A potential authorization bypass vulnerability was identified. The issue exists in the StorageIo.java file's user validation mechanism.
Affected Component: File:
Function: getUser()
Vulnerable code/insufficient validation of user access rights:
public String getUser(String userId, String projectId) {
Query query = new Query(ProjectData.kind);
query.setAncestor(projectKey);
Entity projectEntity = datastore.prepare(query).asSingleEntity();
String owner = (String) projectEntity.getProperty("owner");
if (owner.equals(userId)) {
return owner;
}
}
Issue: Insufficient validation of user access rights.
What can go wrong/Vulnerabilities: Simple string comparison for ownership validation, and there is also no session state validation which is included.
We should add a session validation and we can implement a proper authentication state verification.