Need

Protection of sensitive technical information from unauthorized access

Context

• Usage of Scala 2.13 for building scalable and high-performance applications
• Usage of play.api.mvc for handling HTTP requests and responses in Play Framework
• Usage of play.api.libs.Files for file handling in Play Framework
• Usage of java.io.File for file input/output operations in Java

Description

Non compliant code

        import play.api.mvc._
import play.api.libs.Files
import java.io.File

class HomeController @Inject()(val controllerComponents: ControllerComponents) extends BaseController {
  def log = Action {
    val logFile = new File("/path/to/log/file")
    val logData = Files.readFile(logFile)
    Ok(logData).as("text/html")
  }
}
        
        

The above code represents a controller in a Scala backend application using the Play framework. Specifically, this is a HomeController with a log action. This action reads a log file from the system, converts the file content to a string, and then sends this string as an HTTP response.

The vulnerability here is that the log file, which might contain sensitive technical information about the system, is being exposed to the users. Any user can make a request to the log endpoint and get the contents of the log file. This is a technical information leak vulnerability, as it allows potential attackers to gain insights about the internal workings of the system, which they could use to plan and execute attacks.

The file path /path/to/log/file is just a placeholder and it should be replaced by the actual path to the log file in the system. This file should ideally be secured and not exposed to the users in this manner.

Steps

• Restrict access to the log file by ensuring that it is not accessible directly through the application's routes.
• Implement authentication and authorization mechanisms to control access to the log page.
• Use proper logging frameworks and configurations to prevent sensitive information from being logged.
• Avoid displaying the raw log data to users. Instead, consider sanitizing and filtering the log data before displaying it.
• Consider implementing a log management system that provides controlled access to log data and allows for better monitoring and analysis.

Compliant code

        import play.api.mvc._
import play.api.libs.Files
import java.io.File
import javax.inject.Inject

class HomeController @Inject()(val controllerComponents: ControllerComponents, val securedAction: SecuredAction) extends BaseController {
  def log = securedAction {
    val logFile = new File("/path/to/log/file")
    val logData = Files.readFile(logFile)
    Ok(logData).as("text/html")
  }
}
        
        

The updated code now includes an SecuredAction which is a custom action builder that checks if the user is authenticated and authorized before allowing access to the log file. This is injected into the HomeController and used in the log action.

The SecuredAction can be implemented as follows:

                import play.api.mvc._

class SecuredAction @Inject()(parser: BodyParsers.Default)(implicit ec: ExecutionContext)
  extends ActionBuilderImpl(parser) {
  
  override def invokeBlock[A](request: Request[A], block: (Request[A]) => Future[Result]) = {
    if (isUserAuthenticated(request)) { // replace this with your actual authentication check
      block(request)
    } else {
      Future.successful(Results.Forbidden)
    }
  }
  
  private def isUserAuthenticated[A](request: Request[A]): Boolean = {
    // Implement your authentication check here. This could involve checking a session cookie, JWT, etc.
    // For now, we'll just return false
    false
  }
}

            

References

• 289. Technical information leak - Logs