Business Information Leak - DB
Need
Prevent exposure of sensitive business information from the database
Context
- Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
- Usage of Ecto (3.6.2 and above) for database query and manipulation
- Usage of Postgrex for connecting to PostgreSQL databases (version 0.15.9 and above)
Description
Non compliant code
defmodule MyApp.UserController do
use MyApp.Web, :controller
def show(conn, %{"id" => id}) do
user = Repo.get(User, id)
render(conn, "show.json", user: user)
end
end
This insecure code is exposing all details of a user, including sensitive information such as transactions, wallet IDs, operating system names, transaction codes, endpoints, credit cards, and available balance. An attacker who can access this endpoint could retrieve all this sensitive business information.
Steps
- Restrict the fields that are returned by the API. Only provide necessary information.
- Always use server-side checks to ensure that only authorized users can access the data.
Compliant code
defmodule MyApp.UserController do
use MyApp.Web, :controller
def show(conn, %{"id" => id}) do
if authorized?(conn) do
user = Repo.get(User, id) |> Repo.preload([:minimal_required_fields])
render(conn, "show.json", user: user)
else
send_resp(conn, :unauthorized, "")
end
end
defp authorized?(conn) do
# Add authorization checks here
end
end
The secure code only provides necessary user details and only if the user is authorized. It ensures that only the right users can see the user details and sensitive business information is protected.