SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP07 Error Handling and Logging

What this means

SiteShadow flagged error handling and logging patterns that expose too much information or leak sensitive data (stack traces to users, secrets in logs, overly detailed auth errors).

Why it matters

Verbose errors and sensitive logs aid attackers.

Safer examples

1) Return generic errors to clients, log details server-side

Expose minimal details to users; keep diagnostics in protected logs.

2) Redact sensitive fields before logging

def redact(s: str) -> str:
    return (s[:4] + "…") if s else ""

3) Avoid "user not found" vs "wrong password"

Use uniform auth error messages and rate limits (see A07 / CWE-799).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.