Skip to main content

Private data

Description

According to the rules provided in the configuration file, private data can be accessed by unauthorized users.

Remediation

The best way to ensure that private data can only be accessed by authorized users is by implementing a proper access control system. To do so, access control must be applied to every object and every link in the graphQL schema.

GraphQL Specific

Apollo

To mitigate the risk of unauthorized access or data leakage within the Apollo framework engine, ensure that all sensitive data is handled securely. Implement proper access controls, encrypt sensitive information both at rest and in transit, and regularly audit logs to detect any abnormal access patterns or breaches. Additionally, keep the Apollo framework and its dependencies up to date with the latest security patches.

Yoga

To address vulnerabilities within the Yoga framework engine related to private data exposure, ensure that all sensitive information is encrypted both at rest and in transit. Implement access controls and authentication mechanisms to restrict unauthorized access. Regularly audit the codebase for potential data leakage and adhere to best practices for data privacy, such as following the principles of the General Data Protection Regulation (GDPR) or similar regulations. Additionally, consider using environment variables for sensitive configuration details instead of hardcoding them within the application.

Awsappsync

To mitigate the risk of exposing private data in AWS AppSync, ensure that all GraphQL resolvers are properly configured to enforce authentication and authorization checks. Implement field-level authorization to control access to sensitive data, and use AWS Identity and Access Management (IAM) roles or Amazon Cognito user pools to manage permissions. Regularly audit your API configurations and access patterns to ensure compliance with data privacy requirements.

Graphqlgo

To mitigate the risk of private data exposure in a GraphQL Go framework engine, ensure that access control checks are implemented at the resolver level. Use middleware to authenticate and authorize users, and apply field-level security to prevent unauthorized retrieval of sensitive data. Additionally, consider implementing query complexity analysis to prevent resource exhaustion attacks, and regularly audit your schema to ensure that no private data is unintentionally exposed.

Graphqlruby

To mitigate the risk of exposing sensitive data in your GraphQL Ruby framework, ensure that you implement proper authentication and authorization checks. Use the pundit or cancancan gems for fine-grained access control, and always filter the data based on the current user's permissions. Additionally, consider using GraphQL's field-level permissions to restrict access to certain fields within your schema. Regularly audit your resolvers and mutations to ensure they do not inadvertently expose private information. Lastly, keep your GraphQL Ruby framework and its dependencies up to date to benefit from the latest security patches.

Hasura

To mitigate the risk of unauthorized access to private data in the Hasura framework, ensure that all GraphQL queries and mutations are authenticated and authorized appropriately. Implement role-based access control (RBAC) to restrict data access based on user roles. Use Hasura's permission system to define granular permissions for each table and operation. Regularly audit your permission rules and update them as necessary to adhere to the principle of least privilege. Additionally, consider using environment variables for sensitive information and enable Hasura's webhook or JWT modes for enhanced security. Always keep the Hasura engine and its dependencies up to date with the latest security patches.

REST Specific

Asp_net

Implement proper authentication and authorization checks before allowing access to private data. Use ASP.NET Identity for managing users and roles, and ensure that [Authorize] attributes are applied to controllers and actions to restrict access as necessary. Additionally, employ secure coding practices to prevent SQL injection and other vulnerabilities that could lead to unauthorized data access.

Ruby_on_rails

Implement strong access control checks and use Rails' built-in mechanisms such as 'before_action' callbacks in controllers to verify user permissions before allowing access to private data.

Next_js

Implement server-side checks to validate user permissions before serving private data, and use Next.js API routes to securely handle data fetching.

Laravel

In Laravel, ensure that you use Eloquent ORM or Query Builder for database interactions, which automatically use parameterized queries to prevent SQL injection. Additionally, utilize Laravel's built-in authorization features such as Gates and Policies to control access to private data, and always validate and sanitize user input to prevent unauthorized access.

Express_js

Implement proper access controls and authentication mechanisms to ensure that only authorized users can access private data. Use middleware such as helmet to secure Express.js applications by setting various HTTP headers and express-session for handling sessions. Regularly audit your code and dependencies for vulnerabilities and keep them up-to-date.

