Failure to filter sensitive information when propagating exceptions often results in information leaks that can assist an attacker's efforts to expand the attack surface. An attacker may craft input arguments to expose internal structures and mechanisms of the application. Both the exception message text and the type of an exception can leak information. For example, the message of a FileNotFoundException reveals information about the file system layout and the exception type reveals the absence of the requested file.
| Wiki Markup |
|---|
This guidelinerule applies to server side applications as well as to clients. Adversaries can glean sensitive information not only from vulnerable web servers but also from victims who use vulnerable web browsers. In 2004, Schoenefeld discovered an exploit for the Opera v7.54 web browser, wherein an attacker could use the {{sun.security.krb5.Credentials}} class in an applet as an oracle to "retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown {{java.security.AccessControlException}}" \[[Schoenefeld 2004|AA. Bibliography#Schoenefeld 04]\]. |
...
It also catches Throwable, as warranted by EX0 of ERR14-J. Do not catch RuntimeException, It also uses the MyExceptionReporter class described in guideline rule ERR00-J. Do not suppress or ignore checked exceptions, which handles responsibility for filtering sensitive information from any resulting exceptions.
...
Compliant solutions must ensure that security exceptions such as java.security.AccessControlException and java.lang.SecurityException continue to be logged and sanitized appropriately. See guideline rule ERR07-J. Prevent exceptions while logging data for additional information. The MyExceptionReporter class from guideline rule ERR00-J. Do not suppress or ignore checked exceptions demonstrates an acceptable approach for this logging and sanitization.
...
Other Languages
This guideline rule appears in the C++ Secure Coding Standard as ERR12-CPP. Do not allow exceptions to transmit sensitive information.
...