Skip to content

Field Suggestion

Description

Field Suggestion allows users to infer the entire schema. Example of errors: Error: Field "XYZ" is missing.

Remediation

Avoid providing verbose error messages to users in production.

REST Specific

Asp_net Avoid returning verbose error messages.
Ruby_on_rails Avoid returning verbose error messages.
Next_js Avoid returning verbose error messages.
Laravel Avoid returning verbose error messages.
Express_js Avoid returning verbose error messages.
Django Avoid returning verbose error messages.
Symfony Avoid returning verbose error messages.
Spring_boot Avoid returning verbose error messages.
Flask Avoid returning verbose error messages.
Nuxt Avoid returning verbose error messages.
Fastapi Avoid returning verbose error messages.
Frappe Ensure all required fields are included in the schema definition to prevent missing field errors in the Frappe framework.
Genzio Enable the Field Suggestion feature in the Genzio framework engine to automatically infer and suggest missing fields in the schema.
Gin Ensure all required fields are present in the request payload when using the Gin framework to avoid missing field errors.
Gorilla Ensure all required fields are present in the schema to prevent missing field errors.
Hapi Ensure all required fields are present in the request payload by using Joi validation in the Hapi framework.
Hono Ensure that all required fields are present in the schema to prevent missing field errors.
Jersey Ensure that all required fields are included in the request payload to prevent missing field errors in the Jersey framework.
Koa Ensure proper error handling middleware is implemented in the Koa framework to catch and manage errors effectively.
Ktor Ensure that all required fields are present in the request when using Ktor's engine to handle incoming data.
Leptos Ensure all required fields are present in the schema to prevent missing field errors in the Leptos framework.
Macaron Ensure all required fields are present in the schema definition to prevent missing field errors in the Macaron framework.
Phoenix Ensure all required fields are present in the schema definition to prevent missing field errors in the Phoenix Framework.
Redwoodjs Ensure all required fields are included in your RedwoodJS schema to prevent missing field errors.
Rocket Implement schema inference to automatically suggest missing fields in Rocket framework.
Sveltekit Ensure all required fields are included in your SvelteKit form data before submission to prevent missing field errors.

Configuration

Identifier: information_disclosure/rest_field_suggestion

Examples

Ignore this check

checks:
  information_disclosure/rest_field_suggestion:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API3:2023
  • OWASP LLM: LLM09:2023
  • pci: 5.2.6
  • gdpr: Article-5
  • soc2: CC2
  • psd2: Article-21
  • iso27001: A.14.1
  • nist: SP800-53
  • fedramp: SI-11

Classification

  • CWE: 200

Score

References