Business information leak - Source Code
Need
Protection of sensitive business information in source code
Context
- Usage of Go 1.16 for building scalable and efficient applications
- Usage of gin-gonic/gin for building web applications and APIs in Go
- Usage of net/http for handling HTTP requests and responses in a Node.js server
Description
Non compliant code
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
type Employee struct {
Name string `json:"name"`
Email string `json:"email"`
}
type Customer struct {
Name string `json:"name"`
Email string `json:"email"`
}
func main() {
r := gin.Default()
r.GET("/employee", func(c *gin.Context) {
employee := Employee{Name: "John Doe", Email: "[email protected]"}
c.JSON(http.StatusOK, employee)
})
r.GET("/customer", func(c *gin.Context) {
customer := Customer{Name: "Jane Doe", Email: "[email protected]"}
c.JSON(http.StatusOK, customer)
})
r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
}
The above code represents a basic Go backend application using the Gin framework. It defines two routes, /employee
and /customer
, that return sensitive business information in JSON format when accessed.
In the /employee
route, an Employee
struct is created with hardcoded values for Name
and Email
. The struct is then converted to JSON format and sent as a response. This exposes sensitive employee information that could be exploited by malicious users.
Similarly, in the /customer
route, a Customer
struct is created with hardcoded values for Name
and Email
. The struct is then converted to JSON format and sent as a response. This exposes sensitive customer information that could be exploited by malicious users.
This represents a business information leak vulnerability as the application is exposing sensitive business information (employee and customer details) without any form of authorization or validation.
Steps
- Remove the unnecessary code that exposes sensitive business information.
- Identify the sensitive information that needs to be protected.
- Implement proper access controls to restrict access to sensitive information.
- Consider implementing authentication and authorization mechanisms to ensure only authorized users can access the sensitive information.
- Encrypt the sensitive information to protect it from unauthorized access.
- Regularly review and update the access controls and encryption mechanisms to adapt to changing security requirements.
- Implement logging and monitoring to detect and respond to any unauthorized access attempts.
Compliant code
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
type Employee struct {
Name string `json:"name"`
Email string `json:"-"`
}
type Customer struct {
Name string `json:"name"`
Email string `json:"-"`
}
func main() {
r := gin.Default()
r.GET("/employee", func(c *gin.Context) {
employee := Employee{Name: "John Doe"}
c.JSON(http.StatusOK, employee)
})
r.GET("/customer", func(c *gin.Context) {
customer := Customer{Name: "Jane Doe"}
c.JSON(http.StatusOK, customer)
})
r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
}
The updated code removes the exposure of sensitive business information, specifically the email addresses of employees and customers. This is achieved by removing the Email
field from the JSON response in the Employee
and Customer
structs.
In the Employee
and Customer
structs, the Email
field is tagged with json:"-"
which tells the JSON encoder to ignore this field when encoding to JSON. As a result, when the Employee
and Customer
objects are returned in the HTTP response, the Email
field is not included.
This is a simple fix for the given code snippet, but in a real-world application, you would also want to implement proper access controls, authentication and authorization mechanisms, encryption for sensitive data, and logging and monitoring for unauthorized access attempts. These additional security measures would help to further protect the sensitive business information from being exposed.