Need

Prevent exposure of sensitive business information from the database

Context

• Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
• Usage of Ecto (3.6.2 and above) for database query and manipulation
• Usage of Postgrex for connecting to PostgreSQL databases (version 0.15.9 and above)

Description

Non compliant code

        defmodule MyApp.UserController do
  use MyApp.Web, :controller

  def show(conn, %{"id" => id}) do
    user = Repo.get(User, id)
    render(conn, "show.json", user: user)
  end
end
        
        

This insecure code is exposing all details of a user, including sensitive information such as transactions, wallet IDs, operating system names, transaction codes, endpoints, credit cards, and available balance. An attacker who can access this endpoint could retrieve all this sensitive business information.

Steps

• Restrict the fields that are returned by the API. Only provide necessary information.
• Always use server-side checks to ensure that only authorized users can access the data.

Compliant code

        defmodule MyApp.UserController do
  use MyApp.Web, :controller

  def show(conn, %{"id" => id}) do
    if authorized?(conn) do
      user = Repo.get(User, id) |> Repo.preload([:minimal_required_fields])
      render(conn, "show.json", user: user)
    else
      send_resp(conn, :unauthorized, "")
    end
  end

  defp authorized?(conn) do
    # Add authorization checks here
  end
end
        
        

The secure code only provides necessary user details and only if the user is authorized. It ensures that only the right users can see the user details and sensitive business information is protected.

References

• 222. Business information leak - DB