Insufficient encapsulation

Encapsulation is the practice of bundling related data and functions into a single unit, usually called an "object". Insufficient encapsulation occurs when an object's properties and methods are not properly contained within the object, allowing external code to access or modify them in unintended ways.

Insufficient encapsulation is generally considered to be a poor coding practice that can lead to vulnerabilities, rather than being a vulnerability in and of itself.

In this lesson, you will learn about vulnerabilities stemming from insufficient encapsulation and how to protect your applications against them. We will step into the shoes of an inexperienced developer at a bank who discovers and remediates an instance of insufficient encapsulation in their own application.

Buddy was thrilled to land his first job as a developer at Saturn Bank right after graduating from university. He was assigned to work on a major project to overhaul the bank's outdated code that handled money transfers.

The bank began to notice strange activity. Many accounts were suddenly able to draw money out of their account into negative values. This caused widespread panic among the bank's customers and led to a huge loss of trust in the bank's security and stability.

Buddy worked closely with the bank's security team to investigate the issue and ultimately discovered that the problem was caused by a lack of encapsulation in his code.

So, what exactly went wrong here? Here's the relevant code snippet:

In this code, the balance variable in the account class is not sufficiently encapsulated because it can be directly accessed and modified by the transfer function, which is not intended behavior. Buddy naively wrote a transfer() function which accesses the balance directly, not considering that this variable could become negative.

Because he edited the balance directly, instead of using the withdraw() and deposit() functions, there are no checks in place to ensure that the sender account has enough funds to make the transfer before executing it.

Insufficient encapsulation is not a vulnerability in itself, but it does encourage and allow poor coding practices. The impact will vary widely depending on the context and application.

When designing classes, it's best to follow the principle of least privilege. Treat all properties as private unless there is a specific need to make them protected or public. Then, write accessors (setter and getter functions) to access or modify the values. This way, the only way that properties in the class can be accessed is through the accessor functions, which may include validation and sanity checks.

The code example above could be mitigated by making the balance property private, meaning that it could only be accessed via the withdraw and deposit functions, which contain a check to ensure that the balance will not go below zero.

Then, the transfer function could be modified to use the withdraw and deposit functions, like this:

To learn more about insufficient encapsulation, check out the following links:

• Check out the official CWE-1061
• Learn more about objects, properties, and methods here: https://www.w3schools.com/js/js_objects.asp