| name | detecting-information-disclosure |
| description | Detects information disclosure vulnerabilities including sensitive data in logs, error message exposure, and memory leaks. Use when analyzing logging practices, error handling, or investigating data leakage issues. |
Information Disclosure Detection
Detection Workflow
- Identify sensitive data flows: Find where sensitive data is handled, trace data through application, identify all output points
- Check logging practices: Analyze log statements, check error messages, review debug output
- Assess exposure points: Identify all user-facing output, check external API responses, review file system artifacts
- Evaluate impact: What information is disclosed? How sensitive is it? Who can access it?
Key Patterns
- Sensitive data in logs: passwords, keys, stack traces in production logs
- Error message disclosure: detailed errors revealing system info, paths, database queries
- Memory disclosure: uninitialized memory reads, out-of-bounds reads, format string leaks
- Storage disclosure: plaintext storage, weak encryption, insecure file permissions
Output Format
Report with: id, type, subtype, severity, confidence, location, sensitive data type, disclosure point, vulnerability description, exposure scope, risk, mitigation.
Severity Guidelines
- CRITICAL: Disclosure of cryptographic keys or passwords
- HIGH: Disclosure of sensitive user data
- MEDIUM: Disclosure of system information
- LOW: Disclosure of minor debug information
See Also
patterns.md- Detailed detection patterns and exploitation scenariosexamples.md- Example analysis cases and code samplesreferences.md- CWE references and mitigation strategies