commit 6735a8b4b3fda67088089c5a06b8ba25d2f89a44 Author: Matthew Finkel sysrqb@torproject.org Date: Tue Feb 9 19:29:32 2021 +0000
Update NETWORK_AUDIT_RUBRIC --- audits/NETWORK_AUDIT_RUBRIC | 93 +++++++++++---------------------------------- 1 file changed, 22 insertions(+), 71 deletions(-)
diff --git a/audits/NETWORK_AUDIT_RUBRIC b/audits/NETWORK_AUDIT_RUBRIC index b58bb49..a755b64 100644 --- a/audits/NETWORK_AUDIT_RUBRIC +++ b/audits/NETWORK_AUDIT_RUBRIC @@ -1,88 +1,39 @@ -`git diff esrA esrB` and then go over all the changes containing the -below mentioned potentially dangerous calls and features. Grep the diff for -the following strings and examine surrounding usage. +============ General =============
-=============== Native DNS Portion ============= +The audit begins at the commit hash where the previous audit ended. Use +code_audit.sh for creating the diff and highlighting potentially problematic +code. The audit is scoped to a specific language (currently C/C++, Rust, +Java/Kotlin, and Javascript).
-PR_GetHostByName -PR_GetIPNodeByName -PR_GetAddrInfoByName -PR_StringToNetAddr (itself is good as it passes AI_NUMERICHOST to getaddrinfo. No resolution.) +The output includes the entire patch where the new problematic code was +introduced. Search for "XXX MATCH XXX" to find the next potential violation.
-MDNS -TRR (DNS Trusted Recursive Resolver) +code_audit.sh contains the list of known problematic APIs. New usage of these +functions are documented and analyzed in this audit.
-Direct Paths to DNS resolution: -nsDNSService::Resolve -nsDNSService::AsyncResolve -nsHostResolver::ResolveHost +============ Firefox General Portion =============
-============ Misc Socket Portion ============== +Start: ${previous_base_commit_hash} # ${prev_tag} +End: ${next_base_commit_hash} # ${next_tag}
-SOCK_ -SOCKET_ -_SOCKET -UDPSocket -TCPSocket - PR_NewTCPSocket - AsyncTCPSocket +============ Application Services Portion =============
-Misc PR_Socket +Start: ${previous_base_commit_hash} # ${prev_tag} +End: ${next_base_commit_hash} # ${next_tag}
-=========== Misc XPCOM Portion ================ +============ Android Components Portion =============
-Misc XPCOM (including commands for pre-diff review approach) - *SocketProvider - grep -R udp-socket . - grep -R tcp-socket . - grep for tcpsocket - grep -R "NS_" | grep SOCKET | grep "_C" - grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket +Start: ${previous_base_commit_hash} # ${prev_tag} +End: ${next_base_commit_hash} # ${next_tag}
-============ Rust Portion ================ +============ Fenix Portion =============
-Rust - - XXX: What do we grep for here? Or do we rely on Ritter's compile-time tool? - - Check for new sendmsg and recvmsg usage - -============ Android Portion ============= - -Android Java calls - - URLConnection - - XXX: getInputStream? other methods? - - HttpURLConnection - - UrlConnectionDownloader - - ch.boye.httpclientandroidlib.impl.client.* (look for execute() calls) - - grep -n openConnection( mobile/android/thirdparty/ - - java.net.URL -- has SEVERAL proxy bypass URL fetching methods :/ - - java.net - - javax.net - - ch.boye.httpclientandroidlib.conn.* (esp ssl) - - ch.boye.httpclientandroidlib.impl.conn.* (esp ssl) - - Sudden appearance of thirdparty libs: - - OkHttp - - Retrofit - - Glide - - com.amitshekhar.android - - IntentHelper - - openUriExternal (can come from GeckoAppShell too) - - getHandlersForMimeType - - getHandlersForURL - - getHandlersForIntent - - android.content.Intent - too common; instead find launch methods: - - startActivity - - startActivities - - sendBroadcast - - sendOrderedBroadcast - - startService - - bindService - - android.app.PendingIntent - - android.app.DownloadManager - - ActivityHandlerHelper.startIntentAndCatch +Start: ${previous_base_commit_hash} # ${prev_tag} +End: ${next_base_commit_hash} # ${next_tag}
============ Regression/Prior Vuln Review =========
Review proxy bypass bugs; check for new vectors to look for: - - https://trac.torproject.org/projects/tor/query?keywords=~tbb-proxy + - https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&... - Look for new features like these. Especially external app launch vectors