CodeQL documentation

Information exposure through transmitted data

ID: cs/sensitive-data-transmission
Kind: path-problem
Severity: error
Precision: high
Tags:
   - security
   - external/cwe/cwe-201
Query suites:
   - csharp-code-scanning.qls
   - csharp-security-extended.qls
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

Transmitting sensitive data to the user is a potential security risk. Always ensure that transmitted data is intended for the user. For example, passwords and the contents of database exceptions are generally not appropriate to send to the user, as they reveal information that could be abused or exploited.

Recommendation

Avoid transmitting passwords or exceptions to the user. Instead, create a more user-friendly message that does not contain potentially sensitive information. Technical errors should be written to a log file.

Example

The following example shows the user password being sent back to the user.

public class Handler : IHttpHandler
{

    public void ProcessRequest(HttpContext ctx)
    {
        try
        {
       ...
    }
        catch (AuthenticationFailure ex)
        {
            ctx.Response.Write("Invalid password: " + password);
        }
    }
}

The following example shows a database exception being sent to the user. Exceptions can often contain unnecessary technical or sensitive information that should not be seen by the user.

public class Handler : IHttpHandler
{

    public void ProcessRequest(HttpContext ctx)
    {
        try
        {
       ...
    }
        catch (DbException ex)
        {
            ctx.Response.Write("Database error: " + ex.Message);
        }
    }
}

References