Information Disclosure Detection

Detection Workflow

1. Identify sensitive data flows: Find where sensitive data is handled, trace data through application, identify all output points
2. Check logging practices: Analyze log statements, check error messages, review debug output
3. Assess exposure points: Identify all user-facing output, check external API responses, review file system artifacts
4. Evaluate impact: What information is disclosed? How sensitive is it? Who can access it?

Key Patterns

• Sensitive data in logs: passwords, keys, stack traces in production logs
• Error message disclosure: detailed errors revealing system info, paths, database queries
• Memory disclosure: uninitialized memory reads, out-of-bounds reads, format string leaks
• Storage disclosure: plaintext storage, weak encryption, insecure file permissions

Output Format

Report with: id, type, subtype, severity, confidence, location, sensitive data type, disclosure point, vulnerability description, exposure scope, risk, mitigation.