attack-surface.md

Attack Surface Analysis for bettererrors/better_errors

Attack Surface: Information Disclosure - Environment Variables and Configuration

Description: Exposure of environment variables and application configuration settings.

Better Errors Contribution: better_errors can display environment variables accessible to the application process, potentially revealing sensitive configuration details.

Example: Environment variables containing database credentials (usernames, passwords, connection strings), API keys for external services, or internal service URLs are displayed in the better_errors error page.

Impact: Exposure of credentials can lead to unauthorized access to databases, external services, and internal systems. API key leaks can result in financial loss or service disruption.

Risk Severity: High

Mitigation Strategies:

• Disable in Production: Absolutely disable better_errors in production.
• Secure Credential Management: Use secure methods for managing credentials, such as Rails Encrypted Credentials, environment variable stores with restricted access, or dedicated secret management systems.
• Restrict Access: Limit access to environments where better_errors might be active.

Attack Surface: Information Disclosure - Variable Inspection

Description: Ability to inspect the values of application variables at the point of error.

Better Errors Contribution: better_errors provides an interactive console and variable inspection features, allowing users to explore the application's state and data in memory.

Example: Inspecting a variable during an error reveals sensitive user data loaded from the database, API tokens stored in memory, or internal application state that should not be publicly accessible.

Impact: Exposure of sensitive data stored in variables can lead to privacy breaches, unauthorized access to resources, and a deeper understanding of the application's internal workings for attackers.

Risk Severity: High

Mitigation Strategies:

• Disable in Production: Disable better_errors in production.
• Restrict Access: Limit access to environments where better_errors is active.
• Principle of Least Privilege (Data Access): Minimize the amount of sensitive data loaded into memory unnecessarily.

Attack Surface: Remote Code Execution (RCE) - Interactive Console

Description: Ability to execute arbitrary code on the server hosting the application.

Better Errors Contribution: better_errors provides an interactive Ruby console directly within the error page. This console runs within the application's context and has access to application resources and the underlying server environment.

Example: An attacker gains access to a better_errors page and uses the interactive console to execute commands to read sensitive files on the server, modify database records, or even execute system commands to gain shell access.

Impact: Complete server compromise, data breach, data manipulation, denial of service, and potential lateral movement to other systems within the network.

Risk Severity: Critical

Mitigation Strategies:

• Disable in Production (MANDATORY): Absolutely and unequivocally disable better_errors in production environments.
• Environment Group Configuration: Use Rails environment groups in your Gemfile to ensure better_errors is ONLY included in the development group.
• Strict Access Control: Implement very strict access controls for any non-production environments where better_errors might be enabled.
• Regular Audits: Regularly audit your application's Gemfile and environment configurations.
• Remove Gem in Production (Extreme Precaution): Consider completely removing the better_errors gem from your production deployment process.