Excessive privileges - Temporary Files
Need
Proper management and restriction of privileges for temporary files
Context
- Usage of TypeScript for type-checking and static typing in Node.js development
- Usage of Express for building web applications and APIs
- Usage of fs for file system operations
Description
Non compliant code
import express from 'express';
import fs from 'fs';
const app = express();
app.get('/createTempFile', (req, res) => {
const tempFilePath = '/tmp/tempfile.txt';
fs.writeFileSync(tempFilePath, 'This is a temporary file.');
res.send('Temporary file created successfully.');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
The vulnerability in the provided code is related to the creation of temporary files. The code creates a temporary file using the fs.writeFileSync function and saves it in the /tmp directory with the file name tempfile.txt.
The issue is that the code does not properly restrict the privileges or access modes of the temporary file. This means that the file can be accessed and modified by any user or process on the system. This can lead to potential security risks.
An attacker can take advantage of this vulnerability to gain access to the created temporary files and tamper with the data contained within them. This can result in unauthorized access to sensitive information or manipulation of the application's functionality.
To mitigate this vulnerability, it is recommended to create the temporary files in a different directory than the default provided by the operating system. Additionally, the temporary files should have restricted access permissions, such as using a permission mask of 0600. This ensures that only the owner of the file has read and write permissions, reducing the risk of unauthorized access or tampering.
Steps
- Create a separate directory for storing temporary files
- Set the appropriate permissions for the temporary directory (e.g., 0600)
- Update the code to use the new temporary directory path
- Ensure that the temporary file is deleted after it is no longer needed
Compliant code
import express from 'express';
import fs from 'fs';
import path from 'path';
const app = express();
const tempDir = path.join(__dirname, 'temp');
const tempFilePath = path.join(tempDir, 'tempfile.txt');
// Create the temporary directory if it doesn't exist
if (!fs.existsSync(tempDir)) {
fs.mkdirSync(tempDir);
}
app.get('/createTempFile', (req, res) => {
fs.writeFileSync(tempFilePath, 'This is a temporary file.', { mode: 0o600 });
res.send('Temporary file created successfully.');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
// Delete the temporary file when the server is shutting down
process.on('exit', () => {
if (fs.existsSync(tempFilePath)) {
fs.unlinkSync(tempFilePath);
}
});
The fixed code addresses the vulnerability by properly creating and securing temporary files. Here's an explanation of the changes made:
-
The code imports the necessary modules:
express,fs, andpath. -
It creates an instance of the Express application.
-
The code defines the path for the temporary directory and the temporary file using the
path.join()method. This ensures that the paths are constructed correctly regardless of the operating system. -
Before creating the temporary file, the code checks if the temporary directory exists using
fs.existsSync(). If it doesn't exist, it creates the directory usingfs.mkdirSync(). -
The code defines a route handler for the
/createTempFileendpoint. When this endpoint is accessed, it writes the content "This is a temporary file." to thetempFilePathusingfs.writeFileSync(). The{ mode: 0o600 }option sets the file's permission mask to0600, ensuring that only the file owner has read and write access. -
The code starts the Express server and listens on port 3000.
-
To ensure the temporary file is deleted when the server is shut down, the code registers an
exitevent listener usingprocess.on('exit', ...). Inside the event listener, it checks if the temporary file exists usingfs.existsSync()and deletes it usingfs.unlinkSync().
By creating the temporary files in a separate directory and setting the appropriate permission mask, the fixed code mitigates the vulnerability and reduces the risk of unauthorized access or tampering of the temporary files.