Insecure object reference - User deletion - Elixir

Need

Protecting user data and ensuring application integrity

Context

1. Usage of Elixir (v1.10+) for building scalable and fault-tolerant applications
2. Usage of Plug and Cowboy for HTTP request and response handling
3. Usage of Ecto for data persistence

Description

Insecure Code Example

def delete_user(conn, %{'id' => id}) do
  Repo.delete!(User |> Repo.get!(id))
  send_resp(conn, 204, "")
end

In this vulnerable code snippet, the application is deleting a user based on the provided id without checking if the authenticated user has the necessary permissions to perform the operation.

Steps

1. Check the role of the current user before performing any destructive operations.
2. Only allow users with the necessary permissions to delete other users.
3. If a user without the necessary permissions tries to delete a user, return a 403 Forbidden status code.

Secure Code Example

def delete_user(conn, %{'id' => id}) do
  case conn.assigns.current_user.role do
    :admin -> 
      Repo.delete!(User |> Repo.get!(id))
      send_resp(conn, 204, "")
    _ ->
      send_resp(conn, 403, "Forbidden")
  end
end

In this secure version, before deleting a user, the application checks if the current user has the 'admin' role. If the user doesn't have the necessary permissions, the application returns a 403 Forbidden status code.

References

Last updated

2023/09/18