Never Leak Internals or Stack Traces in Error Responses

Never Leak Internals or Stack Traces in Error Responses | BeforeMerge Rules | BeforeMerge

Why this matters

Verbose errors expose implementation details, dependencies, and data structures that enable reconnaissance and injection attacks. Clients only need a safe summary.

Bad

{ "error": "PG::Error: relation users... at /app/db.rb:88" }

Good

{ "status": 500, "code": "internal_error",
  "detail": "An unexpected error occurred" }

Why This Matters

Related Rules

Catch this automatically on every PR

Why this matters