flexmeasures icon indicating copy to clipboard operation
flexmeasures copied to clipboard

Published 20 hours ago verified publisher icon FlexMeasures

Read permissions of entities within `flex-model` or `flex-context`

Open victorgarcia98 opened this issue 1 year ago • 2 comments

Currently, the API forbid users to use a storage power sensor that doesn't belong to them. Nonetheless, we are not checking that the entities within the flex-context and flex-model are readable by the user.

This fact could be used in a malicious way:

I think someone could exploit this fact to leak data, specially, inflexible device power. I would follow these steps:

  1. Create a battery that is own by the "attacker" with an very large capacity with initial SOC = 100%
  2. Set a site capacity constraint of 0 which forces the battery to supply the same energy to the inflexible device.
  3. Set an efficiency to 1, constant price and prefer_charge_sooner = False
  4. Add the target device as an inflexible device
  5. Run a storage scheduler

This would make the battery track the power of the inflexible device and would get the data from any sensor.

Adapted from https://github.com/FlexMeasures/flexmeasures/pull/897#discussion_r1396033138

I suggest to create a utility function that checks if a user has the right access the data that is being used.

victorgarcia98 avatar Nov 20 '23 08:11 victorgarcia98