Stack Trace Disclosure (Python)
Description
The application exposes Python stack traces to users when errors occur. Stack traces are detailed diagnostic messages generated by the Python interpreter that reveal internal application structure, including file paths, code snippets, framework versions, and execution flow. While useful for debugging, exposing these traces in production environments creates an information disclosure vulnerability that attackers can exploit to understand the application's architecture and identify potential weaknesses.
Remediation
Implement proper exception handling and disable debug mode in production environments to prevent stack trace disclosure:
1. Disable Debug Mode:
For Django applications, ensure DEBUG is set to False in production settings:
DEBUG = False ALLOWED_HOSTS = ['yourdomain.com']
2. Configure Custom Error Pages:
Create user-friendly error pages that do not expose technical details. In Django, configure custom error handlers in urls.py:
handler500 = 'myapp.views.custom_error_view' handler404 = 'myapp.views.custom_404_view'
3. Implement Proper Exception Handling:
Wrap code in try-except blocks and log errors securely without displaying them to users:
import logging
logger = logging.getLogger(__name__)
try:
# Application code
process_data()
except Exception as e:
logger.error(f'Error processing data: {str(e)}', exc_info=True)
return render(request, 'error.html', {'message': 'An error occurred'})4. Configure Centralized Logging:
Use logging frameworks to capture detailed error information securely for debugging purposes, ensuring logs are stored in protected locations inaccessible to end users.