Server Side Template Injection in Axum with Firestore

Server Side Template Injection (SSTI) occurs when an attacker can inject template code that is subsequently evaluated by a server-side templating engine. In an Axum application using Firestore as a backend, SSTI can emerge when user-controlled input is passed into a rendering pipeline that dynamically interpolates data into Firestore document paths, map keys, or query structures, and that data is then rendered through a template engine that supports variable substitution or code-like expressions.

Consider a scenario where Axum dynamically constructs a Firestore document path using user input and then renders the retrieved document fields via a templating language such as Tera or Askama. If the document path or field names are derived from unsanitized input and subsequently injected into a template context, an attacker may attempt template injection to manipulate the rendering behavior. For example, if a Firestore document contains structured data that is later rendered in a template without proper escaping, special template syntax (e.g., loops, variable access, or function calls) might be interpreted by the engine, leading to unintended data exposure or logic alteration.

Because Firestore does not execute template code, the injection occurs in the Axum rendering layer, not in Firestore itself. However, Firestore data shapes can inadvertently facilitate injection if document keys or nested maps are used directly in templates. For instance, if a Firestore document contains a map of user profiles keyed by user-supplied identifiers, and those identifiers are used to traverse the map in a template, an attacker might supply path-like syntax to traverse unintended branches of the data tree. While this does not execute arbitrary code within Firestore, it can lead to sensitive data exposure or information disclosure through template context traversal.

Another angle involves query construction. If Axum builds Firestore queries using string interpolation based on user input and then passes query results into templates, malformed or malicious input can distort the expected result set. When combined with weak output encoding in the template layer, this may enable injection-like behavior where attacker-controlled data influences which fields are rendered or how they are structured. The risk is compounded when template helpers or filters are applied to Firestore document fields without strict validation or escaping.

Real-world exploitation chains may involve reconnaissance of Firestore document structures via API responses, followed by targeted template injection attempts to enumerate or exfiltrate data. Because SSTI in this context is about rendering logic rather than database execution, the impact is typically confined to data exposure or rendering manipulation. Nonetheless, such exposure can reveal sensitive operational data, internal identifiers, or configuration details stored in Firestore, especially when documents contain metadata or debug fields.

middleBrick detects this class of issue by correlating OpenAPI specifications with runtime behavior. For Axum services integrating Firestore, it flags contexts where user input flows into template variables that intersect with Firestore-derived data structures. The scanner does not fix the rendering logic but provides precise findings with severity ratings and remediation guidance, helping teams identify and neutralize injection vectors before they reach production.

Remediation focuses on strict separation between data retrieval and presentation, validating and sanitizing all inputs used to construct Firestore paths or keys, and enforcing safe rendering practices within Axum templates. Below are concrete, realistic code examples demonstrating secure patterns.

First, avoid constructing Firestore document references or queries using raw user input. Instead, validate and constrain input against an allowlist. For example, if a document ID is expected to be a numeric identifier, enforce parsing and range checks before using it in Firestore operations:

use axum::{routing::get, Router}; 
use firestore::{FirestoreDb, doc_path}; 
use std::net::SocketAddr; 

async fn get_user_profile(
    user_id: String,
    db: FirestoreDb,
) -> Result {
    // Validate: only allow alphanumeric user IDs of limited length
    if !user_id.chars().all(|c| c.is_alphanumeric()) || user_id.len() > 64 {
        return Err("invalid user_id");
    }
    let doc_ref = doc_path!["users", &user_id];
    db.get_doc(&doc_ref).await.map_err(|_| "db error")
}

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let db = FirestoreDb::new("my-project").await?;
    let app = Router::new().route("/users/:user_id", get(get_user_profile));
    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
    axum::Server::bind(&addr).serve(app.into_make_service()).await?;
    Ok(())
}

Second, when rendering Firestore data in templates, ensure that all dynamic values are explicitly passed as primitive types and that template contexts do not expose entire document maps or mutable structures. Using a strict data transfer object (DTO) pattern prevents template engines from traversing unexpected keys:

use serde::Serialize; 

#[derive(Serialize)]
struct ProfileDto {
    display_name: String,
    email: String,
    avatar_url: String,
}

impl From<firestore::Document> for ProfileDto {
    fn from(doc: firestore::Document) -> Self {
        Self {
            display_name: doc.get_string("display_name").unwrap_or_default(),
            email: doc.get_string("email").unwrap_or_default(),
            avatar_url: doc.get_string("avatar_url").unwrap_or_default(),
        }
    }
}

// In handler:
let dto = ProfileDto::from(doc);
template.render(&Context::from_value(dto).unwrap()).unwrap();

Third, if using a templating engine that supports filters or custom functions, register only safe, whitelisted helpers and disable any automatic variable resolution that could permit path traversal. For Tera, avoid marking maps as safe and do not enable the `loop_errors` feature in a way that exposes raw document structures.

Finally, audit Firestore security rules to ensure that data exposed to the application layer is already constrained. While this does not directly prevent SSTI in the template layer, it limits the scope of data an attacker could potentially enumerate through injection. Combine rule-based access control with strict input validation and output encoding in Axum handlers and templates.

middleBrick’s continuous monitoring and GitHub Action integration can help enforce these practices by scanning Axum endpoints that interact with Firestore and flagging risky patterns before deployment. The Pro plan’s CI/CD pipeline gates allow teams to block merges when findings exceed defined risk thresholds, supporting secure development workflows without relying on speculative mitigation.