# Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. **Stack:** Go - Prevalence: 높음 자주 악용됨 - Impact: 치명적 4개의 치명적 심각도 규칙 - Prevention: 문서화됨 14개의 수정 예시 **OWASP:** Broken Access Control (A01:2021-Broken Access Control) - #1 ## Description There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. ## Prevention 4개의 Shoulder 탐지 규칙을 기반으로 한 Information Exposure 예방 전략. ### Go Use environment variables for configuration only; never log or return their values Store API keys in environment variables, never log them, and protect model endpoints with authentication Mask PII and redact credentials before sending data to LLM APIs, and use structured logging ## Warning Signs - [HIGH] Model theft vulnerability: ... - [HIGH] vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model - [HIGH] Potential sensitive information disclosure: ... - [HIGH] sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts ## Consequences - 애플리케이션 데이터 읽기 - 파일 또는 디렉터리 읽기 ## Mitigations - 신뢰 경계를 명확히 그을 수 있는 안전한 영역을 갖도록 시스템을 구획화하세요 - 오류 메시지에는 대상 사용자에게 필요한 최소한의 정보만 포함하도록 하세요 ## Detection - Total rules: 14 - Critical: 4 - Languages: go, javascript, typescript, python ## Rules by Language ### Go (4 rules) - **Environment Variable Secret Exposure** [HIGH]: Environment variables containing secrets flow to logs or HTTP responses. - Remediation: Use environment variables for configuration only, never log or return them. ```go apiKey := os.Getenv("API_KEY") if apiKey == "" { log.Fatal("API_KEY not configured") } // Use apiKey internally, never log or return it ``` Learn more: https://shoulder.dev/learn/go/cwe-200/env-vars-secret-exposure - **LLM Model Theft** [HIGH]: Detects vulnerabilities leading to model theft or API key exposure such as hardcoded keys or insecure model endpoints. - Remediation: Use environment variables for API keys and authenticate model endpoints. ```go client := openai.NewClient(os.Getenv("OPENAI_API_KEY")) ``` Learn more: https://shoulder.dev/learn/go/cwe-200/llm-model-theft - **LLM Sensitive Information Disclosure** [HIGH]: Detects sensitive information disclosure in AI/LLM implementations such as credentials or PII in prompts. - Remediation: Mask or redact PII and credentials before sending to LLM APIs. ```go safeMessage := maskPII(userInput) safeMessage = redactCredentials(safeMessage) ``` Learn more: https://shoulder.dev/learn/go/cwe-200/llm-sensitive-info-disclosure - **Sensitive Field Exposure in API Response** [CRITICAL]: Sensitive fields like password, token, or apiKey included in HTTP responses. - Remediation: Use response DTOs or json:"-" tag to exclude sensitive fields. ```go type User struct { ID string `json:"id"` Email string `json:"email"` Password string `json:"-"` // Never serialized } ``` Learn more: https://shoulder.dev/learn/go/cwe-200/sensitive-field-response-exposure