# Internal Path and IP Address Disclosure

- ID: python-internal-path-disclosure
- Severity: MEDIUM
- CWE: Error Message Information Leak (CWE-209)
- Languages: Python

## Description

Detects responses that include internal file paths, IP addresses, or system
information. This information helps attackers understand the system architecture,
file structure, and internal network topology.

## Remediation

Return generic error messages; log internal details without exposing them in responses.

```python
import logging
from flask import jsonify

logger = logging.getLogger(__name__)

@app.route('/info')
def get_info():
    logger.info(f"Request to {__file__}")  # Log internally
    return jsonify({'status': 'ok', 'version': '1.0'})  # Generic response
```

Learn more: https://shoulder.dev/learn/python/cwe-209/internal-path-disclosure

## Documentation

[object Object]

## Related Rules

- **Database Error Information Exposure in HTTP Response** [MEDIUM]: 
- **Information Exposure Through Error Messages** [MEDIUM]: 
- **Error Message Information Disclosure** [MEDIUM]: 
- **tRPC Error Information Disclosure** [MEDIUM]: