Sensitive information stored in logs
Need
Secure handling of sensitive information in log files
Context
- Usage of Ruby 2.7.0 for Ruby programming and development
- Usage of Rails framework for building web applications
Description
Non compliant code
class UserController < ApplicationController
def login
username = params[:username]
password = params[:password]
# Log the attempted login
Rails.logger.info "Login attempted by user: #{username} with password: #{password}"
@user = User.find_by_username(username)
if @user && @user.authenticate(password)
session[:user_id] = @user.id
redirect_to root_url, notice: "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
end
In the above code, the application logs the username and password when a user attempts to log in. This happens in the login action of the UserController class.
The username and password values are fetched from the request parameters. Then, an informational log message is created which includes these values. This is a security vulnerability because it results in sensitive information (the username and password) being stored in the application's log files.
The Rails.logger.info method is used to log the message. This method is part of the Rails framework and is used to log informational messages. In this case, it is being misused to log sensitive information.
The rest of the method is responsible for authenticating the user. If the authentication is successful, the user's ID is stored in the session and the user is redirected to the root URL with a success message. If the authentication fails, an error message is displayed and the login form is re-rendered.
Steps
- Avoid logging sensitive information such as credentials, bank accounts, and file paths.
- Review the log statements in the code and remove any sensitive information being logged.
- Consider using a logging library that supports sensitive data filtering or masking.
- If sensitive information needs to be logged for debugging purposes, ensure that it is properly encrypted or obfuscated.
- Implement a logging policy that defines what types of information can be logged and ensure that sensitive information is excluded.
- Regularly review and monitor the log files to identify any potential exposure of sensitive information.
Compliant code
class UserController < ApplicationController
def login
username = params[:username]
password = params[:password]
# Log the attempted login
Rails.logger.info "Login attempted by user: #{username}"
@user = User.find_by_username(username)
if @user && @user.authenticate(password)
session[:user_id] = @user.id
redirect_to root_url, notice: "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
end
The updated code removes the logging of the password from the login method in the UserController. This change prevents sensitive information from being stored in the log files, reducing the risk of information exposure.
In the original code, the password was being logged along with the username whenever a login attempt was made. This is a security risk as anyone with access to the log files could potentially see this sensitive information.
In the updated code, only the username is logged. This still allows for tracking of login attempts without exposing sensitive information. If there is a need to log more information for debugging purposes, consider using a logging library that supports sensitive data filtering or masking, or ensure that the sensitive information is properly encrypted or obfuscated.
Remember to implement a logging policy that defines what types of information can be logged and ensure that sensitive information is excluded. Regularly review and monitor the log files to identify any potential exposure of sensitive information.