Sensitive information stored in logs
Need
Protection of sensitive information in log files
Context
- Usage of Dart for building cross-platform mobile, web, and desktop applications
- Usage of Shelf for managing data storage and retrieval
Description
Non compliant code
import 'package:shelf/shelf.dart' as shelf;
void main() {
var handler = const shelf.Pipeline().addMiddleware(shelf.logRequests()).addHandler(_echoRequest);
io.serve(handler, 'localhost', 8080).then((server) {
print('Serving at http://${server.address.host}:${server.port}');
});
}
shelf.Response _echoRequest(shelf.Request request) {
var sensitiveInfo = {
'username': 'user123',
'password': 'pass123',
'bankAccount': '1234567890',
'filePath': '/home/user/secret_file.txt'
};
print('Sensitive Information: $sensitiveInfo');
return shelf.Response.ok('Request for "${request.url}"');
}
The above Dart code is an example of a backend application using the Shelf framework. This application has a middleware that logs all requests and a handler that echoes these requests.
The vulnerability lies in the _echoRequest function. This function is storing sensitive information such as username, password, bank account number, and file path in a map. This sensitive information is then printed out to the console using the print function.
The problem here is that all this sensitive information is being stored in the logs. Anyone who has access to these logs can retrieve this sensitive information. This is a major security vulnerability as it exposes sensitive user data.
Steps
- Remove the print statement that logs sensitive information. Never log sensitive data such as usernames, passwords, bank account numbers, or file paths.
- If you need to log for debugging purposes, make sure to sanitize or anonymize the sensitive data before logging it. You can replace the actual data with placeholders or use a hashing function to obscure the data.
- Consider using a logging library or service that provides built-in features for handling sensitive data. These tools can automatically redact sensitive information or allow you to configure what gets logged.
- Implement a proper error handling mechanism. Instead of logging the entire error object which might contain sensitive data, log only the necessary information.
- Regularly review and audit your logs to ensure that no sensitive data is being stored. This should be part of your security best practices.
Compliant code
import 'package:shelf/shelf.dart' as shelf;
void main() {
var handler = const shelf.Pipeline().addMiddleware(shelf.logRequests()).addHandler(_echoRequest);
io.serve(handler, 'localhost', 8080).then((server) {
print('Serving at http://${server.address.host}:${server.port}');
});
}
shelf.Response _echoRequest(shelf.Request request) {
var sensitiveInfo = {
'username': 'user123',
'password': 'pass123',
'bankAccount': '1234567890',
'filePath': '/home/user/secret_file.txt'
};
// Removed the print statement that logs sensitive information
// print('Sensitive Information: $sensitiveInfo');
return shelf.Response.ok('Request for "${request.url}"');
}
The original code had a vulnerability where it was logging sensitive information. This is a security risk as it exposes sensitive user data which can be exploited by malicious actors.
The fixed code removes the print statement that was logging the sensitive information. This prevents the sensitive data from being exposed in the logs.
However, it's important to note that simply removing the print statement is not enough to fully secure your application. Here are some additional steps you should take:
-
If you need to log for debugging purposes, make sure to sanitize or anonymize the sensitive data before logging it. You can replace the actual data with placeholders or use a hashing function to obscure the data.
-
Consider using a logging library or service that provides built-in features for handling sensitive data. These tools can automatically redact sensitive information or allow you to configure what gets logged.
-
Implement a proper error handling mechanism. Instead of logging the entire error object which might contain sensitive data, log only the necessary information.
-
Regularly review and audit your logs to ensure that no sensitive data is being stored. This should be part of your security best practices.