Sensitive Information Stored in Logs
Need
Prevent unauthorized access to sensitive data
Context
- Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications
- Usage of Plug library for request handling
Description
Non compliant code
def handle_request(request) do
{:ok, body, conn} = read_body(request.conn)
IO.inspect(body)
case Router.dispatch(request) do
{:ok, response} -> send_resp(conn, 200, response)
_ -> send_resp(conn, 404, 'Not found')
end
end
This function handles all incoming requests. It first reads the body of the request and then logs it using IO.inspect. This is problematic because the body of the request can contain sensitive user information like usernames, passwords, and other personal data. Logging this data in plain text can expose it to unauthorized users who might have access to the log files.
Steps
- Stop logging the entire request body.
- If necessary, only log non-sensitive parts of the request.
Compliant code
def handle_request(request) do
{:ok, body, conn} = read_body(request.conn)
IO.inspect(Map.delete(body, 'password'))
case Router.dispatch(request) do
{:ok, response} -> send_resp(conn, 200, response)
_ -> send_resp(conn, 404, 'Not found')
end
end
In the secure version of the function, we only log non-sensitive parts of the request. In this case, we remove the password from the body before logging it.