Need

Prevent arbitrary overwriting, deletion or reading of files due to incorrect input sequencing

Context

• Usage of Elixir for building scalable and fault-tolerant applications
• Usage of Plug Cowboy for building web applications in Elixir
• Usage of Concurrency for parallel execution of tasks
• Usage of process synchronization for managing concurrent execution

Description

Non compliant code

        defmodule RaceCondition do
  def process(file) do
    Task.async(fn -> File.read!(file) end)
    Task.async(fn -> File.rm!(file) end)
  end
end
        
        

This Elixir code is vulnerable because it does not handle the concurrent operations properly, leading to a race condition where the file might be read and deleted by two different processes at the same time.

Steps

• Ensure that operations that should be atomic are performed in a single process to prevent race conditions.
• Handle concurrency properly to prevent the interleaving of operations.

Compliant code

        defmodule RaceCondition do
  def process(file) do
    File.read!(file)
    File.rm!(file)
  end
end
        
        

This Elixir code is safe because it ensures that the reading and deletion of a file are performed in a single process, preventing a race condition.

References

• 124. Race condition