Metadata with sensitive information
Need
Protection of sensitive information in metadata files
Context
- Usage of TypeScript for type-checking and compiling JavaScript code
- Usage of Express for building web applications and APIs
Description
Non compliant code
import express from 'express';
const app = express();
// Vulnerable route that exposes sensitive metadata
app.get('/metadata', (req, res) => {
const sensitiveInfo = {
username: 'admin',
password: 'secretpassword',
creditCardNumber: '1234567890123456',
};
res.json(sensitiveInfo);
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
The vulnerability in the provided code is that it exposes sensitive information through a public route. In the /metadata route, the code creates an object called sensitiveInfo which contains sensitive data such as a username, password, and credit card number.
When a user makes a GET request to the /metadata route, the code responds with a JSON object containing the sensitive information. This means that anyone who knows the URL of this route can easily access and obtain the sensitive data.
This vulnerability can have severe impacts as an attacker can use the exposed sensitive information to gain unauthorized access to the system or compromise other systems. For example, if an attacker obtains the username and password, they can potentially log in to the system as an administrator and perform malicious actions.
To fix this vulnerability, the code should be modified to remove the sensitive information from the response or restrict access to the /metadata route.
Steps
- Remove the sensitive information from the 'sensitiveInfo' object
- Modify the route handler for '/metadata' to return only non-sensitive information
- Consider storing sensitive information securely and retrieving it when needed, instead of hardcoding it in the code
- Implement access control mechanisms to restrict access to sensitive information
Compliant code
import express from 'express';
const app = express();
// Securely store sensitive information
const sensitiveInfo = {
username: 'admin',
password: 'secretpassword',
creditCardNumber: '1234567890123456',
};
// Vulnerable route that exposes sensitive metadata
app.get('/metadata', (req, res) => {
const nonSensitiveInfo = {
// Return only non-sensitive information
username: sensitiveInfo.username,
};
res.json(nonSensitiveInfo);
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
In the fixed code, we have made changes to ensure that sensitive information is not exposed through public metadata files.
First, we import the necessary modules, including the 'express' module, which is a popular framework for building web applications in Node.js.
We create an instance of the express application using the 'express()' function and assign it to the 'app' constant.
Next, we securely store sensitive information in an object called 'sensitiveInfo'. This object contains properties such as 'username', 'password', and 'creditCardNumber'.
To address the vulnerability, we modify the route for the '/metadata' endpoint. Instead of returning the entire 'sensitiveInfo' object, we create a new object called 'nonSensitiveInfo' that only includes non-sensitive information. In this case, we only include the 'username' property from 'sensitiveInfo'.
Finally, we use the 'res.json()' method to send the 'nonSensitiveInfo' object as a JSON response to the client.
The server listens on port 3000 using the 'app.listen()' method, and a message is logged to the console to indicate that the server is running.
By returning only non-sensitive information in the '/metadata' route, we have addressed the vulnerability and ensured that sensitive information is not exposed through public metadata files.