Django

Ensure that Django's built-in authentication system is properly implemented to control access to sensitive data. Use the @login_required decorator for views that handle private data, set proper permissions with the Django permissions framework, and always filter QuerySets based on the requesting user's privileges to prevent unauthorized access to private data.

Symfony

In the Symfony framework, ensure that access control is properly implemented by using the security component. Define access control rules in the security.yaml configuration file, utilize voters to manage permissions, and apply annotations or attributes for controller methods to restrict access to sensitive data. Regularly update Symfony and its dependencies to incorporate security fixes.

Spring_boot

Implement proper access control checks and enforce authentication and authorization mechanisms to restrict unauthorized access to private data. Utilize Spring Security to configure role-based access control and secure endpoints.

Flask

Implement proper access controls and authentication mechanisms to ensure that only authorized users can access private data. Use Flask's flask_login or flask_principal extensions for managing user sessions and permissions. Additionally, apply @login_required decorators to protect routes that handle sensitive information.

Nuxt

Implement robust access controls and server-side validation to ensure that only authorized users can access private data. Use middleware to check user permissions, and apply encryption for sensitive data both in transit and at rest.

Fastapi

Implement proper access control checks within FastAPI route handlers to ensure only authorized users can access private data. Utilize FastAPI's dependency injection system to create reusable dependencies for authentication and authorization. Additionally, consider integrating with OAuth2 or other security protocols for robust user authentication.

Configuration

Identifier: access_control/private_data

Parameters

__user : A list of fieldName:[scalarValues] the user should never be able to access. Set .* as fieldName to avoid the value everywhere.

rules : (For REST) The list of private fields rules to check during a scan.

Examples

REST: Ensure user some-user retrieve an admin user on a list of users at GET /users

{
"auth": { #
... REDACTED AUTH ...
},
"users": {
... Other users ...
"some-user": { # User to check
... REDACTED AUTH ...
}
... Other users ...
}
... Other configuration settings ...

"checks": {

... Other checks ...

"AccessControl_PrivateData": {
"parameters": {
"rules": [
"user": "some-user",
"routes": [
{
"method": "GET",
"path": "/users",
"pattern": ".*admin: true.*"
}
]
]
}
}

... Other checks ...
}

... Other configuration settings ...
}

REST: Ensure user some-user cannot access the fields email with value @mycompany.com and role.group with value admin on route GET /users

{
"auth": { #
... REDACTED AUTH ...
},
"users": {
... Other users ...
"some-user": { # User to check
... REDACTED AUTH ...
}
... Other users ...
}
... Other configuration settings ...

"checks": {

... Other checks ...

"AccessControl_PrivateData: {
"parameters": {
"rules": [
"user": "some-user",
"routes": [
{
"method": "GET",
"path": "/users",
"fields": ["email"],
"pattern": "@mycompany.com"
},
{
"method": "GET",
"path": "/users",
"fields": ["role.group"],
"pattern": "admin"
}
]
]
}
}

... Other checks ...
}

... Other configuration settings ...
}

REST: Ensure user some-user cannot access a field admin-* on route GET /admin

{
"auth": { #
... REDACTED AUTH ...
},
"users": {
... Other users ...
"some-user": { # User to check
... REDACTED AUTH ...
}
... Other users ...
}
... Other configuration settings ...

"checks": {

... Other checks ...

"AccessControl_PrivateData: {
"parameters": {
"rules": [
"user": "some-user",
"routes": [
{
"method": "GET",
"path": "/admin",
"fields": ["admin-*"],
"pattern": ".*"
}
]
]
}
}

... Other checks ...
}

... Other configuration settings ...
}

Ignore this check

checks:
access_control/private_data:
skip: true

Score

  • Escape Severity: HIGH

Compliance

  • OWASP: API3:2023

  • pci: 3.4

  • gdpr: Article-32

  • soc2: CC1

  • psd2: Article-32

  • iso27001: A.18.1

  • nist: SP800-53

  • fedramp: AC-3

Classification

  • CWE: 200

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
  • CVSS_SCORE: 5.1

References