Business information leak - Financial Information
Need
Protection of sensitive financial information from unauthorized access or disclosure
Context
• Usage of Scala for building scalable and functional applications
• Usage of play.api.mvc for handling HTTP requests and responses in Play Framework
• Usage of global execution context for Scala concurrent programming
Description
1. Non compliant code
import play.api.mvc._
import scala.concurrent.ExecutionContext.Implicits.global
class BusinessController extends Controller {
def getBusinessInfo() = Action.async { implicit request =>
val businessInfo = BusinessModel.find.all() //retrieve all business information
}...The above code snippet represents a Scala backend application that uses the Play framework. This application has a serious vulnerability related to the leakage of sensitive business information. The `getBusinessInfo()` method in the `BusinessController` class retrieves all business information from the database and returns it as a JSON object. This information includes sensitive data such as mail, payment reference, description, total value, product information, collector's line of business, and payer's role. The `BusinessModel` case class represents the structure of the business information in the database. The `all()` method in the `find` object simulates a database helper function that retrieves all business information. This code is vulnerable because it indiscriminately exposes all business information to any client that sends a request to the `getBusinessInfo()` endpoint. This can result in a serious information leak if an unauthorized user gains access to this endpoint.
2. Steps
• Avoid returning sensitive business information directly in the response.
• Implement proper access control mechanisms to restrict access to sensitive information.
• Use encryption or tokenization techniques to protect sensitive information in transit and at rest.
• Implement data masking or redaction techniques to hide sensitive information from unauthorized users.
• Regularly review and update the access controls and permissions for accessing business information.
• Implement logging and monitoring mechanisms to detect and respond to any unauthorized access attempts.
• Conduct regular security assessments and penetration testing to identify and address any vulnerabilities in the application.
• Educate developers and users about the importance of handling sensitive information securely.
3. Secure code example
import play.api.mvc._
import scala.concurrent.ExecutionContext.Implicits.global
import play.api.libs.json._
class BusinessController extends Controller {
def getBusinessInfo() = Action.async { implicit request =>
val safeBusinessInfo = businessInfo.map(info => info.copy(mail = "", paymentReference = "")) //remove sensitive information...The updated code now includes a step to remove sensitive information before returning the business information. This is done by creating a new list of `BusinessModel` objects where the `mail` and `paymentReference` fields are set to an empty string. This effectively masks these sensitive fields from the response. This is a simple and effective way to prevent sensitive business information from being leaked. However, it's important to note that this is just one part of a comprehensive security strategy. Other measures that should be taken include: - Implementing proper access control mechanisms to restrict access to sensitive information. - Using encryption or tokenization techniques to protect sensitive information in transit and at rest. - Regularly reviewing and updating the access controls and permissions for accessing business information. - Implementing logging and monitoring mechanisms to detect and respond to any unauthorized access attempts. - Conducting regular security assessments and penetration testing to identify and address any vulnerabilities in the application. - Educating developers and users about the importance of handling sensitive information securely.