Add Privacy Request Input Sanitization

[ThomasLaPiana]

Closes https://github.com/ethyca/security-issues/issues/3
Closes https://github.com/ethyca/security-issues/issues/4

Code Changes

• create a PhoneNumber class with validation that can be reused across the application
• update phone number fields to use the new class
• update email fields to use EmailStr instead of str
• create a custom SafeStr class that sanitizes input values
• add testing for new classes
• Update the privacy request schemas to use SafeStr in place of str

Steps to Confirm

• confirm that the above-linked issues have been fixed
• poke around at other endpoints

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
  • documentation issue created in fidesdocs
• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md

Description Of Changes

This PR adds new custom types designed to improve automatic validation and sanitization of user input data. It also applies these new custom types to the privacy request endpoints to remediate the above-linked issues

[cypress]

Passing run #813 ↗︎

0	3	0	0	0
⚠️ You've recorded test results over your free plan limit. Upgrade your plan to view test results.

Details:

Merge 5c1b583 into cf7bcd2...
Project: fides	Commit: 6e7d3938b4 ℹ️
Status: Passed	Duration: 00:39 💡
Started: Mar 15, 2023 8:49 AM	Ended: Mar 15, 2023 8:50 AM

_{This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.}

[codecov]

Codecov Report

Patch coverage: 91.66% and project coverage change: +0.20 🎉

Comparison is base (5194405) 86.53% compared to head (5c1b583) 86.73%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2655      +/-   ##
==========================================
+ Coverage   86.53%   86.73%   +0.20%     
==========================================
  Files         291      295       +4     
  Lines       16488    16753     +265     
  Branches     2118     2145      +27     
==========================================
+ Hits        14268    14531     +263     
  Misses       1819     1819              
- Partials      401      403       +2     

Impacted Files	Coverage Δ
src/fides/api/custom_types.py	84.00% <84.00%> (ø)
.../ops/api/v1/endpoints/consent_request_endpoints.py	88.51% <100.00%> (+1.18%)	⬆️
...ction_configuration/connection_secrets_bigquery.py	100.00% <100.00%> (ø)
...nnection_configuration/connection_secrets_email.py	100.00% <100.00%> (ø)
src/fides/api/ops/schemas/drp_privacy_request.py	100.00% <100.00%> (ø)
src/fides/api/ops/schemas/messaging/messaging.py	97.79% <100.00%> (-0.05%)	⬇️
src/fides/api/ops/schemas/privacy_request.py	100.00% <100.00%> (ø)
src/fides/api/ops/schemas/redis_cache.py	100.00% <100.00%> (+10.52%)	⬆️
src/fides/api/ops/schemas/registration.py	100.00% <100.00%> (ø)

... and 23 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[ThomasLaPiana]

@RobertKeyser @daveqnet would you mind giving me some examples here of clearly dangerous/invalid user input so I can use them for test cases? I trust y'all here as the experts 😄 thank you!

[daveqnet]

@RobertKeyser @daveqnet would you mind giving me some examples here of clearly dangerous/invalid user input so I can use them for test cases? I trust y'all here as the experts 😄 thank you!

Hmmm, it's a tricky one, as what constitutes dangerous input depends on what the input is being used for. Does the guidance here help: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/ ?

I'll also try to provide you a few examples of some real injection vulnerabilities from non-fides penetration tests to help.

[NevilleS]

Couple comments. But there's lots of other APIs to consider - here are a couple examples:

• User.username, User.first_name, User.last_name
• System.name, System.description (plus Dataset, DataCategory... all Resource models)
• Organization has many string fields (name, description, controller.name...)
• ...?

[pattisdr]

If you're just looking for a list of our API endpoints that accept strings in the request body, I'd assume the majority do, too many to just list here.

Most of the ops schemas are here:
https://github.com/ethyca/fides/tree/main/src/fides/api/ops/schemas

If you're just trying to make a list to work from, you might write a script that goes through the contents of http://localhost:8080/openapi.json, for each request looks for the requestBody key and gets the schema from there - lots of recursion.

[ThomasLaPiana]

based on the feedback here, it sounds like the safest way to go about things here is to update every string to use InputStr and see where that lands us...

Additionally, logging around when values get truncated would be helpful for debugging

[galvana]

@ThomasLaPiana I know the unsafe tests aren't being run in Github but let's make sure we run those to make sure we don't break any connector integrations with this change.

[ThomasLaPiana]

quick update: I can't test the specific fixes I made because I'm not sure how to use the local test env. It now requires privacy request configurations. Will message in slack and try to get this sorted

an update to the update: Adam got me pointed in the right direction, I wasn't leveraging the special .env properly

[ThomasLaPiana]

Both security issues confirmed closed. Cleaning up now and merging

[ThomasLaPiana]

Patch coverage is lacking but overall coverage is up, we're calling this one a win 🙃

Failing tests are known-failing, considering this good to merge