CWE-219: Storage of File with Sensitive Data Under Web Root
Learn about CWE-219 (Storage of File with Sensitive Data Under Web Root), its security impact, exploitation methods, and prevention guidelines.
What is Storage of File with Sensitive Data Under Web Root?
• Overview: This vulnerability occurs when sensitive data is stored in directories that are accessible from the web, allowing unauthorized access if proper access controls are not applied.
• Exploitation Methods:
- Attackers can exploit this vulnerability by directly accessing files through a web browser if the server does not restrict access.
- Common attack patterns include searching for known file names or using directory traversal techniques to locate sensitive files.
• Security Impact:
- Direct consequences of successful exploitation include exposure of sensitive information such as configuration files, user data, or private keys.
- Potential cascading effects include unauthorized access to the application, data breaches, and further exploitation of exposed credentials.
- Business impact may involve reputational damage, legal consequences, and financial loss due to the breach of sensitive information.
• Prevention Guidelines:
- Specific code-level fixes include ensuring that sensitive files are not stored in directories that are web-accessible.
- Security best practices include configuring the web server to deny access to directories containing sensitive data and regularly auditing file permissions.
- Recommended tools and frameworks include using web application firewalls (WAFs) and employing automated security scanning tools to identify and mitigate such vulnerabilities.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
import os
from flask import Flask, send_from_directory
app = Flask(__name__)
# Vulnerable code: Sensitive files are stored under the web root directory
@app.route('/download/<filename>')
def download_file(filename):
# The 'static' directory is under the web root and accessible via the web.
# If sensitive files are stored here, they can be accessed by anyone with the URL.
return send_from_directory(os.path.join(app.root_path, 'static'), filename)
How to fix Storage of File with Sensitive Data Under Web Root?
To fix this vulnerability, sensitive files should not be stored in directories that are directly accessible via the web. Instead, these files should be stored in directories outside of the web root. Implement access controls to ensure only authorized users can access these files. Consider using secure methods such as generating temporary signed URLs or using a secure file storage service.
Fixed Code Example
import os
from flask import Flask, send_file, abort
from flask_login import login_required, current_user
app = Flask(__name__)
# Fixed code: Store sensitive files outside the web root and apply access controls
@app.route('/secure-download/<filename>')
@login_required # Ensure the user is authenticated
def secure_download_file(filename):
try:
# Store sensitive files in a secure directory outside the web root
secure_directory = os.path.join(app.root_path, '..', 'secure_files')
file_path = os.path.join(secure_directory, filename)
# Check if the file exists and the user has permission to access it
if os.path.isfile(file_path) and user_has_permission(current_user, filename):
return send_file(file_path)
else:
abort(403) # Forbidden if the user doesn't have access
except Exception as e:
abort(404) # Not found if there's an error accessing the file
def user_has_permission(user, filename):
# Implement your logic to check if the user has permission to access the file
return True # This is just a placeholder, replace with actual permission logic
In the fixed code example, sensitive files are stored in a directory outside the web root (secure_files). The @login_required decorator ensures that only authenticated users can access the endpoint. Additionally, we include a permission check (user_has_permission) to verify if the user is authorized to access the specific file. This approach ensures that sensitive data is protected from unauthorized access.