Insecure functionality - Masking - Elixir

Need

Ensure confidentiality and integrity of sensitive user data

Context

Usage of Elixir (v1.12+) for building scalable and fault-tolerant applications
Usage of Plug and Cowboy for HTTP request and response handling

Description

Non compliant code

        defmodule UserController do
  def show(conn, %{'id' => id}) do
    user = Repo.get(User, id)
    conn
    |> put_resp_content_type('application/json')
    |> send_resp(200, Poison.encode!(user))
  end
end

The code below is insecure because it directly uses user input to construct the response. Sensitive data like password is included in the response without being masked, which exposes the data to potential eavesdroppers or data breaches.

Steps

Use pattern matching to exclude sensitive data from the user map before sending it in the response.
Use a separate data model for response that doesn't include sensitive fields.

Compliant code

        defmodule UserController do
  def show(conn, %{'id' => id}) do
    user = Repo.get(User, id) |> Map.drop([:password])
    conn
    |> put_resp_content_type('application/json')
    |> send_resp(200, Poison.encode!(user))
  end
end

The code below is secure because it masks the password field when sending the user data in the response. The Map.drop/2 function is used to remove the sensitive data from the map before it is sent in the response.

References

272. Insecure functionality - Masking