logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

Excessive privileges - Access Mode - Csharp

Need

Restriction of access privileges to system files and directories

Context

  1. Usage of C# 8.0 for modern and efficient software development
  2. Usage of Microsoft.AspNetCore for building web applications in .NET Core
  3. Usage of Microsoft.Extensions.FileProviders.Physical for accessing physical file resources in .NET applications
  4. Usage of Microsoft.Extensions.Hosting for building and hosting .NET Core applications
  5. Usage of Microsoft.Extensions.Logging for logging and tracing in .NET applications
  6. Usage of Microsoft.Extensions.Options for managing application configuration options

Description

Insecure Code Example

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles(new StaticFileOptions
    {
        FileProvider = new PhysicalFileProvider(
            Path.Combine(Directory.GetCurrentDirectory(), "wwwroot", "images")),
        RequestPath = "/images",
        OnPrepareResponse = ctx =>
        {
            // do not add cache headers
        }
    });
    app.UseRouting();

    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
    });
}

In this code snippet, the `UseStaticFiles` middleware is used to serve static files from the `wwwroot/images` directory. The `PhysicalFileProvider` is used to specify the file provider for the directory. However, the `PhysicalFileProvider` is created with an overly permissive access mode - it's given access to the entire `wwwroot/images` directory. This means that any user can access any file in that directory, which could potentially include sensitive files that should not be publicly accessible. In addition, the `OnPrepareResponse` action does not add any cache headers to the response. This means that the browser will cache the static files, which could potentially lead to sensitive information being stored in the user's browser cache. Overall, this code is vulnerable to unauthorized access and information disclosure due to the excessive privileges granted to the `PhysicalFileProvider`.

Steps

  1. Review the access mode of system files and directories.
  2. Ensure that the access mode is set to the minimum required permissions.
  3. Avoid using overly permissive access modes.
  4. Consider using access control mechanisms to restrict access to sensitive files and directories.
  5. Regularly review and update the access mode of system files and directories to maintain security.

Secure Code Example

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    var path = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot", "images");
    var physicalFileProvider = new PhysicalFileProvider(path);
    var fileInfo = physicalFileProvider.GetFileInfo(path);
    var filePermissions = fileInfo.CreateReadStream().CanWrite;

    if (filePermissions)
    {
        throw new Exception("The file permissions are too permissive. Please review the access mode of system files and directories.");
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles(new StaticFileOptions
    {
        FileProvider = physicalFileProvider,
        RequestPath = "/images",
        OnPrepareResponse = ctx =>
        {
            // do not add cache headers
        }
    });
    app.UseRouting();

    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllerRoute(
            name: "default",
            pattern: "{controller=Home}/{action=Index}/{id?}");
    });
}

The code above is a modification of the original code to fix the vulnerability of excessive privileges. The vulnerability was that the system files or directories had an access mode that was too permissive. The fix involves checking the permissions of the file before serving it. The `PhysicalFileProvider` is used to get the `FileInfo` of the file. The `CanWrite` property of the `FileInfo` object is then checked. If the file is writable, an exception is thrown, indicating that the file permissions are too permissive. This fix ensures that the access mode is set to the minimum required permissions and avoids using overly permissive access modes. It is also recommended to use access control mechanisms to restrict access to sensitive files and directories and to regularly review and update the access mode of system files and directories to maintain security.

References

  • 405 - Excessive privileges - Access Mode

    • Last updated

    2023/09/18