Technical information leak - Console functions - Go

Technical information leak - Console functions - Go

Need

Secure logging mechanism

Context

  • Usage of Go 1.16 for building high-performance and scalable applications
  • Usage of gin-gonic/gin for building web applications in Go
  • Usage of log for logging and debugging purposes

Description

Non compliant code

        package main

import (
	"github.com/gin-gonic/gin"
	"log"
)

func main() {
	r := gin.Default()

	r.GET("/ping", func(c *gin.Context) {
		log.Println("Ping request received") // Vulnerable point
		c.JSON(200, gin.H{
			"message": "pong",
		})
	})

	r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
}

The above code is a simple GoLang application using the Gin framework. It's a basic server that listens for GET requests on the "/ping" endpoint and responds with a JSON message "pong".

The vulnerability lies in the line log.Println("Ping request received"). Here, the application is logging the reception of each ping request. This is a console function that can potentially leak information.

In a production environment, an attacker could use this information to gain insights into the application's inner workings, such as the timing and frequency of requests, the structure of the application, or even potentially sensitive information if more detailed logs are implemented.

This kind of information leakage can lead to a variety of security risks, including the exposure of sensitive data, the identification of potential attack vectors, or the exposure of the internal logic of the application.

To mitigate this risk, it is recommended to avoid using console functions like log.Println() in production environments, or to ensure that any logging is properly sanitized and managed to prevent information leakage.

Steps

  • Remove or comment out the usage of console functions like log, info, and warning.
  • Instead of using console functions, use a proper logging framework that allows you to control the log level and output destination.
  • Configure the logging framework to write logs to a secure location or a centralized logging system.
  • Ensure that sensitive information is not logged, such as passwords, API keys, or user personal data.
  • Regularly review and monitor the logs to detect any potential security issues or information leaks.

Compliant code

        package main

import (
	"github.com/gin-gonic/gin"
	//"log"
)

func main() {
	r := gin.Default()

	r.GET("/ping", func(c *gin.Context) {
		//log.Println("Ping request received") // Vulnerable point
		c.JSON(200, gin.H{
			"message": "pong",
		})
	})

	r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080")
}

The original code contained a potential vulnerability where it was using the log.Println function to log a message every time a GET request was made to the "/ping" endpoint. This could potentially lead to information leakage, as the logs could reveal sensitive information about the application's internal workings, such as methods, technologies, or logic.

The fixed code comments out the log.Println function, effectively removing the logging of the "Ping request received" message. This prevents potential information leakage through the console.

However, this is a simple fix and in a real-world application, you would likely want to replace the console logging with a more secure and configurable logging framework. This would allow you to control what information gets logged and where it gets logged to, providing a balance between visibility for debugging and security.

Remember to ensure that sensitive information is not logged, such as passwords, API keys, or user personal data. Regularly review and monitor the logs to detect any potential security issues or information leaks.

References