Skip to content

Information Disclosure: Sensitive Comments¶

Identifier: sensitive_comments

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Sensitive comments in source code may unintentionally reveal details about application internals, security weaknesses, or design flaws that attackers could exploit.

How we test: We analyze source code and HTML comments in responses to detect sensitive information such as credentials, API keys, internal architecture details, or debugging information that should not be exposed. We check for comments containing passwords, secrets, or other sensitive data that could aid attackers.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  sensitive_comments:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.