Need

Prevention of unauthorized access to system logs

Context

• Usage of C# for building robust and scalable applications
• Usage of Microsoft.AspNetCore.Mvc for building web applications with ASP.NET Core

Description

Non compliant code

        public class LoggingController : Controller
{
    public IActionResult Index()
    {
        string logData = System.IO.File.ReadAllText("log.txt");
        return View("Log", logData);
    }
}
        
        

The above code is an example of a system log file being exposed to the user through an ASP.NET Core web application. The LoggingController has an Index action which reads all text from a log file and passes it to the view.

The view, Log.cshtml, then simply displays this log data inside a

 tag. This means that any user who navigates to the 
        /Logging URL in the application will be able to see the entire contents of the log file.

This is a vulnerability because it leaks technical information about the system. Logs often contain sensitive information such as error details, system internals, or even user information. By exposing the log data to the user, the application is potentially revealing information that could be used by an attacker to exploit the system.


Steps

    
    
Restrict access to the logging functionality to authorized users only.
    
    
Implement authentication and authorization mechanisms to control access to the logging page.
    
    
Ensure that the logging page is not accessible by default and requires proper authentication.
    
    
Use role-based access control to limit access to the logging functionality to specific user roles.
    
    
Consider implementing a logging framework that provides more granular control over the logged information.
    
    
Regularly review and update the logging configuration to ensure that sensitive information is not being logged.
    
    
Encrypt or obfuscate any sensitive information that needs to be logged to prevent unauthorized access.
    
    
Implement proper error handling and logging practices to prevent sensitive information from being exposed in error messages.
    


Compliant code

    
        [Authorize(Roles = "Admin")]
public class LoggingController : Controller
{
    public IActionResult Index()
    {
        string logData = System.IO.File.ReadAllText("log.txt");
        return View("Log", logData);
    }
}
        
        

The updated code now includes an 
        [Authorize] attribute on the 
        LoggingController class. This attribute is part of the ASP.NET Core's built-in authorization mechanism. It ensures that only authenticated users can access the methods within the controller. 

In this case, we've also specified 
        Roles = "Admin" within the attribute. This means that only users who are authenticated and have the role of "Admin" can access the 
        Index method, which returns the log data. 

This is a form of Role-Based Access Control (RBAC), which is a widely used approach to restrict access to certain parts of a system based on the roles of the user. 

In addition to this, it's also recommended to implement a logging framework that provides more granular control over the logged information, regularly review and update the logging configuration to ensure that sensitive information is not being logged, encrypt or obfuscate any sensitive information that needs to be logged, and implement proper error handling and logging practices to prevent sensitive information from being exposed in error messages. 

Remember, the 
        [Authorize] attribute will only work if you have properly set up authentication and role management in your application. If you haven't done this yet, you'll need to do so before you can use this attribute.

References

    
289. Technical information leak - Logs