Technical information leak - Logs
Need
Protection of sensitive technical information from unauthorized access
Context
- Usage of PHP 7.0 for server-side scripting and web development
- Usage of Illuminate\Http\Request for handling HTTP requests in Laravel
- Usage of Illuminate\Support\Facades\View for rendering views in Laravel
- Usage of App\Http\Controllers\Controller for handling logic and actions in an application
Description
Non compliant code
<?php
namespace App\\Http\\Controllers;
use Illuminate\\Http\\Request;
class LogController extends Controller
{
public function showLog()
{
$log = file_get_contents(storage_path('logs/laravel.log'));
return view('log', ['log' => $log]);
}
}
In the above code, a LogController is defined with a method showLog() which reads the content of the Laravel log file and passes it to the log view.
The log view then simply displays the content of the log file within a <pre> HTML tag.
This is a security vulnerability as it allows any user who can access the showLog() route to view the system's log file. The log file may contain sensitive information about the system, such as error messages, debug information, or even user data.
This information can be used by an attacker to gain knowledge about the system and exploit other vulnerabilities. For example, error messages might reveal the structure of the database or the file system, which can be used for SQL injection or path traversal attacks.
Moreover, if the application is running in debug mode, the log file could contain even more sensitive information, like stack traces or environment variables. This can further help an attacker in understanding the system and finding other vulnerabilities.
Therefore, it is crucial to ensure that log files are not accessible by unauthorized users.
Steps
- Restrict access to the log file by implementing authentication and authorization checks in the 'showLog' method. Only allow access to users with the necessary permissions.
- Avoid displaying raw log data in the user interface. Instead, consider creating a separate, sanitized view for users.
- Consider using a log management system that can securely store and manage log files, providing controlled access and visibility.
- Encrypt sensitive data in the logs to prevent information leak even if someone gains access to the logs.
- Implement rate limiting to prevent any potential brute force attempts to access the log files.
Compliant code
<?php
namespace App\\Http\\Controllers;
use Illuminate\\Http\\Request;
use Illuminate\\Support\\Facades\\Auth;
class LogController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function showLog()
{
if(Auth::user()->hasRole('admin')) {
$log = file_get_contents(storage_path('logs/laravel.log'));
// Encrypt the log data before sending it to the view
$encryptedLog = encrypt($log);
return view('log', ['log' => $encryptedLog]);
} else {
abort(403, 'Unauthorized action.');
}
}
}
The updated code now includes several security measures to prevent unauthorized access to the system logs.
-
Authentication: The constructor method of the
LogControllernow includes a middleware that checks if a user is authenticated before allowing access to any methods within the controller. This is done using Laravel's built-inauthmiddleware. -
Authorization: Within the
showLogmethod, there is a check to see if the authenticated user has the 'admin' role. If they do not, the method will abort and return a 403 Unauthorized error. This is done using Laravel's built-inhasRolemethod. -
Encryption: The log data is now encrypted before it is sent to the view. This is done using Laravel's built-in
encryptfunction. This means that even if an unauthorized user somehow gained access to the log data, they would not be able to understand it without the decryption key.
These changes ensure that only authenticated users with the correct permissions can access the system logs, and that the log data is encrypted to prevent information leaks.