Business information leak - Credit Cards
Need
Protection of customer credit card data and business information
Context
- Usage of Python 3.0+ for developing Python applications
- Usage of Django for building web applications
Description
Non compliant code
from django.http import JsonResponse
from django.views import View
from .models import CreditCard
class CreditCardView(View):
def get(self, request, *args, **kwargs):
credit_card_id = self.kwargs.get('creditcardId')
credit_card = CreditCard.objects.get(id=credit_card_id)
return JsonResponse({'credit_card': credit_card})
In the code above, we have a Django view that handles GET requests to fetch credit card data. The credit card ID is directly taken from the URL parameters via self.kwargs.get('creditcardId').
The critical vulnerability lies in the line:
return JsonResponse({'credit_card': credit_card})
Here, the entire credit card object is returned as a JSON response. This object contains sensitive customer data including the credit card number, CVV, and expiry date. This information should never be exposed and represents a significant security risk.
The vulnerability arises from a lack of proper data sanitization and filtering before sending the data in the response. This can lead to an information leak, where an attacker can potentially gain access to sensitive business and customer information.
Steps
- Create a serializer class for the CreditCard model to control what data is included in the serialized output.
- In the serializer, exclude sensitive fields like the credit card number, CVV, and expiry date.
- In the CreditCardView, use the serializer to prepare the data before returning it in the JsonResponse.
- Implement proper authentication and authorization checks to ensure that only authorized users can access the credit card data.
- Encrypt sensitive data in the database and decrypt it when it's needed for processing.
- Implement logging and monitoring to detect any unauthorized access attempts.
Compliant code
from django.http import JsonResponse
from django.views import View
from .models import CreditCard
from rest_framework import serializers
class CreditCardSerializer(serializers.ModelSerializer):
class Meta:
model = CreditCard
exclude = ('card_number', 'cvv', 'expiry_date')
class CreditCardView(View):
def get(self, request, *args, **kwargs):
credit_card_id = self.kwargs.get('creditcardId')
credit_card = CreditCard.objects.get(id=credit_card_id)
serializer = CreditCardSerializer(credit_card)
return JsonResponse({'credit_card': serializer.data})
The code above fixes the vulnerability by implementing a serializer for the CreditCard model. This serializer is used to control what data is included in the serialized output. In this case, sensitive fields like the credit card number, CVV, and expiry date are excluded from the serialization.
In the CreditCardView, the serializer is used to prepare the data before returning it in the JsonResponse. This ensures that the sensitive credit card data is not included in the response.
Please note that this code does not include the implementation of authentication and authorization checks, encryption of sensitive data in the database, and logging and monitoring. These are important security measures that should be implemented to further protect the credit card data.
Authentication and authorization checks will ensure that only authorized users can access the credit card data. Encryption will protect the data in the event of a data breach. Logging and monitoring will help detect any unauthorized access attempts and provide valuable information for incident response and forensic analysis.