Privacy violation - Go

Privacy violation - Go

Need

Protection of user privacy

Context

  • Usage of Go 1.16 for building high-performance and scalable applications
  • Usage of gin-gonic/gin for building web applications in Go

Description

Non compliant code

        package main

import (
	"github.com/gin-gonic/gin"
)

type User struct {
	Name  string `json:"name"`
	Email string `json:"email"`
}

func main() {
	r := gin.Default()

	r.GET("/user/:name", func(c *gin.Context) {
		name := c.Param("name")
		user := User{
			Name:  name,
			Email: "user@example.com", // This is a privacy violation as we are exposing a user's email without their consent
		}

		c.JSON(200, gin.H{
			"user": user,
		})
	})

	r.Run()
}
        
        

The above code is an example of a privacy violation vulnerability. This is a simple Go application using the Gin framework. It has a single endpoint /user/:name that returns a JSON response containing the user's name and email.

The privacy violation occurs in the following line:

                Email: "user@example.com", // This is a privacy violation as we are exposing a user's email without their consent

            


In this line, we are hardcoding the user's email address and exposing it in the JSON response without the user's consent. This is a violation of privacy requirements, as sensitive information such as email addresses should not be exposed without explicit permission from the user.

This can lead to serious consequences, such as spamming, phishing, or even identity theft. Therefore, it is crucial to ensure that sensitive user information is handled properly and not exposed unnecessarily.

Steps

  • Review the privacy requirements of the application to determine the specific privacy violation.
  • Obtain user consent before exposing any sensitive information, such as email addresses.
  • Implement a mechanism to obtain user consent, such as a checkbox or consent form.
  • Modify the code to only expose the user's email if they have provided consent.
  • Update the User struct to include a consent field to track user consent.
  • Update the code to check the user's consent before exposing the email.
  • If the user has not provided consent, handle the request accordingly, such as returning a different response or redirecting to a consent form.
  • Test the updated code to ensure that the privacy violation has been resolved.

Compliant code

        package main

import (
	"github.com/gin-gonic/gin"
)

type User struct {
	Name    string `json:"name"`
	Email   string `json:"email,omitempty"` // Email will be omitted if empty
	Consent bool   `json:"consent"`         // Consent field added to track user consent
}

func main() {
	r := gin.Default()

	r.GET("/user/:name", func(c *gin.Context) {
		name := c.Param("name")
		user := User{
			Name: name,
		}

		// Check if user has given consent
		if user.Consent {
			user.Email = "user@example.com" // Only expose email if user has given consent
		}

		c.JSON(200, gin.H{
			"user": user,
		})
	})

	r.Run()
}
        
        

The updated code includes a new field in the User struct, Consent, which is a boolean that tracks whether the user has given consent for their email to be exposed.

In the GET request handler, we first create a User with the provided name. We then check if the user has given consent by checking the Consent field. If the user has given consent, we set the Email field to the user's email. If the user has not given consent, the Email field remains empty and is omitted from the JSON response due to the omitempty tag.

This ensures that the user's email is only exposed if they have given consent, resolving the privacy violation.

Please note that this is a simplified example. In a real-world application, you would likely need to implement a more complex mechanism to obtain and track user consent, such as a consent form or a database to store user consent. You would also need to handle cases where the user has not given consent, such as returning a different response or redirecting to a consent form.

References