[tor-commits] [tor-browser-spec/master] Update NETWORK_AUDIT_RUBRIC

gk at torproject.org gk at torproject.org
Fri Mar 19 21:16:19 UTC 2021 

commit 6735a8b4b3fda67088089c5a06b8ba25d2f89a44
Author: Matthew Finkel <sysrqb at torproject.org>
Date:   Tue Feb 9 19:29:32 2021 +0000

    Update NETWORK_AUDIT_RUBRIC
---
 audits/NETWORK_AUDIT_RUBRIC | 93 +++++++++++----------------------------------
 1 file changed, 22 insertions(+), 71 deletions(-)

diff --git a/audits/NETWORK_AUDIT_RUBRIC b/audits/NETWORK_AUDIT_RUBRIC
index b58bb49..a755b64 100644
--- a/audits/NETWORK_AUDIT_RUBRIC
+++ b/audits/NETWORK_AUDIT_RUBRIC
@@ -1,88 +1,39 @@
-`git diff esrA esrB` and then go over all the changes containing the
-below mentioned potentially dangerous calls and features. Grep the diff for
-the following strings and examine surrounding usage.
+============ General =============
 
-=============== Native DNS Portion =============
+The audit begins at the commit hash where the previous audit ended. Use
+code_audit.sh for creating the diff and highlighting potentially problematic
+code. The audit is scoped to a specific language (currently C/C++, Rust,
+Java/Kotlin, and Javascript).
 
-PR_GetHostByName
-PR_GetIPNodeByName
-PR_GetAddrInfoByName
-PR_StringToNetAddr (itself is good as it passes AI_NUMERICHOST to getaddrinfo. No resolution.)
+The output includes the entire patch where the new problematic code was
+introduced. Search for "XXX MATCH XXX" to find the next potential violation.
 
-MDNS
-TRR (DNS Trusted Recursive Resolver)
+code_audit.sh contains the list of known problematic APIs. New usage of these
+functions are documented and analyzed in this audit.
 
-Direct Paths to DNS resolution:
-nsDNSService::Resolve
-nsDNSService::AsyncResolve
-nsHostResolver::ResolveHost
+============ Firefox General Portion =============
 
-============ Misc Socket Portion ==============
+Start: ${previous_base_commit_hash} # ${prev_tag}
+End:   ${next_base_commit_hash}     # ${next_tag}
 
-SOCK_
-SOCKET_
-_SOCKET
-UDPSocket
-TCPSocket
-  PR_NewTCPSocket
-  AsyncTCPSocket
+============ Application Services Portion =============
 
-Misc PR_Socket
+Start: ${previous_base_commit_hash} # ${prev_tag}
+End:   ${next_base_commit_hash}     # ${next_tag}
 
-=========== Misc XPCOM Portion ================
+============ Android Components Portion =============
 
-Misc XPCOM (including commands for pre-diff review approach)
- *SocketProvider
- grep -R udp-socket .
- grep -R tcp-socket .
- grep for tcpsocket
- grep -R "NS_" | grep SOCKET | grep "_C"
- grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket
+Start: ${previous_base_commit_hash} # ${prev_tag}
+End:   ${next_base_commit_hash}     # ${next_tag}
 
-============ Rust Portion ================
+============ Fenix Portion =============
 
-Rust
- - XXX: What do we grep for here? Or do we rely on Ritter's compile-time tool?
- - Check for new sendmsg and recvmsg usage
-
-============ Android Portion =============
-
-Android Java calls
- - URLConnection
-   - XXX: getInputStream? other methods?
- - HttpURLConnection
- - UrlConnectionDownloader
- - ch.boye.httpclientandroidlib.impl.client.* (look for execute() calls)
- - grep -n openConnection\( mobile/android/thirdparty/
- - java.net.URL -- has SEVERAL proxy bypass URL fetching methods :/
- - java.net
- - javax.net
- - ch.boye.httpclientandroidlib.conn.* (esp ssl)
- - ch.boye.httpclientandroidlib.impl.conn.* (esp ssl)
- - Sudden appearance of thirdparty libs:
-   - OkHttp
-   - Retrofit
-   - Glide
-   - com.amitshekhar.android
- - IntentHelper
-   - openUriExternal (can come from GeckoAppShell too)
-   - getHandlersForMimeType
-   - getHandlersForURL
-   - getHandlersForIntent
- - android.content.Intent - too common; instead find launch methods:
-   - startActivity
-   - startActivities
-   - sendBroadcast
-   - sendOrderedBroadcast
-   - startService
-   - bindService
- - android.app.PendingIntent
- - android.app.DownloadManager
- - ActivityHandlerHelper.startIntentAndCatch
+Start: ${previous_base_commit_hash} # ${prev_tag}
+End:   ${next_base_commit_hash}     # ${next_tag}
 
 ============ Regression/Prior Vuln Review =========
 
 Review proxy bypass bugs; check for new vectors to look for:
- - https://trac.torproject.org/projects/tor/query?keywords=~tbb-proxy
+ - https://gitlab.torproject.org/groups/tpo/applications/-/issues?scope=all&utf8=%E2%9C%93&state=opened&label_name[]=Proxy%20Bypass
    - Look for new features like these. Especially external app launch vectors

More information about the tor-commits mailing list