Need

To prevent exposure of sensitive business information.

Context

• Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
• Usage of Phoenix Framework for building web applications
• Usage of Ecto for data persistence

Description

Non compliant code

        defmodule MyAppWeb.UserController do
  use MyAppWeb, :controller

  def show(conn, %{"id" => id}) do
    user = Repo.get!(User, id)
    render(conn, "show.html", user: user)
  end
end
        
        

This code is vulnerable because it retrieves a user from the database and exposes all of its associated information in the response, including potentially sensitive financial information. An attacker could exploit this by making requests to this endpoint and collecting the exposed data.

Steps

• Ensure that sensitive information is not included in API responses or rendered views.
• Review your data models and remove or obfuscate sensitive fields as necessary.
• Implement proper access controls to prevent unauthorized access to sensitive data.

Compliant code

        defmodule MyAppWeb.UserController do
  use MyAppWeb, :controller

  def show(conn, %{"id" => id}) do
    user = Repo.get!(User, id)
    safe_user = Map.take(user, [:id, :name, :email])
    render(conn, "show.html", user: safe_user)
  end
end
        
        

In this secure code example, the Map.take/2 function is used to only include the id, name, and email fields in the response. Any potentially sensitive financial information associated with the user is not included.

References

• 291. Business information leak - Financial Information