HIGH pii leakagechifirestore

Pii Leakage in Chi with Firestore

Scan for pii leakage in chi

Pii Leakage in Chi with Firestore — how this specific combination creates or exposes the vulnerability

Chi is a lightweight, functional web framework for Clojure, commonly used to build HTTP services with minimal overhead. When Chi endpoints interact with Google Firestore without explicit field-level controls, PII leakage can occur because Firestore documents often store sensitive attributes (email, phone, national ID, or health information) and Chi routes may return entire documents by default. In a black-box scan, middleBrick tests the unauthenticated attack surface and checks whether responses include PII; a Chi + Firestore service that exposes user documents without masking or filtering can receive a high-risk finding.

Firestore security rules can inadvertently permit broad read access, and Chi routes can propagate those documents over JSON without redaction. For example, a route that calls firestore-get-document and returns the map as JSON may expose fields such as :user/email or :user/ssn. Even if Firestore rules restrict some paths, misconfigured rules or overprivileged service accounts used by Chi services can allow enumeration or retrieval of sensitive fields. middleBrick’s Data Exposure check looks for endpoints returning PII in unauthenticated responses, and the LLM/AI Security checks ensure AI-facing endpoints do not leak system prompts or training data that could include PII stored in Firestore.

Another angle is schema design: storing nested objects or arrays that contain PII without applying field-level encryption or access controls increases risk. Firestore’s flexible document model can lead to accidental inclusion of sensitive keys when Chi handlers serialize query results. middleBrick runs checks against OpenAPI specs (if provided) and runtime behavior to detect whether responses contain patterns resembling PII, such as email regex matches or key names like email, phone, or password. Findings include severity, the specific route, and remediation guidance to reduce exposure.

Firestore-Specific Remediation in Chi — concrete code fixes

Remediation focuses on minimizing data exposure in Chi handlers and tightening Firestore rules. Prefer selective field retrieval and transformation before serialization, and avoid returning raw Firestore documents directly.

Chi handler with selective field projection

(ns app.routes.user
  (:require [compojure.core :refer [GET]]
            [ring.util.response :as resp]
            [taoensso.timbre :as log]))

(defn safe-user-handler [request]
  (let [uid (get-in request [:params :id])
        doc (firestore/get-document "users" uid)]
    (if doc
      (let [safe-map {:email (:email doc)
                      :name (:name doc)
                      :role (:role doc)}]
        (resp/json-response safe-map))
      (resp/not-found "User not found"))))

Firestore security rules example

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read: if request.auth != null && request.auth.uid == userId;
      allow write: if request.auth != null && request.auth.uid == userId;
    }
    match /public/{document=**} {
      allow read: if true;
      allow write: if false;
    }
  }
}

Chi handler with Firestore query filtering

(ns app.routes.profile
  (:require [compojure.core :refer [GET POST]]
            [ring.util.response :as resp]
            [taoensso.timbre :as log]))

(defn list-profiles []
  (let [snapshot (firestore/query-collection "profiles"
                            {:where [[:active "==" true]
                                     :select [:display_name :avatar_url]])}
        results (mapv (fn [doc]
                        {:display_name (get doc :display_name)
                         :avatar_url   (get doc :avatar_url)})
                      snapshot)]
    (resp/json-response results)))

CI/CD integration

Use the middleBrick GitHub Action to add API security checks to your CI/CD pipeline and fail builds if the security score drops below your threshold. This helps catch regressions that could reintroduce PII exposure before deployment.

For continuous monitoring, the Pro plan includes scheduled scans and alerts, which can notify teams via Slack or Teams when a Chi endpoint begins returning sensitive fields. The CLI tool supports scripted scans: middlebrick scan https://api.example.com, producing JSON output suitable for integration into build pipelines.

When using the MCP Server, you can scan APIs directly from your AI coding assistant, which can prompt for safer field selection patterns and highlight risky document structures during development.

Related CWEs: dataExposure

CWE IDNameSeverity
CWE-200Exposure of Sensitive Information HIGH
CWE-209Error Information Disclosure MEDIUM
CWE-213Exposure of Sensitive Information Due to Incompatible Policies HIGH
CWE-215Insertion of Sensitive Information Into Debugging Code MEDIUM
CWE-312Cleartext Storage of Sensitive Information HIGH
CWE-359Exposure of Private Personal Information (PII) HIGH
CWE-522Insufficiently Protected Credentials CRITICAL
CWE-532Insertion of Sensitive Information into Log File MEDIUM
CWE-538Insertion of Sensitive Information into Externally-Accessible File HIGH
CWE-540Inclusion of Sensitive Information in Source Code HIGH
Scan for pii leakage in chi Free API security scan

Frequently Asked Questions

How does middleBrick detect PII leakage in Chi endpoints using Firestore?
middleBrick performs black-box scans against unauthenticated attack surfaces, inspecting runtime responses for PII patterns (email, phone, SSN). If a Chi + Firestore endpoint returns sensitive fields in JSON without filtering, it is flagged with severity and remediation guidance. The tool also checks Firestore rules when provided and analyzes OpenAPI specs to correlate expected data shapes with observed outputs.
Can middleBrick integrate into CI/CD to prevent PII leakage regressions in Chi services?
Yes. The GitHub Action can add API security checks to your CI/CD pipeline and fail builds if the security score drops below your threshold. This helps prevent merges that would expose PII via Firestore-backed Chi endpoints.

Related Pages

Pii Leakage in ChiPII leakage in Chi applications exposes sensitive data through API responses, error messages, and improper data handlingPii Leakage in FirestoreFirestore PII leakage: security rule vulnerabilities, enumeration attacks, and remediation using encryption, enhanced ruPii Leakage in Chi on CloudflareLearn how PII leakage manifests in Chi apps behind Cloudflare, and implement concrete Cloudflare and Chi fixes to prevenPii Leakage in Chi on AzureExplore Pii Leakage in Chi with Azure, including detection and Azure-specific remediation with code examples.Iso 27001: Pii Leakage in ChiISO 27001 in PII Leakage with Chi: risks from access control, logging, encryption, and change management; Chi-specific fHipaa: Pii Leakage in ChiExplore HIPAA-related PII leakage risks in Chi APIs, with remediation examples for authorization, logging, and encryptioCis: Pii Leakage in ChiExplore how Chi schemas can contribute to Pii Leakage, and apply concrete Chi code fixes to protect sensitive data in APPii Leakage in Chi with Jwt TokensLearn how PII leakage occurs with JWT tokens in Chi APIs and apply concrete code fixes to protect identity data.Gdpr: Pii Leakage in ChiLearn how GDPR intersects with PII leakage in Chi-based APIs, with concrete code fixes to redact and validate personal dPii Leakage in Chi with Basic AuthLearn how PII leakage occurs with Chi and Basic Auth, and apply concrete Basic Auth code fixes to protect sensitive dataPii Leakage in Chi with Api KeysLearn how Pii Leakage with Api Keys manifests in Chi applications, and apply concrete code fixes to keep credentials andPii Leakage in Chi with Mutual TlsPii Leakage in Chi with Mutual Tls — causes and concrete code fixes for mTLS configuration and route handling.