CWE-598 Information Exposure Through Query Strings
Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged sensitive data being placed into URL query parameters (tokens, passwords, API keys, personal data).
Why it matters
Query strings can leak through logs, history, and referrers.
- Logs and monitoring often capture full URLs.
- Browser history and bookmarks persist query strings.
- Referrers can leak query strings to third-party sites.
Safer examples
1) Use headers or POST bodies for secrets
await fetch("/api/resource", {
method: "POST",
headers: { Authorization: `Bearer ${token}` },
});
2) Use opaque IDs instead of raw data
Put an ID in the URL, not the sensitive value itself.
3) Redact URLs in logs/telemetry
If URLs must include sensitive values (avoid it), ensure redaction happens before logging/analytics.
How SiteShadow detects it (high level)
- Flags credential-like keys/values in query string construction.
- Detects tokens/passwords being appended to URLs or used in redirect parameters.
References
- CWE-598: https://cwe.mitre.org/data/definitions/598.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.