Sensitive information in source code
Need
Protection of sensitive information in source code
Context
- Usage of Java for building cross-platform applications
- Usage of javax.servlet for building Java web applications with Servlet technology
- Usage of javax.servlet.http for handling HTTP requests and responses in Java web applications
Description
Non compliant code
import javax.servlet.*;
import javax.servlet.http.*;
public class SensitiveInfoServlet extends HttpServlet {
private String username = "admin";
private String password = "123";
private String email = "[email protected]";
private String ipAddress = "192.168.1.1";
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html><body>");
out.println("<h1>" + "Username: " + username + "</h1>");
out.println("<h1>" + "Password: " + password + "</h1>");
out.println("<h1>" + "Email: " + email + "</h1>");
out.println("<h1>" + "IP Address: " + ipAddress + "</h1>");
out.println("</body></html>");
}
}
The above code represents a Servlet that is part of a backend Java application using the javax.servlet package. This Servlet, SensitiveInfoServlet, contains sensitive information such as a username, password, email, and IP address. These values are hard-coded and stored as plain text within the class.
The doGet() method is used to handle GET requests from the client. When this method is invoked, it sets the content type of the response to "text/html" and prints an HTML document to the response. This document contains the sensitive information, which is displayed in the browser.
This code is vulnerable because it exposes sensitive information in the source code. This is a bad practice as it can potentially allow unauthorized access if the source code is exposed or leaked. The sensitive data should be stored securely, not in plain text, and should not be displayed or sent to the client.
Furthermore, the use of hard-coded credentials is a bad practice. It makes the software less flexible and more difficult to manage, especially in larger systems. It also poses a security risk if the credentials need to be changed or if they are compromised.
Lastly, the IP address is a sensitive piece of information that could potentially give away the location of the server or user, and thus should not be stored in plain text or exposed in any way.
Steps
- Remove sensitive information from the source code
- Store sensitive information in a secure location such as environment variables or a configuration file
- Encrypt sensitive information before storing it
- Implement proper access controls to restrict access to sensitive information
- Implement secure coding practices to prevent sensitive information from being accidentally committed to the source code repository
Compliant code
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
import java.io.PrintWriter;
public class SensitiveInfoServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html><body>");
out.println("<h1>" + "Username: " + System.getenv("USERNAME") + "</h1>");
out.println("<h1>" + "Password: " + System.getenv("PASSWORD") + "</h1>");
out.println("<h1>" + "Email: " + System.getenv("EMAIL") + "</h1>");
out.println("<h1>" + "IP Address: " + System.getenv("IP_ADDRESS") + "</h1>");
out.println("</body></html>");
}
}
The updated code no longer stores sensitive information directly in the source code. Instead, it retrieves these values from environment variables. This is a much safer practice as it ensures that sensitive information is not exposed in the source code repository.
The System.getenv() method is used to retrieve the value of an environment variable. The names of the environment variables ("USERNAME", "PASSWORD", "EMAIL", "IP_ADDRESS") are passed as arguments to this method.
It's important to note that the actual values of these environment variables should be set in the secure environment where the application is running. This could be a local development environment, a production server, or a continuous integration/continuous deployment (CI/CD) pipeline.
Also, it's recommended to encrypt sensitive information before storing it and implement proper access controls to restrict access to sensitive information. This is not shown in the code above, but it's a crucial part of secure coding practices.
Lastly, remember to never commit sensitive information to the source code repository, even by accident. Tools like git-secrets can help prevent this.