Metadata with sensitive information
Need
Protection of sensitive information in metadata
Context
• Usage of Ruby 2.0+ for developing Ruby applications
• Usage of Rails for building web applications with Ruby
Description
1. Non compliant code
class UsersController < ApplicationController
  def index
    @users = User.all
    respond_to do |format|
      format.html
      format.json { render json: @users.to_json }
  end...In the above code, a `UsersController` is defined with an index action that retrieves all users and makes them available to the view. The `respond_to` block specifies that the action should respond to both HTML and JSON requests. When a JSON request is made, the `@users` instance variable is converted to JSON and sent as the response. This is a potential security vulnerability because the `to_json` method will include all attributes of the User model in the JSON object. This could include sensitive information such as passwords, email addresses, and other personal details. Moreover, the 'User.all' method retrieves all users from the database, which might lead to exposure of sensitive information of all users if the JSON response is not handled carefully. The metadata in this case is the JSON response, which is publicly accessible and may contain sensitive information.
2. Steps
• Identify the sensitive information that is being exposed through the metadata files.
• Remove or obfuscate the sensitive information from the metadata files.
• Implement access controls to restrict access to the metadata files.
• Consider using environment variables or configuration files to store sensitive information instead of exposing them in metadata files.
• Regularly review and update the metadata files to ensure that no sensitive information is inadvertently exposed.
3. Secure code example
class UsersController < ApplicationController
  def index
    @users = User.select(:id, :name, :email) # Select only the necessary fields
    respond_to do |format|
      format.html
      format.json { render json: @users.to_json }
  end...The original code was exposing all the attributes of the User model to the public, which could include sensitive information. The fix involves specifying only the necessary fields (in this case, `:id`, `:name`, and `:email`) in the `select` method. This way, only non-sensitive information is exposed in the metadata. In addition to this, it's important to implement access controls to restrict who can access these metadata files. This could be done using authentication and authorization mechanisms provided by the Ruby on Rails framework. Sensitive information should not be stored in metadata files. Instead, consider using environment variables or configuration files, which can be encrypted and kept out of version control. Regularly review and update the metadata files to ensure that no sensitive information is inadvertently exposed. This should be part of a regular security audit of your application.
References
• 119. Metadata with sensitive information