Skip to content

FF117 Audit

General

The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript).

The output includes the entire patch where the new problematic code was introduced. Search for XXX MATCH XXX to find the next potential violation.

code_audit.sh contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit.

Firefox: https://github.com/mozilla/gecko-dev.git

  • Start: ff486626d0de0e7f34d65ef000c657080ddf564d ( FIREFOX_116_0_3_RELEASE )
  • End: 6f3830e39c76ae6d0ab19b4f9289d434d424cbe3 ( FIREFOX_117_0_RELEASE )

Languages:

  • java
  • cpp
  • js
  • rust

Nothing of interest (using code_audit.sh)

OR

foreach PROBLEMATIC_HASH:

$(PROBLEMATIC_HASH)

  • Summary
  • Review Result: (SAFE|BAD)

Application Services: https://github.com/mozilla/application-services.git

  • Start: $(FIRST_GIT_HASH) ( $(START_TAG) )
  • End: $(LAST_GIT_HASH) ( $(END_TAG) )

Languages:

  • java
  • cpp
  • js
  • rust

Nothing of interest (using code_audit.sh)

OR

foreach PROBLEMATIC_HASH:

$(PROBLEMATIC_HASH)

  • Summary
  • Review Result: (SAFE|BAD)

Export

  • Export Report and save to tor-browser-spec/audits
Edited by morgan
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information