CodeQL documentation
CodeQL resources

Information exposure through transmitted data

ID: cs/sensitive-data-transmission Kind: path-problem Security severity: 4.3 Severity: error Precision: high Tags: - security - external/cwe/cwe-201 Query suites: - csharp-code-scanning.qls - csharp-security-extended.qls - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

Transmitting sensitive data to the user is a potential security risk. Always ensure that transmitted data is intended for the user. For example, passwords and the contents of database exceptions are generally not appropriate to send to the user, as they reveal information that could be abused or exploited.

Recommendation

Avoid transmitting passwords or exceptions to the user. Instead, create a more user-friendly message that does not contain potentially sensitive information. Technical errors should be written to a log file.

Example

The following example shows the user password being sent back to the user.

publicclassHandler:IHttpHandler{publicvoidProcessRequest(HttpContextctx){try{...}catch(AuthenticationFailureex){ctx.Response.Write("Invalid password: "+password);}}}

The following example shows a database exception being sent to the user. Exceptions can often contain unnecessary technical or sensitive information that should not be seen by the user.

publicclassHandler:IHttpHandler{publicvoidProcessRequest(HttpContextctx){try{...}catch(DbExceptionex){ctx.Response.Write("Database error: "+ex.Message);}}}

References

close