SQL Injection via Headers

Need

Ensure integrity and confidentiality of data and prevent unauthorized database operations

Context

Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
Usage of Plug.Conn for handling requests
Usage of Ecto for database operations

Description

Non compliant code

def handle_req(%Plug.Conn{headers: headers} = conn, _) do
  id_client = List.keyfind(headers, "idClient", 0) |> elem(1)
  MyApp.Repo.query("SELECT * FROM clients WHERE id = #{id_client}")
end

The code above is vulnerable as it uses the 'idClient' header value directly in a SQL query. This allows an attacker to inject arbitrary SQL code into the query through the 'idClient' header.

Steps

Use query binding instead of string interpolation to create SQL queries.
Ensure user input can't modify the intended SQL query structure.
Regularly update your dependencies to include patches for security vulnerabilities.

Compliant code

def handle_req(%Plug.Conn{headers: headers} = conn, _) do
  id_client = List.keyfind(headers, "idClient", 0) |> elem(1)
  MyApp.Repo.query("SELECT * FROM clients WHERE id = ?", [id_client])
end

The secure code uses query binding to create the SQL query, which ensures the input from 'idClient' header is properly escaped and treated as a value, not a part of the SQL command. This prevents SQL Injection attacks.

References

155.SQL Injection - Headers

Need​

Context​

Description​

Non compliant code​

Steps​

Compliant code​

References​