# Use of GET Request Method With Sensitive Query Strings (CWE-598)

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

- Prevalence: High Frequently exploited
- Impact: High 1 high-severity rules
- Prevention: Documented 1 fix examples

**OWASP:** Identification and Authentication Failures (A07:2021-Identification and Authentication Failures) - #7

## Description

Query strings in URLs are logged by web servers, stored in browser history, and may be visible in the Referer header. Using GET requests with sensitive data exposes this data to unintended parties.

## Prevention

### Key Practices

- Use HTTP headers (Authorization) or request body instead

### Python

Pass tokens in the Authorization header instead of URL query parameters

## Warning Signs

- [HIGH] sensitive tokens, API keys, or credentials being passed as URL query
parameters

## Consequences

- Read Application Data
- Gain Privileges

## Mitigations

- Use POST requests for sensitive data
- Never include credentials, tokens, or PII in URLs
- Implement proper session management

## Detection

- Total rules: 1
- Languages: python

## Rules by Language

### Python (1 rules)

- **Sensitive Tokens in URL Parameters** [HIGH]: Detects sensitive tokens, API keys, or credentials being passed as URL query
parameters. URLs are logged by browsers, proxies, and servers, exposing
secrets. Use HTTP headers (Authorization) or request body instead.
  - Remediation: Pass tokens in the Authorization header instead of URL query parameters.

```python
from flask import request, jsonify

@app.route('/api/data')
def get_data():
    auth_header = request.headers.get('Authorization')
    if not auth_header or not auth_header.startswith('Bearer '):
        return jsonify({'error': 'Missing token'}), 401

    token = auth_header[7:]
    return jsonify(get_user_data(verify_token(token)))
```

Learn more: https://shoulder.dev/learn/python/cwe-598/tokens-in-urls