Insecure functionality - Masking
Need
Ensure confidentiality and integrity of sensitive user data
Context
- Usage of Elixir (v1.12+) for building scalable and fault-tolerant applications
- Usage of Plug and Cowboy for HTTP request and response handling
Description
Non compliant code
defmodule UserController do
def show(conn, %{'id' => id}) do
user = Repo.get(User, id)
conn
|> put_resp_content_type('application/json')
|> send_resp(200, Poison.encode!(user))
end
end
The code below is insecure because it directly uses user input to construct the response. Sensitive data like password is included in the response without being masked, which exposes the data to potential eavesdroppers or data breaches.
Steps
- Use pattern matching to exclude sensitive data from the user map before sending it in the response.
- Use a separate data model for response that doesn't include sensitive fields.
Compliant code
defmodule UserController do
def show(conn, %{'id' => id}) do
user = Repo.get(User, id) |> Map.drop([:password])
conn
|> put_resp_content_type('application/json')
|> send_resp(200, Poison.encode!(user))
end
end
The code below is secure because it masks the password field when sending the user data in the response. The Map.drop/2 function is used to remove the sensitive data from the map before it is sent in the response.