From Fedora Project Wiki

Revision as of 18:34, 19 August 2016 by Sparks (talk | contribs) (Updated category)

Content Of Security Audit Reports

  • Requestor(s)
  • Auditor(s)
  • Request date
  • Delivery date

Target of evaluation

  • Project name
  • Project content ((S)RPM package or URL to version control system)
  • Version (RPM version, upstream version or version control revision)
  • Summarize the scope of the audit and, if possible, aspects of the threat model.

Basic information

  • Main programming language(s)
  • Approximate lines of codes (sloccount)
  • Contains example code (yes/no)
  • Contains test suite (yes/no)
  • Specific functionality (yes/no)
    • Handles authentication
    • Network access
    • File system access
    • D-Bus access
    • Process environment access
    • Listens on network
    • Provides D-Bus service
    • Registers MIME types or file extensions
    • Installs browser plug-ins
    • setuid executable
    • Uses fork
    • Uses threads
    • Thread-safe

Dependencies

  • Required libraries

Build options

  • Builds compiled code (yes/no)
  • Builds managed code (yes/no)
  • Builds one or more libraries (yes/no)
  • Builds one or more executables (yes/no)
  • Uses recommend Defensive Coding code generation/linking options (yes/no)
  • Uses Defensive Coding warning flags (yes/no)
  • Produces compiler warnings (yes/no)

Assumptions

List all assumptions, such as correct use of APIs. Not all such aspects can be covered in an audit, especially if they require lots of domain-specific knowledge.

Compiler warnings

Note relevant compiler warnings, possibly after changing the compiler invocation to show more warnings. (This may include warnings from non-production compilers/compiler versions).

Banned APIs

Note usage of APIs which are impossible to use correctly (gets, getwd, readdir_r etc.).

Dangerous APIs

Note usage of dangerous APIs (certain C string functions, incorrect temporary files, process environment access from libraries, many forms of serialization).

Definite problems

List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from malloc or setuid/setgid. This may include dead code (especially conditionally compiled code).

Possible problems

The same list, but this time for issues which are likely, but not definitely present in the source code.

Recommendations

Give recommendations based on the observations which do not fit in the previous categories.