logo

Database

Insecure functionality - Masking

Need

Ensure confidentiality and integrity of sensitive user data

Context

• Usage of Elixir (v1.12+) for building scalable and fault-tolerant applications

• Usage of Plug and Cowboy for HTTP request and response handling

Description

1. Non compliant code

defmodule UserController do
  def show(conn, %{'id' => id}) do
    user = Repo.get(User, id)
    conn
    |> put_resp_content_type('application/json')
    |> send_resp(200, Poison.encode!(user))
  end
end

The code below is insecure because it directly uses user input to construct the response. Sensitive data like password is included in the response without being masked, which exposes the data to potential eavesdroppers or data breaches.

2. Steps

• Use pattern matching to exclude sensitive data from the user map before sending it in the response.

• Use a separate data model for response that doesn't include sensitive fields.

3. Secure code example

defmodule UserController do
  def show(conn, %{'id' => id}) do
    user = Repo.get(User, id) |> Map.drop([:password])
    conn
    |> put_resp_content_type('application/json')
    |> send_resp(200, Poison.encode!(user))
  end
end

The code below is secure because it masks the password field when sending the user data in the response. The `Map.drop/2` function is used to remove the sensitive data from the map before it is sent in the response.

On this page