Verbose Error Messages Anti-Pattern

Severity: Medium

Summary

Applications expose internal information (stack traces, database errors, file paths, configuration details) in error messages, enabling attackers to understand architecture, identify vulnerabilities, and craft targeted attacks. Suppress detailed errors in production.

The Anti-Pattern

The anti-pattern is presenting raw exception messages or system errors directly to end-users.

BAD Code Example

# VULNERABLE: The application exposes raw database errors and stack traces to the user.
from flask import Flask, request, jsonify
import sqlite3