Skip to main content

Business information leak - Customers or providers

Need

Protection of sensitive business information from unauthorized access or leakage

Context

  • Usage of Java for building robust and scalable applications
  • Usage of javax.servlet for building Java web applications
  • Usage of java.io for input and output operations in Java

Description

Non compliant code

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;

public class CustomerDataServlet extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        
        // Fetching customer data from the database
        List<Customer> customers = getCustomersFromDB();

        out.println("<h1>Customer Data</h1>");
        out.println("<table>");
        out.println("<tr><th>Name</th><th>Email</th><th>Phone</th></tr>");

        for (Customer customer : customers) {
            out.println("<tr><td>" + customer.getName() + "</td><td>" + customer.getEmail() + "</td><td>" + customer.getPhone() + "</td></tr>");
        }

        out.println("</table>");
    }

    private List<Customer> getCustomersFromDB() {
        // This method returns a list of customers from the database
        // This is just a placeholder method in this example
        return new ArrayList<>();
    }
}

This servlet is vulnerable to an information leakage. When a GET request is made to this servlet, it fetches the customer data from the database and displays it in a table format on the webpage. This includes sensitive information such as the customer's name, email, and phone number.

The problem here is that there are no access controls or checks in place to verify whether the user making the request has the necessary permissions to view this data. As a result, any user, authenticated or not, can make a request to this servlet and view the customer data.

Furthermore, the data is being output directly to the webpage without any form of sanitization or encoding. This could potentially lead to other security vulnerabilities such as Cross-Site Scripting (XSS) if the customer data includes malicious input.

In conclusion, this servlet is vulnerable to an information leakage due to the lack of access controls and the direct output of sensitive data to the webpage.

Steps

  • Implement access control mechanisms to restrict unauthorized access to sensitive information.
  • Ensure that sensitive information is encrypted when stored in the database.
  • Implement proper input validation and sanitization to prevent SQL injection attacks.
  • Use parameterized queries or prepared statements to securely retrieve data from the database.
  • Implement secure authentication and authorization mechanisms to ensure that only authenticated and authorized users can access the customer data.
  • Implement secure communication protocols (e.g., HTTPS) to protect the transmission of sensitive information.
  • Regularly update and patch the application and its dependencies to address any known vulnerabilities.
  • Conduct regular security audits and penetration testing to identify and fix any potential vulnerabilities.
  • Follow secure coding practices and guidelines to minimize the risk of introducing vulnerabilities.

Compliant code

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;

public class CustomerDataServlet extends HttpServlet {

    private static final String SECRET_KEY = "mySuperSecretKey"; // This should be stored securely

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession(false);
        if (session == null || session.getAttribute("user") == null) {
            response.sendRedirect("login.jsp"); // Not logged in, redirect to login page.
            return;
        }

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        // Fetching customer data from the database
        List<Customer> customers = getCustomersFromDB();

        out.println("<h1>Customer Data</h1>");
        out.println("<table>");
        out.println("<tr><th>Name</th><th>Email</th><th>Phone</th></tr>");

        for (Customer customer : customers) {
            out.println("<tr><td>" + customer.getName() + "</td><td>" + decrypt(customer.getEmail()) + "</td><td>" + decrypt(customer.getPhone()) + "</td></tr>");
        }

        out.println("</table>");
    }

    private List<Customer> getCustomersFromDB() {
        List<Customer> customers = new ArrayList<>();
        try {
            Connection conn = Database.getConnection();
            PreparedStatement ps = conn.prepareStatement("SELECT * FROM Customers");
            ResultSet rs = ps.executeQuery();
            while (rs.next()) {
                Customer customer = new Customer();
                customer.setName(rs.getString("name"));
                customer.setEmail(rs.getString("email"));
                customer.setPhone(rs.getString("phone"));
                customers.add(customer);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return customers;
    }

    private String decrypt(String encryptedData) {
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            final SecretKeySpec secretKey = new SecretKeySpec(SECRET_KEY.getBytes(), "AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            return new String(cipher.doFinal(Base64.getDecoder().decode(encryptedData)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}

The updated code includes several security measures to prevent unauthorized access to sensitive customer data:

  1. Access Control: The code checks if the user is logged in by checking the session. If the user is not logged in, they are redirected to the login page.

  2. Data Encryption: Sensitive data such as email and phone numbers are encrypted when stored in the database. The decrypt method is used to decrypt this data when it is retrieved from the database. The encryption and decryption process uses the AES algorithm.

  3. Secure Database Access: The code uses a PreparedStatement to securely retrieve data from the database. This helps to prevent SQL injection attacks.

  4. Secure Authentication: The code assumes that a secure authentication mechanism is in place, as it checks if the user is logged in before allowing access to the customer data.

  5. Secure Communication: Although not shown in the code, it is recommended to use secure communication protocols such as HTTPS to protect the transmission of sensitive information.

  6. Regular Updates and Security Audits: Although not shown in the code, it is recommended to regularly update and patch the application and its dependencies to address any known vulnerabilities. Regular security audits and penetration testing should also be conducted to identify and fix any potential vulnerabilities.

  7. Secure Coding Practices: The code follows secure coding practices and guidelines to minimize the risk of introducing vulnerabilities.

References

Last updated on