Business information leak - Financial Information
Need
To prevent exposure of sensitive business information.
Context
- Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
- Usage of Phoenix Framework for building web applications
- Usage of Ecto for data persistence
Description
Non compliant code
defmodule MyAppWeb.UserController do
use MyAppWeb, :controller
def show(conn, %{"id" => id}) do
user = Repo.get!(User, id)
render(conn, "show.html", user: user)
end
end
This code is vulnerable because it retrieves a user from the database and exposes all of its associated information in the response, including potentially sensitive financial information. An attacker could exploit this by making requests to this endpoint and collecting the exposed data.
Steps
- Ensure that sensitive information is not included in API responses or rendered views.
- Review your data models and remove or obfuscate sensitive fields as necessary.
- Implement proper access controls to prevent unauthorized access to sensitive data.
Compliant code
defmodule MyAppWeb.UserController do
use MyAppWeb, :controller
def show(conn, %{"id" => id}) do
user = Repo.get!(User, id)
safe_user = Map.take(user, [:id, :name, :email])
render(conn, "show.html", user: safe_user)
end
end
In this secure code example, the Map.take/2 function is used to only include the id, name, and email fields in the response. Any potentially sensitive financial information associated with the user is not included.