Technical information leak - SourceMap - Scala

Technical information leak - SourceMap - Scala

Need

Protection of sensitive technical information

Context

  • Usage of Scala for building scalable and high-performance applications
  • Usage of Play Framework for building scalable and reactive web applications

Description

Non compliant code

        import sbt._
import PlayProject._

object ApplicationBuild extends Build {

    val appName         = "VulnerableApp"
    val appVersion      = "1.0-SNAPSHOT"

    val appDependencies = Seq(
      // Add your project dependencies here,
    )

    val main = PlayProject(appName, appVersion, appDependencies, mainLang = SCALA).settings(
      // Expose the source map files
      lessEntryPoints <<= baseDirectory(_ / "app" / "assets" / "stylesheets" / "*.less"),
      javascriptEntryPoints <<= baseDirectory(_ / "app" / "assets" / "javascripts" / "*.js")
    )
}
        
        

The above code is a build configuration for a Scala application using the Play framework. The main vulnerability lies in the settings section where the source map files are exposed.

The lines:

                lessEntryPoints <<= baseDirectory(_ / "app" / "assets" / "stylesheets" / "*.less"),
javascriptEntryPoints <<= baseDirectory(_ / "app" / "assets" / "javascripts" / "*.js")

            
specify the entry points for the LESS and Javascript files. These entry points are exposed, meaning that the .map files generated during the transpilation of these files are accessible.

The .map files are essentially a bridge between the transpiled code and the source code. They contain information about the original source files, including file names, line numbers, and even the original source code in some cases.

By exposing these .map files, a malicious actor can easily analyze the application, understand its structure, and potentially exploit any vulnerabilities present in the source code. This is a serious information leak vulnerability that should be fixed to prevent potential attacks.

Steps

  • Remove the configuration that exposes the source map files
  • Ensure that the source map files are not accessible from the application's public directory
  • Consider minifying and obfuscating the JavaScript and CSS files to make it harder for attackers to analyze the application

Compliant code

        import sbt._
import PlayProject._

object ApplicationBuild extends Build {

    val appName         = "VulnerableApp"
    val appVersion      = "1.0-SNAPSHOT"

    val appDependencies = Seq(
      // Add your project dependencies here,
    )

    val main = PlayProject(appName, appVersion, appDependencies, mainLang = SCALA).settings(
      // Remove the configuration that exposes the source map files
      // lessEntryPoints <<= baseDirectory(_ / "app" / "assets" / "stylesheets" / "*.less"),
      // javascriptEntryPoints <<= baseDirectory(_ / "app" / "assets" / "javascripts" / "*.js")
    )
}
        
        

The original code was exposing the source map files for the application, which could potentially allow a malicious actor to analyze the application and exploit any vulnerabilities found. This is a serious security risk, as it could lead to unauthorized access, data breaches, and other negative impacts.

The fixed code removes the configuration that was exposing these source map files. This is done by commenting out the lessEntryPoints and javascriptEntryPoints lines in the PlayProject settings. This ensures that the source map files are not accessible from the application's public directory.

In addition to this, it is recommended to consider minifying and obfuscating the JavaScript and CSS files. This makes it harder for attackers to analyze the application, as the code is less readable and more difficult to understand. This can be done using various tools and libraries available for Scala and the Play framework.

By implementing these changes, the application becomes more secure and less vulnerable to potential attacks.

References