# Error Message Information Disclosure

- ID: python-error-message-exposure
- Severity: MEDIUM
- CWE: Error Message Information Leak (CWE-209)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects error messages that expose sensitive implementation details like
stack traces, database errors, file paths, or internal system information.
This information can help attackers understand the system architecture.

## Remediation

Log full exception details internally but return generic error messages to users.

```python
import logging
from flask import jsonify

logger = logging.getLogger(__name__)

@app.route('/api/data')
def get_data():
    try:
        return jsonify(process_data())
    except Exception as e:
        logger.error(f"Processing failed: {e}", exc_info=True)
        return jsonify({'error': 'Internal server error'}), 500
```

Learn more: https://shoulder.dev/learn/python/cwe-209/error-message-exposure

## Documentation

[object Object]

## Related Rules

- **Database Error Information Exposure in HTTP Response** [MEDIUM]: 
- **Information Exposure Through Error Messages** [MEDIUM]: 
- **Internal Path and IP Address Disclosure** [MEDIUM]: 
- **tRPC Error Information Disclosure** [MEDIUM]: