Sensitive information sent via URL parameters - Go

Sensitive information sent via URL parameters - Go

Need

Protection of sensitive information during transmission

Context

  • Usage of Go 1.16 for building high-performance and efficient applications
  • Usage of gin-gonic/gin for building web applications in Go

Description

Non compliant code

        package main

import (
	"github.com/gin-gonic/gin"
)

func main() {
	r := gin.Default()

	r.GET("/user", func(c *gin.Context) {
		username := c.Query("username") 
		password := c.Query("password") 

		// Some logic here

		c.JSON(200, gin.H{
			"username": username,
			"password": password,
		})
	})

	r.Run() 
}
        
        

In the above code, the application is using the GET method to retrieve the username and password from the user. These are obtained from the URL parameters using c.Query("username") and c.Query("password").

This is a vulnerability because the GET method sends data in clear text within the URL. This means that the sensitive information (username and password) are:

- Stored in the browser history in clear text.
- Sent to external sites via the Referrer HTTP header.
- Sent to external sites via the search bar if the browser interprets the URL as a query.
- Visible to scripts running on the browser that may belong to third parties.

This exposes the sensitive data to potential interception and misuse, violating the confidentiality and integrity of the data. This is a major security risk, especially when dealing with sensitive information such as usernames and passwords.

Steps

  • Avoid sending sensitive information via URL parameters.
  • Use the POST method instead of the GET method to send sensitive information.
  • Encrypt sensitive information before sending it over the network.
  • Store sensitive information securely on the server-side.
  • Implement proper access controls and authentication mechanisms to protect sensitive information.
  • Consider using secure protocols such as HTTPS to encrypt the communication between the client and the server.
  • Implement input validation and sanitization to prevent malicious input from being processed.
  • Avoid logging sensitive information.
  • Educate developers about secure coding practices and the risks associated with sending sensitive information via URL parameters.

Compliant code

        package main

import (
	"github.com/gin-gonic/gin"
)

func main() {
	r := gin.Default()

	r.POST("/user", func(c *gin.Context) {
		username := c.PostForm("username") 
		password := c.PostForm("password") 

		// Some logic here

		c.JSON(200, gin.H{
			"message": "User details received",
		})
	})

	r.Run() 
}
        
        

The original code was vulnerable because it was sending sensitive information (username and password) via URL parameters using the GET method. This is a security risk because these parameters are stored in clear text in the browser history, sent to external sites via the referrer HTTP header, sent to external sites via the search bar if the browser interprets the URL as a query, and visible to scripts running on the browser that may belong to third-parties.

The fixed code now uses the POST method instead of the GET method to send sensitive information. This is more secure because the data sent using the POST method is not stored in the browser history or sent via the referrer HTTP header.

In the fixed code, the sensitive information (username and password) is now received from the request body using the PostForm method instead of the Query method. This ensures that the sensitive information is not included in the URL.

The fixed code also no longer returns the sensitive information in the response. Instead, it returns a simple message indicating that the user details have been received. This reduces the risk of sensitive information being exposed in the response.

Please note that this is just a basic fix. For a production-grade application, you should also consider encrypting sensitive information before sending it over the network, storing sensitive information securely on the server-side, implementing proper access controls and authentication mechanisms, using secure protocols such as HTTPS, implementing input validation and sanitization, avoiding logging sensitive information, and educating developers about secure coding practices.

References