Technical information leak - Logs
Need
Protection of sensitive technical information from unauthorized access
Context
- Usage of Ruby 2.7 for developing Ruby applications
- Usage of Rails framework for building web applications
Description
Non compliant code
# app/controllers/logs_controller.rb
class LogsController < ApplicationController
def show
@logs = File.read('/var/log/system.log')
end
end
# app/views/logs/show.html.erb
<%= @logs %>
The above code represents a controller action in a Ruby on Rails application that reads the system log file and assigns its content to an instance variable @logs. This instance variable is then displayed in a view.
This is a serious vulnerability because it leaks technical information about the system. Any user who navigates to the corresponding URL will be able to view the contents of the system log. This can include sensitive information such as error messages, system statuses, or even user data, depending on what is logged.
The view file show.html.erb within the logs folder is responsible for rendering the logs. The <%= @logs %> line in the view file will output the content of the @logs variable directly into the HTML that is sent to the client's browser. This means that anyone who can access this page can see the log information.
This issue can be exploited by attackers to gain insights about the internal workings of the application, which can aid in further attacks. Therefore, it's crucial to fix this vulnerability by making sure system logs are not directly exposed to end users.
Steps
- Restrict access to the logs page to authorized users only.
- Implement authentication and authorization mechanisms to control access to the logs.
- Ensure that only privileged users can view the logs.
- Consider implementing role-based access control to manage user permissions.
- Avoid displaying sensitive information in the logs.
- Regularly review and sanitize the logs to remove any sensitive information.
- Encrypt the logs to protect the data in transit and at rest.
- Implement proper logging practices, such as logging only necessary information and avoiding logging sensitive data.
- Consider using a logging framework that provides security features, such as log masking or encryption.
- Regularly monitor and review the logs for any suspicious activity or unauthorized access attempts.
Compliant code
# app/controllers/logs_controller.rb
class LogsController < ApplicationController
before_action :authenticate_user!
before_action :authorize_user!
def show
@logs = File.read('/var/log/system.log')
end
private
def authenticate_user!
# Implement your user authentication logic here
end
def authorize_user!
# Implement your user authorization logic here
end
end
The updated code now includes two before_action callbacks: authenticate_user! and authorize_user!. These methods are used to authenticate and authorize the user before they can access the logs.
The authenticate_user! method should contain the logic for authenticating the user. This could be checking if the user is logged in, checking if the user's session is valid, etc.
The authorize_user! method should contain the logic for authorizing the user. This could be checking if the user has the necessary permissions to view the logs, checking if the user's role allows them to view the logs, etc.
These methods should be implemented according to the specific authentication and authorization mechanisms used in your application.
By adding these checks, we ensure that only authenticated and authorized users can access the logs, thus preventing unauthorized access and information leakage.
In addition, consider implementing proper logging practices, such as logging only necessary information and avoiding logging sensitive data. Regularly monitor and review the logs for any suspicious activity or unauthorized access attempts. Consider using a logging framework that provides security features, such as log masking or encryption.