Information Disclosure Detection
Detection Workflow
- •Identify sensitive data flows: Find where sensitive data is handled, trace data through application, identify all output points
- •Check logging practices: Analyze log statements, check error messages, review debug output
- •Assess exposure points: Identify all user-facing output, check external API responses, review file system artifacts
- •Evaluate impact: What information is disclosed? How sensitive is it? Who can access it?
Key Patterns
- •Sensitive data in logs: passwords, keys, stack traces in production logs
- •Error message disclosure: detailed errors revealing system info, paths, database queries
- •Memory disclosure: uninitialized memory reads, out-of-bounds reads, format string leaks
- •Storage disclosure: plaintext storage, weak encryption, insecure file permissions
Output Format
Report with: id, type, subtype, severity, confidence, location, sensitive data type, disclosure point, vulnerability description, exposure scope, risk, mitigation.
Severity Guidelines
- •CRITICAL: Disclosure of cryptographic keys or passwords
- •HIGH: Disclosure of sensitive user data
- •MEDIUM: Disclosure of system information
- •LOW: Disclosure of minor debug information
See Also
- •
patterns.md- Detailed detection patterns and exploitation scenarios - •
examples.md- Example analysis cases and code samples - •
references.md- CWE references and mitigation strategies