Skip to content

Latest commit

 

History

History
127 lines (97 loc) · 10.6 KB

mitigations.md

File metadata and controls

127 lines (97 loc) · 10.6 KB

Mitigation Strategies Analysis for valyala/fasthttp

Mitigation Strategy: Strict Header Validation (within fasthttp Handlers)

  • Mitigation Strategy: Strict Header Validation (within fasthttp Handlers)

    • Description:

      1. Identify Critical Headers: Determine which HTTP headers are crucial for security and application logic within the context of your fasthttp application (e.g., Content-Length, Transfer-Encoding, Host, Content-Type).
      2. Implement Validation Functions: Create dedicated functions within your fasthttp request handlers to validate each critical header. These functions should:
        • Access header values using fasthttp's API (e.g., ctx.Request.Header.Peek("Content-Length")).
        • Check for the presence/absence of the header as required.
        • Verify the header's format against RFC specifications and application-specific rules. Use regular expressions or dedicated parsing libraries where appropriate.
        • Handle multiple occurrences of the header (e.g., reject requests with multiple Content-Length headers). fasthttp provides methods like VisitAll to iterate over headers.
        • Handle potentially conflicting headers (e.g., Content-Length vs. Transfer-Encoding).
      3. Integrate Validation: Call these validation functions within the fasthttp request handler before processing the request body or performing any sensitive operations. Use ctx.Error to immediately return an error if validation fails.
      4. Reject Invalid Requests: If any header validation fails, immediately return an appropriate HTTP error response using ctx.Error(fasthttp.StatusBadRequest, "Invalid Header"). Do not proceed with request processing.
      5. Regularly Review and Update: Periodically review the header validation logic to ensure it remains up-to-date.

    • Threats Mitigated:

      • Request Smuggling (High Severity): Prevents attackers from injecting malicious requests by exploiting inconsistencies in header parsing, specifically within fasthttp's handling.
      • Header Injection (High Severity): Mitigates attacks where malicious headers are injected to bypass security controls or manipulate application logic, focusing on vulnerabilities within fasthttp.
      • HTTP Parameter Pollution (Medium Severity): Can help prevent attacks that exploit multiple occurrences of the same header, as handled by fasthttp.

    • Impact:

      • Request Smuggling: Risk significantly reduced (from High to Low, assuming proper implementation and testing, focusing on fasthttp's internal handling).
      • Header Injection: Risk significantly reduced (from High to Low, within the context of fasthttp).
      • HTTP Parameter Pollution: Risk reduced (from Medium to Low, as handled by fasthttp).

    • Currently Implemented:

      • Basic Content-Length check in requestHandler function (prevents excessively large bodies) using ctx.Request.Header.ContentLength().
      • Host header validation against a whitelist in the validateHost function, using ctx.Request.Header.Host().

    • Missing Implementation:

      • Comprehensive Transfer-Encoding validation (especially for chunked encoding) is missing. This is a critical gap. Needs to be implemented in a new function, validateTransferEncoding, using ctx.Request.Header.Peek("Transfer-Encoding") and ctx.Request.Header.VisitAll, and called within requestHandler.
      • Validation of other headers like Content-Type is basic and needs to be more robust, using fasthttp's header access methods.
      • No specific handling of multiple header occurrences (except for a basic check on Content-Length). Needs to be added to all header validation logic, utilizing ctx.Request.Header.VisitAll.

Mitigation Strategy: fasthttp.Server Configuration for Resource Control

  • Mitigation Strategy: fasthttp.Server Configuration for Resource Control

    • Description:

      1. Analyze Resource Usage: Profile the fasthttp application under load to identify potential bottlenecks and resource limits.
      2. Configure fasthttp.Server: Directly within the code that initializes the fasthttp.Server, set appropriate values for the following parameters:
        • MaxConnsPerIP: Limit connections per IP using this fasthttp.Server setting.
        • MaxRequestsPerConn: Limit requests per connection using this setting.
        • Concurrency: Limit overall concurrent connections.
        • ReadTimeout, WriteTimeout, IdleTimeout: Set timeouts to prevent slow clients.
        • MaxRequestBodySize: Limit request body size.
        • MaxHeaderBytes: Limit the size of request headers.
      3. Monitor and Adjust: Continuously monitor resource usage and adjust the configuration parameters as needed.

