# Information Disclosure

- ID: python-information-disclosure
- Severity: MEDIUM
- CWE: Information Exposure (CWE-200)
- Languages: Python
- Frameworks: flask, django

## Description

Detects information disclosure vulnerabilities: debug mode enabled, exposing
stack traces, returning detailed error messages, or leaking sensitive data.

## Remediation

Load debug mode from environment and return generic error messages.

```python
import os

DEBUG = os.environ.get('FLASK_ENV') == 'development'

@app.route('/api/data')
def handler():
    try:
        return risky_operation()
    except Exception as e:
        app.logger.error(f"Error: {e}")
        return jsonify({'error': 'Internal error'}), 500
```

Learn more: https://shoulder.dev/learn/python/cwe-200/information-disclosure

## Documentation

[object Object]

## Related Rules

- **Environment Variable Secret Exposure** [HIGH]: 
- **LLM Model Theft** [HIGH]: 
- **LLM Sensitive Information Disclosure** [HIGH]: 
- **Sensitive Field Exposure in API Response** [CRITICAL]: 
- **Environment Variable Secret Exposure** [HIGH]: