Insecure object reference - User deletion

Need

Protecting user data and ensuring application integrity

Context

Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
Usage of Plug and Cowboy for HTTP request and response handling
Usage of Ecto for data persistence

Description

Non compliant code

def delete_user(conn, %{'id' => id}) do
  Repo.delete!(User |> Repo.get!(id))
  send_resp(conn, 204, "")
end

In this vulnerable code snippet, the application is deleting a user based on the provided id without checking if the authenticated user has the necessary permissions to perform the operation.

Steps

Check the role of the current user before performing any destructive operations.
Only allow users with the necessary permissions to delete other users.
If a user without the necessary permissions tries to delete a user, return a 403 Forbidden status code.

Compliant code

def delete_user(conn, %{'id' => id}) do
  case conn.assigns.current_user.role do
    :admin -> 
      Repo.delete!(User |> Repo.get!(id))
      send_resp(conn, 204, "")
    _ ->
      send_resp(conn, 403, "Forbidden")
  end
end

In this secure version, before deleting a user, the application checks if the current user has the 'admin' role. If the user doesn't have the necessary permissions, the application returns a 403 Forbidden status code.

References

369.Insecure object reference - User deletion

Need​

Context​

Description​

Non compliant code​

Steps​

Compliant code​

References​