Business information leak - Personal Information - Go

Business information leak - Personal Information - Go

Need

Protection of personal information from unauthorized access or leakage

Context

  • Usage of Go 1.16 for building high-performance and efficient applications
  • Usage of gin-gonic/gin for building web applications in Go

Description

Non compliant code

        package main

import (
	"github.com/gin-gonic/gin"
)

type User struct {
	ID    string `json:"id"`
	Phone string `json:"phone"`
}

func main() {
	r := gin.Default()

	r.GET("/user/:id", func(c *gin.Context) {
		id := c.Param("id")
		// In this example, we are directly using real user information
		// which is a serious security vulnerability.
		user := User{ID: id, Phone: "1234567890"}

		c.JSON(200, gin.H{
			"user": user,
		})
	})

	r.Run() // listen and serve on 0.0.0.0:8080
}
        
        

In the above code, we have a struct User that represents a user with fields ID and Phone. This struct is used in a GET request handler where we directly use real user information, which is a serious security vulnerability. The handler is set up to respond to requests at "/user/:id" and it takes the id from the URL parameters, creates a new User with the id and a hardcoded phone number "1234567890", and returns this user as a JSON response.

The vulnerability here is the exposure of sensitive user information. In a real-world application, the id and phone would be sensitive data that should not be hardcoded or exposed in this way. This would be a business information leak, and could potentially lead to unauthorized access or identity theft.

Steps

  • Do not store sensitive information such as real ID numbers and phone numbers in the source code.
  • Implement a secure data storage mechanism such as a database to store user information.
  • Use appropriate encryption techniques to protect sensitive data at rest and in transit.
  • Implement proper access controls to restrict unauthorized access to user information.
  • Ensure that only authorized personnel have access to sensitive user data.
  • Regularly review and update security measures to address new vulnerabilities and threats.

Compliant code

        package main

import (
	"github.com/gin-gonic/gin"
	"database/sql"
	_ "github.com/go-sql-driver/mysql"
)

type User struct {
	ID    string `json:"id"`
	Phone string `json:"phone"`
}

var db *sql.DB

func main() {
	var err error
	db, err = sql.Open("mysql", "user:password@/dbname")
	if err != nil {
		panic(err)
	}

	r := gin.Default()

	r.GET("/user/:id", func(c *gin.Context) {
		id := c.Param("id")
		var user User
		err := db.QueryRow("SELECT id, phone FROM users WHERE id = ?", id).Scan(&user.ID, &user.Phone)
		if err != nil {
			c.JSON(500, gin.H{
				"message": "Error retrieving user",
			})
			return
		}

		c.JSON(200, gin.H{
			"user": user,
		})
	})

	r.Run() // listen and serve on 0.0.0.0:8080
}
        
        

The original code had a serious security vulnerability where it was storing real user information directly in the source code. This is a major risk as it exposes sensitive user data to potential breaches.

The revised code fixes this vulnerability by implementing a secure data storage mechanism. Instead of storing user information in the source code, it is now stored in a database. The code uses the database/sql package to open a connection to a MySQL database and retrieve user information.

When a GET request is made to the /user/:id endpoint, the code retrieves the user's ID from the request parameters and uses it to query the database for the corresponding user's information. The user's ID and phone number are then returned in the response.

This approach ensures that sensitive user data is not exposed in the source code and is instead securely stored in a database. It also allows for proper access controls to be implemented to restrict unauthorized access to user information.

In addition, the code should be further enhanced by implementing encryption techniques to protect sensitive data at rest and in transit, and by ensuring that only authorized personnel have access to sensitive user data. Regular reviews and updates of security measures should also be conducted to address new vulnerabilities and threats.

References