|
|
| Line 1: |
Line 1: |
| == Content Of Security Audit Reports ==
| | #REDIRECT [[SIGs/Security]] |
| | |
| * Requestor(s)
| |
| * Auditor(s)
| |
| * Request date
| |
| * Delivery date
| |
| | |
| === Target of evaluation ===
| |
| | |
| * Project name
| |
| * Project content ((S)RPM package or URL to version control system)
| |
| * Version (RPM version, upstream version or version control revision)
| |
| * Summarize the scope of the audit and, if possible, aspects of the threat model.
| |
| | |
| === Basic information ===
| |
| | |
| * Main programming language(s)
| |
| * Approximate lines of codes (sloccount)
| |
| * Contains example code (yes/no)
| |
| * Contains test suite (yes/no)
| |
| * Specific functionality (yes/no)
| |
| ** Handles authentication
| |
| ** Network access
| |
| ** File system access
| |
| ** D-Bus access
| |
| ** Process environment access
| |
| ** Listens on network
| |
| ** Provides D-Bus service
| |
| ** Registers MIME types or file extensions
| |
| ** Installs browser plug-ins
| |
| ** setuid executable
| |
| ** Uses fork
| |
| ** Uses threads
| |
| ** Thread-safe
| |
| | |
| === Dependencies ===
| |
| | |
| * Required libraries
| |
| | |
| === Build options ===
| |
| | |
| * Builds compiled code (yes/no)
| |
| * Builds managed code (yes/no)
| |
| * Builds one or more libraries (yes/no)
| |
| * Builds one or more executables (yes/no)
| |
| * Uses recommend Defensive Coding code generation/linking options (yes/no)
| |
| * Uses Defensive Coding warning flags (yes/no)
| |
| * Produces compiler warnings (yes/no)
| |
| | |
| === Assumptions ===
| |
| | |
| List all assumptions, such as correct use of APIs. Not all such aspects can be covered in an audit, especially if they require lots of domain-specific knowledge.
| |
| | |
| === Compiler warnings ===
| |
| | |
| Note relevant compiler warnings, possibly after changing the compiler invocation to show more warnings. (This may include warnings from non-production compilers/compiler versions).
| |
| | |
| === Banned APIs ===
| |
| | |
| Note usage of APIs which are impossible to use correctly (`gets`, `getwd`, `readdir_r` etc.).
| |
| | |
| === Dangerous APIs ===
| |
| | |
| Note usage of dangerous APIs (certain C string functions, incorrect temporary files, process environment access from libraries, many forms of serialization).
| |
| | |
| === Definite problems ===
| |
| | |
| List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from `malloc` or `setuid`/`setgid`. This may include dead code (especially conditionally compiled code).
| |
| | |
| === Possible problems ===
| |
| | |
| The same list, but this time for issues which are likely, but not definitely present in the source code.
| |
| | |
| === Recommendations ===
| |
| | |
| Give recommendations based on the observations which do not fit in the previous categories.
| |
| | |
| [[Category:Security Team]] | |
