Unverified Commit 6735a8b4 authored by Matthew Finkel's avatar Matthew Finkel
Browse files

Update NETWORK_AUDIT_RUBRIC

parent a93a6c96
`git diff esrA esrB` and then go over all the changes containing the
below mentioned potentially dangerous calls and features. Grep the diff for
the following strings and examine surrounding usage.
============ General =============
=============== Native DNS Portion =============
The audit begins at the commit hash where the previous audit ended. Use
code_audit.sh for creating the diff and highlighting potentially problematic
code. The audit is scoped to a specific language (currently C/C++, Rust,
Java/Kotlin, and Javascript).
PR_GetHostByName
PR_GetIPNodeByName
PR_GetAddrInfoByName
PR_StringToNetAddr (itself is good as it passes AI_NUMERICHOST to getaddrinfo. No resolution.)
The output includes the entire patch where the new problematic code was
introduced. Search for "XXX MATCH XXX" to find the next potential violation.
MDNS
TRR (DNS Trusted Recursive Resolver)
code_audit.sh contains the list of known problematic APIs. New usage of these
functions are documented and analyzed in this audit.
Direct Paths to DNS resolution:
nsDNSService::Resolve
nsDNSService::AsyncResolve
nsHostResolver::ResolveHost
============ Firefox General Portion =============
============ Misc Socket Portion ==============
Start: ${previous_base_commit_hash} # ${prev_tag}
End: ${next_base_commit_hash} # ${next_tag}
SOCK_
SOCKET_
_SOCKET
UDPSocket
TCPSocket
PR_NewTCPSocket
AsyncTCPSocket
============ Application Services Portion =============
Misc PR_Socket
Start: ${previous_base_commit_hash} # ${prev_tag}
End: ${next_base_commit_hash} # ${next_tag}
=========== Misc XPCOM Portion ================
============ Android Components Portion =============
Misc XPCOM (including commands for pre-diff review approach)
*SocketProvider
grep -R udp-socket .
grep -R tcp-socket .
grep for tcpsocket
grep -R "NS_" | grep SOCKET | grep "_C"
grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket
Start: ${previous_base_commit_hash} # ${prev_tag}
End: ${next_base_commit_hash} # ${next_tag}
============ Rust Portion ================
============ Fenix Portion =============
Rust
- XXX: What do we grep for here? Or do we rely on Ritter's compile-time tool?
- Check for new sendmsg and recvmsg usage
============ Android Portion =============
Android Java calls
- URLConnection
- XXX: getInputStream? other methods?
- HttpURLConnection
- UrlConnectionDownloader
- ch.boye.httpclientandroidlib.impl.client.* (look for execute() calls)
- grep -n openConnection\( mobile/android/thirdparty/
- java.net.URL -- has SEVERAL proxy bypass URL fetching methods :/
- java.net
- javax.net
- ch.boye.httpclientandroidlib.conn.* (esp ssl)
- ch.boye.httpclientandroidlib.impl.conn.* (esp ssl)
- Sudden appearance of thirdparty libs:
- OkHttp
- Retrofit
- Glide
- com.amitshekhar.android
- IntentHelper
- openUriExternal (can come from GeckoAppShell too)
- getHandlersForMimeType
- getHandlersForURL
- getHandlersForIntent
- android.content.Intent - too common; instead find launch methods:
- startActivity
- startActivities
- sendBroadcast
- sendOrderedBroadcast
- startService
- bindService
- android.app.PendingIntent
- android.app.DownloadManager
- ActivityHandlerHelper.startIntentAndCatch
Start: ${previous_base_commit_hash} # ${prev_tag}
End: ${next_base_commit_hash} # ${next_tag}
============ Regression/Prior Vuln Review =========
Review proxy bypass bugs; check for new vectors to look for:
- https://trac.torproject.org/projects/tor/query?keywords=~tbb-proxy
- https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
- Look for new features like these. Especially external app launch vectors
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment