Need

Protecting user data and ensuring application integrity

Context

• Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
• Usage of Plug and Cowboy for HTTP request and response handling
• Usage of Ecto for data persistence

Description

Non compliant code

        def delete_user(conn, %{'id' => id}) do
  Repo.delete!(User |> Repo.get!(id))
  send_resp(conn, 204, "")
end
        
        

In this vulnerable code snippet, the application is deleting a user based on the provided id without checking if the authenticated user has the necessary permissions to perform the operation.

Steps

• Check the role of the current user before performing any destructive operations.
• Only allow users with the necessary permissions to delete other users.
• If a user without the necessary permissions tries to delete a user, return a 403 Forbidden status code.

Compliant code

        def delete_user(conn, %{'id' => id}) do
  case conn.assigns.current_user.role do
    :admin -> 
      Repo.delete!(User |> Repo.get!(id))
      send_resp(conn, 204, "")
    _ ->
      send_resp(conn, 403, "Forbidden")
  end
end
        
        

In this secure version, before deleting a user, the application checks if the current user has the 'admin' role. If the user doesn't have the necessary permissions, the application returns a 403 Forbidden status code.

References

• 369. Insecure object reference - User deletion