Business Information Leak
Need
Prevention of unauthorized access to sensitive business data.
Context
- Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
- Usage of Phoenix Framework for building web applications
Description
Non compliant code
def index(conn, _params) do
users = Repo.all(User)
render(conn, "index.json", users: users)
end
This Elixir code is a simple controller action in a Phoenix API that lists all the users in the database. The Repo.all(User) fetches all users' information from the database, including sensitive data such as usernames, employee information, client information, provider information, and strategic information. This is a business information leak vulnerability because it exposes sensitive business data without proper access control checks.
Steps
- Implement proper access control checks before retrieving data from the database.
- Restrict what information is sent to the client.
- Consider using view models to control what data is sent to the client.
Compliant code
def index(conn, _params) do
user = get_current_user(conn)
if user && user.role == 'admin'
users = Repo.all(User)
users = for user <- users, do: %{id: user.id, username: user.username}
render(conn, "index.json", users: users)
else
conn |> put_status(:forbidden) |> json(%{message: 'Forbidden'})
end
end
In this code, before we fetch any user data, we check if the currently authenticated user is an admin. If they are, we fetch the users but only return the id and username, removing any sensitive information. If the current user is not an admin, we return a 403 Forbidden response.