Sensitive Information Stored in Logs - Elixir

Need

Prevent unauthorized access to sensitive data

Context

Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications
Usage of Plug library for request handling

Description

Insecure Code Example

def handle_request(request) do
  {:ok, body, conn} = read_body(request.conn)
  IO.inspect(body)
  case Router.dispatch(request) do
    {:ok, response} -> send_resp(conn, 200, response)
    _ -> send_resp(conn, 404, 'Not found')
  end
end

This function handles all incoming requests. It first reads the body of the request and then logs it using IO.inspect. This is problematic because the body of the request can contain sensitive user information like usernames, passwords, and other personal data. Logging this data in plain text can expose it to unauthorized users who might have access to the log files.

Steps

Stop logging the entire request body.
If necessary, only log non-sensitive parts of the request.

Secure Code Example

def handle_request(request) do
  {:ok, body, conn} = read_body(request.conn)
  IO.inspect(Map.delete(body, 'password'))
  case Router.dispatch(request) do
    {:ok, response} -> send_resp(conn, 200, response)
    _ -> send_resp(conn, 404, 'Not found')
  end
end

In the secure version of the function, we only log non-sensitive parts of the request. In this case, we remove the password from the body before logging it.

References

059 - Sensitive Information Stored in Logs

Last updated

2023/09/18