Skip to content

Latest commit

 

History

History
31 lines (24 loc) · 3.94 KB

threat-modeling.md

File metadata and controls

31 lines (24 loc) · 3.94 KB

Threat Model Analysis for typicode/json-server

Threat: Unauthorized Data Access and Modification

  • Description: An attacker sends HTTP requests (GET, POST, PUT, PATCH, DELETE) to the json-server endpoint without any authentication. Because json-server itself provides no built-in authentication mechanisms, any request is treated as authorized. The attacker can read, create, modify, or delete any data in the db.json file using standard HTTP tools.
  • Impact: Complete compromise of data confidentiality, integrity, and availability. The attacker can steal, modify, or delete all data managed by json-server.
  • Affected Component: The core json-server module, specifically the request handling logic for all HTTP verbs (GET, POST, PUT, PATCH, DELETE). This is a direct consequence of json-server's design, which prioritizes simplicity over built-in security.
  • Risk Severity: Critical
  • Mitigation Strategies:
    • Implement authentication and authorization before requests reach json-server. This must be done externally, using a reverse proxy (Nginx, Apache with authentication modules) or a custom Node.js application wrapping json-server with authentication middleware (e.g., Passport.js). json-server cannot be secured on its own.
    • Do not expose json-server directly to untrusted networks (like the internet).

Threat: Data Corruption via Unvalidated Input

  • Description: An attacker sends malicious or malformed JSON data in POST, PUT, or PATCH requests. json-server itself performs no validation on the structure or content of incoming JSON data. It blindly writes whatever it receives to the db.json file. This can lead to invalid JSON, data exceeding size limits, or data violating the application's intended schema.
  • Impact: Data integrity violation. The db.json file can become corrupted, rendering the API and potentially the application using it unusable.
  • Affected Component: The json-server request handling logic for POST, PUT, and PATCH requests, specifically the part that writes data to db.json. This is a direct result of json-server's lack of input validation.
  • Risk Severity: High
  • Mitigation Strategies:
    • Implement input validation and sanitization before requests reach json-server. This must be done externally. Use a schema validation library (e.g., Joi, Ajv) within a custom middleware or a reverse proxy to enforce data types, structures, and size limits.

Threat: Execution with Excessive Privileges

  • Description: json-server is run with root or administrator privileges. If a vulnerability were to be discovered in json-server itself or one of its dependencies (even a seemingly minor one), an attacker could potentially exploit it to gain those elevated privileges. While this isn't a current known vulnerability in json-server, it's a critical risk if the principle of least privilege is violated.
  • Impact: Potential for complete system compromise. If a vulnerability is exploited, the attacker could gain full control of the server.
  • Affected Component: The entire json-server process and, by extension, the operating system it's running on. This highlights the importance of least privilege, even for seemingly simple tools.
  • Risk Severity: High (due to the potential impact if a vulnerability were found)
  • Mitigation Strategies:
    • Run json-server with the least privilege necessary. Never run it as root or an administrator. Create a dedicated, unprivileged user account specifically for running json-server.
    • Use containerization (e.g., Docker) to isolate json-server and limit its access to the host system's resources. This provides an additional layer of defense even if json-server is compromised.