Business information leak - Customers or providers
Need
Protection of sensitive business information from unauthorized access or leakage
Context
- Usage of Python 3 for developing applications and scripts
- Usage of Django for building web applications in Python
Description
Non compliant code
from django.http import HttpResponse
from .models import Customer, Provider
def get_customers(request):
customers = Customer.objects.all()
return HttpResponse(customers)
def get_providers(request):
providers = Provider.objects.all()
return HttpResponse(providers)
The above Python code is a simple representation of a potential vulnerability in a Django application where customer and provider information can be leaked.
The get_customers and get_providers functions are retrieving all records from the Customer and Provider models respectively, and then returning these records directly as an HTTP response.
This means that anyone making a HTTP request to the corresponding URL will receive a full list of all customers or providers, including potentially sensitive information such as their email addresses, phone numbers, and identifiers.
No checks are made to ensure that the user making the request is authorized to view this information, meaning it could be accessed by anyone, including potential attackers.
This is a classic example of an Information Disclosure vulnerability, where sensitive information is not properly protected and can be accessed by unauthorized users.
Steps
- Implement authentication and authorization to ensure only authorized users can access the data.
- Limit the data that is returned by the API. Only return necessary data and avoid exposing sensitive information.
- Use Django's built-in serialization to convert complex data types, such as querysets, into JSON.
- Implement rate limiting to prevent data scraping.
- Use HTTPS to ensure data in transit is encrypted.
- Log and monitor access to sensitive data to detect any suspicious activity.
Compliant code
from django.http import JsonResponse
from django.contrib.auth.decorators import login_required
from .models import Customer, Provider
from rest_framework.decorators import api_view, throttle_classes
from rest_framework.throttling import AnonRateThrottle
@login_required
@api_view(['GET'])
@throttle_classes([AnonRateThrottle])
def get_customers(request):
customers = Customer.objects.all().values('id', 'name') # Only return necessary data
return JsonResponse(list(customers), safe=False)
@login_required
@api_view(['GET'])
@throttle_classes([AnonRateThrottle])
def get_providers(request):
providers = Provider.objects.all().values('id', 'name') # Only return necessary data
return JsonResponse(list(providers), safe=False)
The updated code includes several security measures to prevent the leakage of sensitive business information:
-
Authentication and Authorization: The
@login_requireddecorator is used to ensure that only authenticated users can access the customer and provider data. -
Data Limitation: The
.values('id', 'name')method is used to limit the data that is returned by the API. This ensures that only the necessary data (in this case, the 'id' and 'name' fields) is returned, and sensitive information such as emails and phone numbers are not exposed. -
Serialization: Django's built-in
JsonResponseis used to convert the queryset into JSON format. This is a more secure way of returning complex data types. -
Rate Limiting: The
@throttle_classes([AnonRateThrottle])decorator is used to implement rate limiting. This prevents data scraping by limiting the number of requests that can be made by anonymous users. -
HTTPS: Although not shown in the code, it is recommended to use HTTPS in your Django settings to ensure that data in transit is encrypted.
-
Logging and Monitoring: Although not shown in the code, it is recommended to implement logging and monitoring of access to sensitive data to detect any suspicious activity. Django provides several tools for this, such as Django's built-in logging or third-party applications like Sentry.