WeChat Small Program Safety Guidelines General

General

Interface forensics

Interface forensics refers to the background interface (including self-built background interface and cloud functions) when called, the interface call needs to be permission verification, otherwise it is easy to oversances behavior. For example, if the product deletes the interface, the background should verify the caller's identity information (such as openid, ip address, developer-customized login information, etc.) when receiving the request, and only the specified user can delete it by verifying.

Overseering is usually divided into parallel and vertical overspending:

• Parallel oversthering
  Parallel oversthring refers to oversethering between the same roles. A1, A2 are ordinary users, A1 by requesting the background interface userinfo .php?id=A1 to obtain user A1's own information, if userinfo.php did not carry out permission verification, user A1 change the request to userinfo.php?id=A2 can obtain A2 user information, resulting in the disclosure of A2 user information.
• Vertical oversthering
  Vertical oversthering refers to overspending between different roles. B1 is the administrator, B2 is the normal user, administrator B1 can get all registered users' information by requesting the background interface getall.php.php userinfo.php

Development recommendations:

1. Sensitive data, capability-related interfaces need to be forensics in the background. Information such as openid, IP address, custom landing status, etc. can usually be verified.
2. The authentication logic should be in the background, and should not be replaced by hidden pages, hidden buttons, etc. in the front end of the applet.Referring to the principle 4.
3. Authentication code example (for reference only)
   1. Self-built background
      

      function actionDelete(){
          $item_id = $_POST["item_id"]; 
          $openid = $_POST["openid"];
          $ip = $_SERVER['REMOTE_ADDR'];
          $user_role = $_SESSION["user_role"];
          if ($openid === "xxx" &&
              $ip === "192.168.0.101" &&
              $user_role === "admin") {
                  // 进行删除操作
                  // ...
                  return 0;
              } else {
                  // 记录非法请求
                  // ...
                  return -1;
              }
      }

   2. Cloud function interface authentication

      exports.main = async (event, context) => {
          const { OPENID, APPID, UNIONID } = cloud.getWXContext();
          if (OPENID === "xxx") {
              // 进行删除操作
              // ...
          } else {
              // 记录非法请求
              // ...
          }
      }

Code management and leaks

1. When you use version management tools such as git, svn, etc., directories such as .git are generated. S ome editors or software also generate temporary files during operation. Source code leaks can occur if these directories or files are brought to production.
2. When using a small program code management platform or a third-party platform such as github, you need to be aware of project permissions and not expose sensitive, internal projects.

Development recommendations:

1. Back up files and files generated by version management tools do not sync to the Web directory.
2. External access to directories and files such as .git is prohibited.
3. Configure appropriate access rights within a management platform such as a small program code management platform.

Small program

Information disclosure

Sensitive information refers to data that, in the event of disclosure, may be detrimental to the developer's business, partners, and users, including, but not limited to, account appsecret, privileged account information, background encryption keys, login account passwords, user ID numbers, mobile phone numbers, bank card numbers, etc.

Development recommendations:

1. Sensitive information should not appear in small program files in clear text, comments, reversible encoding (e.g. base64), unsafe hash functions (e.g. MD5, SHA1), etc.
2. Some sensitive information, such as the user's bank card number, mobile phone number, etc. need to be used for display, need to be desensited. T he common desensitation specifications are as follows:
   

   Sensitive information type	Show samples
   Name	The name has only two words, code the first word, such as: three. More than two words, only retain the first and last, the rest are coded, such as: Wang, four, Europe, five
   Id	Only the first and last places are displayed, such as: 3
   Mobile phone number	After removing the international code of the mobile phone, when the number of mobile phone numbers is not less than 10 digits, only the first three and last two digits are displayed, such as: 156, 77. W hen the number of phone numbers is less than 10 digits, only the first two and the last two are displayed, such as: 12 x 89. The country code can be fully displayed.
   Bank card	Only the last 4 bits are displayed, e.g. 1234

3. If there is a problem of sensitive information leakage of the small program, WeChat open platform will have the possibility to take off the small program, and suspend the small program related services.