Protection of sensitive technical information
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseStaticFiles();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
The above code is a typical configuration for an ASP.NET Core application. This is usually found in the Startup.cs file of the application.
The vulnerability in this code is that it serves static files without any restrictions. This means that if there are any .map files (SourceMap files) in the wwwroot folder of the application, they will be served to anyone who requests them.
SourceMap files are usually used in development to map the minified or transpiled code back to the original source code, making it easier to debug. However, in a production environment, these SourceMap files can provide a malicious actor with a lot of information about the application, including the structure of the code and potentially sensitive data.
In the above code, the UseStaticFiles() middleware is used, which enables static file serving for the current request path. This middleware does not include any restrictions on what types of files can be served, meaning that if a .map file is present in the wwwroot folder, it will be served to the client.
The vulnerability is present in both the development and production environments, as the UseStaticFiles() middleware is used in both cases. However, it is especially critical in a production environment, where such information should not be exposed.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseStaticFiles();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
}
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
The above code is vulnerable due to the exposure of .map files which can be exploited by a malicious actor to analyze the application. The
app.UseDeveloperExceptionPage() and
app.UseBrowserLink() middlewares are also exposed in the production environment, which can lead to information leakage.
To fix this vulnerability, the
app.UseDeveloperExceptionPage() and
app.UseBrowserLink() middlewares should be removed from the production environment. The .map files should not be included in the published output to prevent them from being accessed by unauthorized users.
Additionally, consider using obfuscation or minification techniques to make it harder for attackers to analyze the application. These techniques can help to obscure the code, making it more difficult to understand and exploit.
Here is the fixed code:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseStaticFiles();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
}
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
app.UseDeveloperExceptionPage() and
app.UseBrowserLink() middlewares are only used in the development environment. The .map files are not included in the published output, and obfuscation or minification techniques are used to obscure the code.