { case e: Exception => e.printStackTrace }Secure Code
scala
try { ... } catch { case e: Exception => logger.error("Error", e) }Remediation
Use a logging framework to log exceptions instead of printing them to output streams.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0676 |
| Category | ErrorHandling |
| Severity | LOW |
| CWE | CWE-209 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | |
| OWASP | A01:2021-Broken Access Control |