Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, software catalog Integrations
Docs Pricing
More
News Case studies Ask around Meetups Share your story
The handbook Get your license Schedule a demo
Try it yourself
{{thisPage.meta.articleTitle}}
search

Catch missed authorization checks during software development

{{articleSubtitle}}

| The author's GitHub profile picture

Victor Lyuboslavsky

Share

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Catch missed authorization checks during software development

{{articleSubtitle}}

| The author's GitHub profile picture

Victor Lyuboslavsky

Catch missed authorization checks during software development

Authorization is giving permission to a user to do an action on the server. As developers, we must ensure that users are only allowed to do what they are authorized.

One way to ensure that authorization has happened is to loudly flag when it hasn’t. This is how we do it at Fleet Device Management.

In our code base, we use the go-kit library. Most of the general endpoints are created in the handler.go file. For example:

// user-authenticated endpoints
ue := newUserAuthenticatedEndpointer(svc, opts, r, apiVersions...)

ue.POST("/api/_version_/fleet/trigger", triggerEndpoint, triggerRequest{})

Every endpoint calls kithttp.NewServer and wraps the endpoint with our AuthzCheck. From handler.go:

e = authzcheck.NewMiddleware().AuthzCheck()(e)
return kithttp.NewServer(e, decodeFn, encodeResponse, opts...)

Example check

This means that after the business logic is processed, the AuthzCheck is called. This check ensures that authorization was checked. Otherwise, an error is returned. From authzcheck.go:

// If authorization was not checked, return a response that will
// marshal to a generic error and log that the check was missed.
if !authzctx.Checked() {
    // Getting to here means there is an authorization-related bug in our code.
    return nil, authz.CheckMissingWithResponse(response)
}

This additional check is useful during our development and QA process, to ensure that authorization always happens in our business logic.