Insecure object reference - User deletion
Need
Protecting user data and ensuring application integrity
Context
- Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
- Usage of Plug and Cowboy for HTTP request and response handling
- Usage of Ecto for data persistence
Description
Non compliant code
def delete_user(conn, %{'id' => id}) do
Repo.delete!(User |> Repo.get!(id))
send_resp(conn, 204, "")
end
In this vulnerable code snippet, the application is deleting a user based on the provided id without checking if the authenticated user has the necessary permissions to perform the operation.
Steps
- Check the role of the current user before performing any destructive operations.
- Only allow users with the necessary permissions to delete other users.
- If a user without the necessary permissions tries to delete a user, return a 403 Forbidden status code.
Compliant code
def delete_user(conn, %{'id' => id}) do
case conn.assigns.current_user.role do
:admin ->
Repo.delete!(User |> Repo.get!(id))
send_resp(conn, 204, "")
_ ->
send_resp(conn, 403, "Forbidden")
end
end
In this secure version, before deleting a user, the application checks if the current user has the 'admin' role. If the user doesn't have the necessary permissions, the application returns a 403 Forbidden status code.