Token Leakage in Chi with Cockroachdb
Token Leakage in Chi with Cockroachdb — how this specific combination creates or exposes the vulnerability
Token leakage in a Chi application using CockroachDB typically occurs when authentication or session tokens are inadvertently exposed in logs, error messages, HTTP responses, or database queries. Because CockroachDB supports connection strings and query parameters that may include sensitive credentials, improper handling in Chi routes can expose these values.
For example, if a Chi endpoint builds a database connection or query using user-supplied input without validation, an attacker might manipulate parameters to cause tokens to be echoed back in responses or written to application logs. Chi’s composability means that middleware or handlers that log request details may inadvertently record authorization tokens present in headers or cookies.
Consider a Chi route that passes a token from an HTTP request into a CockroachDB query string via string concatenation. If the token contains special characters or if the application does not enforce strict input validation, the token may be reflected in query results or error output. This can violate the principle of least privilege and enable token replay or lateral movement within your infrastructure.
Another scenario involves session management: storing session tokens in client-side cookies without the HttpOnly and Secure flags, or failing to rotate tokens after privilege changes, increases the risk of leakage through cross-site scripting or network interception. CockroachDB’s SQL interface does not inherently sanitize tokens; therefore, it is the application’s responsibility to ensure tokens are handled safely before they reach the database layer.
Additionally, if your Chi application uses environment variables or configuration files to inject database credentials, ensure these are not exposed through debug endpoints or error pages. A misconfigured route that returns internal configuration can disclose connection strings containing tokens that grant access to CockroachDB.
Cockroachdb-Specific Remediation in Chi — concrete code fixes
Remediation focuses on preventing tokens from being logged, echoed, or improperly passed to CockroachDB. Use parameterized queries to separate SQL logic from data, and avoid constructing SQL strings with raw token values.
Example: Safe database connection and query handling in Chi
// src/main.chi
import { chi } from "@/chi/chi.ts";
import { Client } from "https://deno.land/x/[email protected]/mod.ts";
const client = new Client({
hostname: Deno.env.get("COCKROACH_HOST") || "localhost",
port: parseInt(Deno.env.get("COCKROACH_PORT") || "26257"),
user: Deno.env.get("COCKROACH_USER"),
password: Deno.env.get("COCKROACH_PASSWORD"),
database: Deno.env.get("COCKROACH_DB"),
});
const app = chi();
// Secure endpoint that uses parameterized queries
app.get("/user/profile/:userID", async (ctx) => {
const userID = ctx.params.userID;
// Do NOT interpolate tokens or user input into SQL strings
const result = await client.queryObject(
`SELECT id, display_name FROM users WHERE id = $1`,
[userID]
);
ctx.response.body = result.rows;
});
// Example: Avoid logging tokens
app.use(async (ctx, next) => {
// Safe: log only metadata, not auth headers
console.log(`[${new Date().toISOString()}] ${ctx.request.method} ${ctx.request.url.pathname}`);
await next();
});
await app.listen({ port: 8080 });
Key practices:
- Use environment variables for CockroachDB credentials and never commit them to version control.
- Always use placeholders (
$1,$2) in SQL statements instead of string concatenation. - Set
HttpOnly,Secure, andSameSiteattributes on session cookies. - Ensure error handlers do not return stack traces or internal configuration that may contain tokens.