Insecurely deleted files - Python

Insecurely deleted files - Python

Need

Secure file deletion mechanism

Context

  • Usage of Python 3 for writing and executing Python code
  • Usage of os for accessing operating system-related information and functionalities

Description

Non compliant code

        import os

def delete_file(file_path):
    # This function insecurely deletes the file by just moving it to the Recycle Bin
    os.system("move {} C:\\\\$Recycle.Bin".format(file_path))
        
        

The above Python function delete_file is supposed to delete a file from the system. It takes a file path as an argument and uses the os.system command to move the file to the Recycle Bin.

The vulnerability here lies in the fact that the file is not securely deleted. It is merely moved to the Recycle Bin, meaning it can still be recovered. This is particularly problematic if the file contains sensitive information, as anyone with access to the Recycle Bin can restore the file and gain access to its contents.

Furthermore, the use of os.system is itself a security risk. This function executes the command in a subshell, which can lead to shell injection attacks if the file_path is not properly sanitized.

This code should be replaced with a secure file deletion process that permanently and securely removes the file from the system, and does not leave any traces that can be recovered.

Steps

  • Replace the os.system call with a secure delete function. The os.system call is insecure because it can be exploited by command injection attacks.
  • Use a library or function that securely deletes files. This means that the file is overwritten with random data before it is deleted, making it impossible to recover the file.
  • Ensure that the secure delete function is used throughout the codebase. Any instance of insecure file deletion should be replaced with the secure delete function.
  • Test the secure delete function to ensure that it works as expected. This should include testing that the file cannot be recovered after deletion.

Compliant code

        import os
import random
import string

def secure_delete(file_path):
    # Overwrite the file with random data
    with open(file_path, "w") as f:
        size = os.path.getsize(file_path)
        f.write(''.join(random.choices(string.ascii_letters + string.digits, k=size)))

    # Now delete the file
    os.remove(file_path)

def delete_file(file_path):
    # This function securely deletes the file
    secure_delete(file_path)
        
        

The above code securely deletes a file by first overwriting it with random data and then deleting it. This makes it impossible to recover the file.

The secure_delete function opens the file in write mode, which erases the existing data. It then writes random data to the file. The size of the random data is the same as the size of the original file, ensuring that all parts of the file are overwritten. The random data is generated using the random.choices function, which selects random characters from a list of all ASCII letters and digits.

After the file has been overwritten, it is deleted using the os.remove function. This function permanently deletes the file, unlike the os.system call used in the original code, which merely moved the file to the Recycle Bin.

The delete_file function is a wrapper for the secure_delete function. This function should be used throughout the codebase to delete files. Any instance of insecure file deletion should be replaced with a call to delete_file.

This code should be tested to ensure that it works as expected. This should include testing that the file cannot be recovered after deletion.

References