Technical information leak - Logs - Python

Technical information leak - Logs - Python

Need

Prevention of unauthorized access to system logs

Context

  • Usage of Python 3 for writing and executing Python code
  • Usage of Django for building web applications in Python
  • Usage of logging for capturing and recording application events or messages

Description

Non compliant code

        from django.http import HttpResponse
import logging

# Create your views here.
def log_view(request):
    logger = logging.getLogger('django')
    log_contents = logger.handlers[0].baseFilename

    with open(log_contents, 'r') as log_file:
        return HttpResponse(log_file.read())
        
        

The above code is a Django view function named log_view. This function is intended to display the system's log file in the browser. The logging.getLogger('django') function is used to get the Django's logger, and logger.handlers[0].baseFilename is used to get the file name of the log file.

The file is then opened in read mode and its contents are read and returned as an HTTP response. This means that when a user navigates to the URL associated with this view, they will see the contents of the log file displayed in their browser.

This is a severe security vulnerability because it exposes potentially sensitive system information to the users. The log files may contain error messages, system details, or other information that could be exploited by an attacker to gain unauthorized access to the system or to perform other malicious actions.

Steps

  • Remove the log_view function entirely to prevent users from accessing system logs.
  • If the log_view function is necessary, implement access controls to restrict access to only authorized users.
  • Consider using a logging service that provides access controls and log management features.
  • Avoid displaying raw log data to users. Instead, provide a user-friendly interface that only shows relevant information.
  • Ensure that sensitive information is not being logged. If it is, remove or obfuscate this information before it is logged.

Compliant code

        from django.http import HttpResponse
from django.contrib.auth.decorators import login_required
import logging

# Create your views here.
@login_required
def log_view(request):
    if request.user.is_superuser:
        logger = logging.getLogger('django')
        log_contents = logger.handlers[0].baseFilename

        with open(log_contents, 'r') as log_file:
            return HttpResponse(log_file.read())
    else:
        return HttpResponse("You are not authorized to view this page.")
        
        

The updated code now includes a decorator @login_required which ensures that only logged-in users can access the log_view function. This is a built-in Django decorator that redirects unauthenticated users to the login page.

Furthermore, we added a condition to check if the logged-in user is a superuser ( request.user.is_superuser). This ensures that only users with superuser status can view the log files. If a non-superuser tries to access the page, they will receive a message stating "You are not authorized to view this page."

This way, we are implementing access controls to restrict the viewing of system logs to only authorized users, thereby fixing the vulnerability.

Remember, it's also important to ensure that sensitive information is not being logged. If it is, you should remove or obfuscate this information before it is logged.

References