Field Suggestion

Description

Field Suggestion allows users to infer the entire schema. Example of errors: Error: Field "XYZ" is missing.

Remediation

Avoid providing verbose error messages to users in production.

REST Specific

Asp_net

Avoid returning verbose error messages.

Ruby_on_rails

Avoid returning verbose error messages.

Next_js

Avoid returning verbose error messages.

Laravel

Avoid returning verbose error messages.

Express_js

Avoid returning verbose error messages.

Django

Avoid returning verbose error messages.

Symfony

Avoid returning verbose error messages.

Spring_boot

Avoid returning verbose error messages.

Flask

Avoid returning verbose error messages.

Nuxt

Avoid returning verbose error messages.

Fastapi

Avoid returning verbose error messages.

Configuration

Identifier: information_disclosure/rest_field_suggestion

Examples

Ignore this check

checks:
  information_disclosure/rest_field_suggestion:
    skip: true

Score

• Escape Severity: LOW

Compliance

• OWASP: API3:2023

• pci: 5.2.6

Classification

• CWE: 200

Score

References

• https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A3-Sensitive_Data_Exposure
  • https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html