# Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. **Stack:** Python - Prevalence: 高 頻繁に悪用される - Impact: クリティカル 4 件の重大度クリティカルなルール - Prevention: 文書化済み 14 件の修正例 **OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1 ## Description There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. ## Prevention 5 件の Shoulder 検出ルールに基づく Information Exposure の予防策。 ### Python Return generic error messages to users; log detailed errors server-side only Store API keys in environment variables, never log them, and protect model endpoints with authentication Use Presidio or similar libraries to anonymize PII before sending data to LLM APIs ## Warning Signs - [HIGH] Model theft vulnerability: ... - [HIGH] vulnerabilities that could lead to model theft or API key exposure - [HIGH] Potential sensitive information disclosure: ... - [HIGH] potential sensitive information disclosure in AI/LLM implementations - [MEDIUM] information disclosure vulnerabilities: debug mode enabled, exposing stack traces, returning detaile - [LOW] server configuration that exposes version information, framework details, or other implementation de - [CRITICAL] when sensitive data fields (passwords, tokens, secrets) are exposed through API endpoint responses ## Consequences - アプリケーションデータの読み取り - ファイルまたはディレクトリの読み取り ## Mitigations - 信頼境界を明確に引ける安全な領域を持つようシステムを区画化する - エラーメッセージには、対象とする読み手にとって必要最小限の詳細のみを含める ## Detection - Total rules: 14 - Critical: 4 - Languages: go, javascript, typescript, python ## Rules by Language ### Python (5 rules) - **Information Disclosure** [MEDIUM]: Detects information disclosure vulnerabilities: debug mode enabled, exposing stack traces, returning detailed error messages, or leaking sensitive data. - Remediation: Load debug mode from environment and return generic error messages. ```python import os DEBUG = os.environ.get('FLASK_ENV') == 'development' @app.route('/api/data') def handler(): try: return risky_operation() except Exception as e: app.logger.error(f"Error: {e}") return jsonify({'error': 'Internal error'}), 500 ``` Learn more: https://shoulder.dev/learn/python/cwe-200/information-disclosure - **LLM Model Theft** [HIGH]: Detects vulnerabilities that could lead to model theft or API key exposure. OWASP LLM10 - Model Theft. Model theft can occur through: - API key exposure in source code or logs - Model weights exposed via insecure endpoints - Model extraction attacks via unrestricted API access - Insecure model serialization and storage - Remediation: Load API keys from environment variables instead of hardcoding. ```python import os from openai import OpenAI client = OpenAI(api_key=os.environ.get('OPENAI_API_KEY')) # Never log API keys logger.info('API request', extra={'model': 'gpt-4', 'tokens': 100}) ``` Learn more: https://shoulder.dev/learn/python/cwe-200/llm-model-theft - **LLM Sensitive Information Disclosure** [HIGH]: Detects potential sensitive information disclosure in AI/LLM implementations. OWASP LLM06 - Sensitive Information Disclosure. Sensitive information can be leaked through: - PII (Personal Identifiable Information) in prompts - Credentials or secrets in prompts or system messages - Sensitive business data sent to third-party LLM APIs - Logging LLM conversations containing sensitive data - Remediation: Use Presidio to anonymize PII before sending to LLM APIs. ```python from presidio_analyzer import AnalyzerEngine from presidio_anonymizer import AnonymizerEngine analyzer = AnalyzerEngine() anonymizer = AnonymizerEngine() def anonymize_text(text: str) -> str: results = analyzer.analyze(text=text, language='en') return anonymizer.anonymize(text=text, analyzer_results=results).text safe_message = anonymize_text(user_message) ``` Learn more: https://shoulder.dev/learn/python/cwe-200/llm-sensitive-info-disclosure - **Sensitive Field Exposure in API Response** [CRITICAL]: Detects when sensitive data fields (passwords, tokens, secrets) are exposed through API endpoint responses. This commonly happens when: 1. Returning user dictionaries with sensitive fields 2. Serializing ORM objects without excluding sensitive fields 3. Including sensitive fields in JSON responses Security Impact: - Password hash exposure enabling offline cracking attacks - API key/token leakage allowing account takeover - Session token exposure enabling session hijacking - PII disclosure viol - Remediation: Use explicit field selection or Pydantic/Marshmallow schemas to exclude sensitive fields. ```python from flask import jsonify @app.route('/api/users') def get_users(): users = User.query.all() return jsonify([{ 'id': u.id, 'email': u.email, 'name': u.name # password excluded } for u in users]) ``` Learn more: https://shoulder.dev/learn/python/cwe-200/sensitive-field-response-exposure - **Server Information Disclosure** [LOW]: Detects server configuration that exposes version information, framework details, or other implementation details through HTTP headers. This information helps attackers identify known vulnerabilities in specific versions. - Remediation: Remove the Server header and disable debug mode in production. ```python from flask import Flask import os app = Flask(__name__) @app.after_request def remove_server_header(response): response.headers.pop('Server', None) return response # Django: DEBUG = os.getenv('DEBUG', 'False').lower() == 'true' ``` Learn more: https://shoulder.dev/learn/python/cwe-200/server-information