Metadata with sensitive information
Need
Protection of sensitive information in metadata
Context
- Usage of Python 3.1 for writing and executing Python code
- Usage of Django for building web applications in Python
Description
Non compliant code
from django.http import JsonResponse
def metadata(request):
metadata = {
"server": "Django",
"version": "3.1.7",
"database": "PostgreSQL",
"db_password": "mypassword",
"api_key": "1234567890"
}
return JsonResponse(metadata)
In the above code, a Django view function metadata() is defined. This function returns a JSON response containing metadata about the system.
The metadata includes sensitive information such as the type of server being used (Django), the version of the server (3.1.7), the type of database being used (PostgreSQL), the database password, and an API key.
This information is sensitive and should not be exposed publicly. If an attacker gains access to this metadata, they could potentially exploit the system in various ways. For example, knowing the server type and version could allow them to take advantage of known vulnerabilities in that server. Having the database password and API key could allow them to gain unauthorized access to the system's data.
This is a severe security vulnerability and needs to be addressed.
Steps
- Remove sensitive information such as 'db_password' and 'api_key' from the metadata dictionary.
- If necessary, store sensitive information in environment variables or a secure configuration file that is not exposed to the public.
- Ensure that the metadata endpoint is properly authenticated and authorized to prevent unauthorized access.
- Consider using a secure method to transmit sensitive information, such as HTTPS.
Compliant code
from django.http import JsonResponse
import os
def metadata(request):
metadata = {
"server": "Django",
"version": "3.1.7",
"database": "PostgreSQL",
}
return JsonResponse(metadata)
The original code was exposing sensitive information such as the database password and API key through a public metadata endpoint. This is a serious security vulnerability as it can allow an attacker to gain unauthorized access to the system.
The fixed code removes these sensitive details from the metadata dictionary. Instead of hardcoding this information into the code, it is recommended to store such sensitive information in environment variables or a secure configuration file that is not exposed to the public. This way, even if an attacker gains access to the code, they will not be able to retrieve these sensitive details.
In addition, it is important to ensure that the metadata endpoint is properly authenticated and authorized to prevent unauthorized access. This means that only authenticated users with the necessary permissions should be able to access this endpoint.
Finally, consider using a secure method to transmit sensitive information, such as HTTPS. This ensures that the data is encrypted during transmission, further protecting it from potential attackers.