Skip to content

Field Suggestion

Description

Field Suggestion allows users to infer the entire schema. Example of errors: Error: Field "XYZ" is missing.

Remediation

Avoid providing verbose error messages to users in production.

REST Specific

Asp_net Avoid returning verbose error messages.
Ruby_on_rails Avoid returning verbose error messages.
Next_js Avoid returning verbose error messages.
Laravel Avoid returning verbose error messages.
Express_js Avoid returning verbose error messages.
Django Avoid returning verbose error messages.
Symfony Avoid returning verbose error messages.
Spring_boot Avoid returning verbose error messages.
Flask Avoid returning verbose error messages.
Nuxt Avoid returning verbose error messages.
Fastapi Avoid returning verbose error messages.

Configuration

Identifier: information_disclosure/rest_field_suggestion

Examples

Ignore this check

checks:
  information_disclosure/rest_field_suggestion:
    skip: true

Score

  • Escape Severity:

Compliance

Classification

  • CWE: 200

Score

References