    • Threats Mitigated:

      • Denial of Service (DoS) (High Severity): Prevents attackers from overwhelming the fasthttp server with requests, exhausting resources.
      • Slowloris Attacks (Medium Severity): Mitigates attacks that hold connections open for extended periods, leveraging fasthttp's timeout settings.
      • Large Request Body Attacks (Medium Severity): Prevents attackers from sending massive request bodies to consume memory, directly controlled by fasthttp.Server.MaxRequestBodySize.
      • Large Header Attacks (Medium Severity): Prevents attacks using excessively large headers, controlled by fasthttp.Server.MaxHeaderBytes.

    • Impact:

      • DoS: Risk significantly reduced (from High to Medium, depending on the attack and configuration).
      • Slowloris Attacks: Risk reduced (from Medium to Low).
      • Large Request Body Attacks: Risk reduced (from Medium to Low).
      • Large Header Attacks: Risk reduced (from Medium to Low).

    • Currently Implemented:

      • MaxRequestBodySize is set in the main function when initializing the fasthttp.Server.
      • ReadTimeout, WriteTimeout, and IdleTimeout are configured.

    • Missing Implementation:

      • MaxConnsPerIP, MaxRequestsPerConn, and Concurrency are not explicitly configured. These need to be explicitly set in the fasthttp.Server initialization in main.
      • MaxHeaderBytes is not set. Add to fasthttp.Server initialization.

Mitigation Strategy: Safe fasthttp Byte Slice Handling

  • Mitigation Strategy: Safe fasthttp Byte Slice Handling

    • Description:

      1. Identify fasthttp Byte Slice Sources: Identify all points in the code where byte slices are obtained from fasthttp's API (e.g., ctx.Request.Header.Peek, ctx.PostBody(), ctx.FormValue()).
      2. Copy Data When Needed: If the data from these fasthttp-provided byte slices needs to be used after the fasthttp request handler (ctx's lifetime) returns, always create a copy. Use append([]byte{}, slice...) or copy(dst, src).
      3. Avoid Global References: Never store direct references to fasthttp byte slices in global variables or long-lived data structures. The memory may be reused by fasthttp.
      4. Code Review: Conduct thorough code reviews, specifically focusing on how byte slices obtained from fasthttp are used.
      5. Fuzz test fasthttp handlers: Use a fuzzer to generate various inputs and test if application is handling byte slices correctly.

    • Threats Mitigated:

      • Data Corruption (High Severity): Prevents unexpected modification of data due to fasthttp reusing byte slices.
      • Information Disclosure (Medium Severity): Reduces the risk of leaking sensitive data if fasthttp's internal byte slices are inadvertently exposed.
      • Application Instability (Medium Severity): Prevents crashes or unexpected behavior caused by incorrect handling of fasthttp's byte slices.

    • Impact:

      • Data Corruption: Risk significantly reduced (from High to Low).
      • Information Disclosure: Risk reduced (from Medium to Low).
      • Application Instability: Risk reduced (from Medium to Low).

    • Currently Implemented:

      • Some instances of copying byte slices are present (e.g., when logging request bodies).

    • Missing Implementation:

      • A systematic review of all fasthttp byte slice usage is missing. This needs to be performed across the entire codebase.
      • No fuzz testing is currently implemented.

Mitigation Strategy: Avoid Deprecated/Unsafe fasthttp Functions

  • Mitigation Strategy: Avoid Deprecated/Unsafe fasthttp Functions

    • Description:

      1. Review fasthttp Documentation: Carefully review the fasthttp documentation and identify any deprecated or unsafe functions within the fasthttp library itself.
      2. Code Audit: Perform a code audit to identify any instances of these fasthttp functions being used.
      3. Replace with Safe Alternatives: Replace any deprecated or unsafe fasthttp functions with their recommended safe alternatives, as provided in the fasthttp documentation.
      4. Regularly Check for Updates: Periodically check the fasthttp documentation for new deprecations or warnings, especially after updating the fasthttp library.

    • Threats Mitigated:

      • Various Vulnerabilities (Severity Varies): Mitigates vulnerabilities that might be present in deprecated or unsafe functions within the fasthttp library. The specific threats depend on the function.
      • Maintainability Issues (Low Severity): Improves maintainability.

    • Impact:

      • Various Vulnerabilities: Risk reduced (severity depends on the specific vulnerability).
      • Maintainability Issues: Risk reduced (from Low to Negligible).

    • Currently Implemented:

      • A basic check for RequestCtx.URI().FullURI() usage was performed.

    • Missing Implementation:

      • A comprehensive audit for all deprecated or unsafe fasthttp functions is missing. This needs to be performed regularly.