Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Function] Secure and sanitize API inputs #963

Open
2 tasks done
priyadam opened this issue Oct 9, 2024 · 1 comment · May be fixed by #972
Open
2 tasks done

[Function] Secure and sanitize API inputs #963

priyadam opened this issue Oct 9, 2024 · 1 comment · May be fixed by #972
Assignees
@DanielArevalo059

Comments

@priyadam
Copy link

priyadam commented Oct 9, 2024
edited by DanielArevalo059
Loading

In file: https://github.com/OpenSourceFellows/amplify/blob/main/server/routes/api/checkout.js
Copilot Prompts in quotes

  • Highlight lines 21-26 "refactor to be more secure and robust"
  • Highlight file "refactor to give least privilege"
@DanielArevalo059 DanielArevalo059 self-assigned this Oct 16, 2024
@Dunridge
Copy link
Collaborator

Branch: issue-963

DanielArevalo059 added a commit that referenced this issue Oct 16, 2024
@DanielArevalo059
Update server/routes/api/checkout.js with issue #963 from AppSec Hack…
b38eba9 
… Pod

Key Improvements to post req create-checkout-session:

1. Input Validation with Joi: Ensures the incoming data (like donation, user, and letter) is valid before processing.

  * donation: Must be a positive number.
  * user: Must be a valid email.
  * letter: Has a character limit to prevent overflows.

2. Origin Validation: Validates the origin header against a list of trusted domains. Requests from untrusted origins are rejected with a 403 Forbidden response. **This must be hardcoded, added in config files, or DB** (Line 55)

3. Error Handling: Catches validation errors and any unexpected errors to provide meaningful responses to the client while logging them for debugging.

4. Secure Logging: Avoids logging sensitive data. Logs only the origin if it’s valid, and logs warnings for untrusted origins.

Key Improvements to sessionSchema for least privilege:

1. Donation limit: The donation is capped at a reasonable value (max(10000)), reducing the risk of abuse from excessive amounts.

2. Scoped user object: We are limiting the user field to just an email address (instead of allowing any arbitrary data structure). This limits the amount of user data passed into the session.

3. Error messages: Explicit error messages are provided to make validation clearer for users without revealing too much information.

4. Letter size: The max length for the letter is reduced from 500 to 300 characters, limiting the potential impact of large data inputs.

5. Strict schema: By adding .unknown(false), we ensure that no extraneous data is accepted, enforcing stricter input control for least privilege.
@DanielArevalo059 DanielArevalo059 linked a pull request Oct 16, 2024 that will close this issue
Update /checkout.js with issue #963 from AppSec Hack Pod #972
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanielArevalo059 DanielArevalo059

Labels
None yet
Projects
AppSec Hack Pod
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update /checkout.js with issue #963 from AppSec Hack Pod OpenSourceFellows/amplify
3 participants
@Dunridge @DanielArevalo059 @priyadam