Skip to content

Latest commit

 

History

History
74 lines (59 loc) · 6.55 KB

attack-surface.md

File metadata and controls

74 lines (59 loc) · 6.55 KB

Attack Surface Analysis for timescale/timescaledb

Attack Surface: SQL Injection via TimescaleDB Functions

  • 1. SQL Injection via TimescaleDB Functions

    • Description: Attackers inject malicious SQL code through TimescaleDB-specific functions by exploiting improperly handled user input.
    • How TimescaleDB Contributes: TimescaleDB introduces numerous custom SQL functions that accept parameters, increasing the potential for injection points if not used carefully.
    • Example: An application uses user-supplied input to set the chunk time interval: SELECT create_hypertable('my_table', 'time', chunk_time_interval => ' + userInput + ');. If userInput is 1 day'); DROP TABLE my_table; --, the attacker can drop the table.
    • Impact: Data loss, data modification, unauthorized data access, database compromise, execution of arbitrary code on the database server.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Parameterized Queries (Prepared Statements): Always use parameterized queries (prepared statements) for all SQL interactions, including those with TimescaleDB functions. This prevents the database from interpreting user input as SQL code.
      • Input Validation: Validate user input before it reaches the database. This is a defense-in-depth measure.
      • Least Privilege: Grant database users only the minimum necessary permissions.
      • Web Application Firewall (WAF): A WAF can help, but it should not be the sole defense.

Attack Surface: Denial of Service (DoS) via Excessive Chunk Creation

  • 2. Denial of Service (DoS) via Excessive Chunk Creation

    • Description: An attacker overwhelms the database by creating a massive number of small chunks, impacting performance and potentially causing instability.
    • How TimescaleDB Contributes: TimescaleDB's chunking mechanism, while designed for performance, can be abused if chunk time intervals are not properly managed.
    • Example: An attacker manipulates the application to create hypertables with extremely small chunk time intervals (e.g., milliseconds), leading to millions of tiny chunks.
    • Impact: Database performance degradation, service unavailability, potential database crashes.
    • Risk Severity: High
    • Mitigation Strategies:
      • Strict Input Validation: Enforce strict validation on any user input that influences chunk time intervals. Implement minimum and maximum allowed values.
      • Rate Limiting: Limit the rate at which users can create hypertables or modify chunk time intervals.
      • Monitoring: Monitor the number of chunks and their sizes. Set alerts for unusual activity.
      • Application Logic Review: Carefully review the application logic that determines chunk time intervals.

Attack Surface: DoS via Uncontrolled Continuous Aggregate Materialization

  • 3. DoS via Uncontrolled Continuous Aggregate Materialization

    • Description: An attacker triggers excessive materialization of continuous aggregates, consuming CPU and storage resources.
    • How TimescaleDB Contributes: Continuous aggregates are materialized views that are automatically refreshed. If the refresh policy or the underlying query is manipulated, it can lead to excessive resource consumption.
    • Example: An attacker modifies the refresh interval of a continuous aggregate to be very frequent (e.g., every second), or they modify the underlying query to be extremely complex.
    • Impact: Database performance degradation, service unavailability, potential storage exhaustion.
    • Risk Severity: High
    • Mitigation Strategies:
      • Least Privilege: Restrict permissions to create, alter, or drop continuous aggregates.
      • Input Validation: Validate any user input that influences the definition or refresh policy of continuous aggregates.
      • Monitoring: Monitor the resource consumption of continuous aggregate materialization.
      • Review Continuous Aggregate Definitions: Carefully review the definitions and refresh policies.

Attack Surface: Unauthorized Hypertable Access/Modification

  • 4. Unauthorized Hypertable Access/Modification

    • Description: An attacker with some database access gains unauthorized access to hypertables, allowing them to drop, alter, or insert malicious data.
    • How TimescaleDB Contributes: Hypertables are the core data structure in TimescaleDB. Misconfigured permissions can expose them to unauthorized access.
    • Example: A database user with limited privileges is mistakenly granted ALTER or DROP privileges on a hypertable.
    • Impact: Data loss, data corruption, service disruption.
    • Risk Severity: High
    • Mitigation Strategies:
      • Principle of Least Privilege: Grant database users only the minimum necessary permissions on hypertables. Use granular permissions.
      • Regular Permission Audits: Regularly review and audit database user permissions.
      • Row-Level Security (RLS): Consider using PostgreSQL's RLS.

Attack Surface: Vulnerabilities in TimescaleDB Background Workers

  • 5. Vulnerabilities in TimescaleDB Background Workers
    • Description: Exploitation of vulnerabilities in the background workers used for tasks like continuous aggregate maintenance and data retention.
    • How TimescaleDB Contributes: TimescaleDB relies on background workers for various internal operations.
    • Example: A vulnerability in a background worker responsible for data retention could be exploited to prevent data from being deleted, leading to storage exhaustion, or to delete data prematurely.
    • Impact: Data loss, performance degradation, service disruption.
    • Risk Severity: High
    • Mitigation Strategies:
      • Keep TimescaleDB Updated: Apply security patches and updates promptly.
      • Monitor Background Worker Activity: Monitor the activity and resource consumption of background workers.
      • Restrict Permissions: Ensure that the background workers operate with the least necessary privileges.