Code Audit Report
(Created page with "== Content Of Security Audit Reports == * RT ticket * Requestor(s) * Auditor(s) * Request date * Delivery date === Target of evaluation === * Project name * Project content...")
|Line 78:||Line 78:|
Revision as of 14:25, 9 April 2013
Content Of Security Audit Reports
- RT ticket
- Request date
- Delivery date
Target of evaluation
- Project name
- Project content ((S)RPM package or URL to version control system)
- Version (RPM version, upstream version or version control revision)
- Summarize the scope of the audit and, if possible, aspects of the threat model.
- Main programming language(s)
- Approximate lines of codes (sloccount)
- Contains example code (yes/no)
- Contains test suite (yes/no)
- Specific functionality (yes/no)
- Handles authentication
- Network access
- File system access
- D-Bus access
- Process environment access
- Listens on network
- Provides D-Bus service
- Registers MIME types or file extensions
- Installs browser plug-ins
- setuid executable
- Uses fork
- Uses threads
- Required libraries
- Builds compiled code (yes/no)
- Builds managed code (yes/no)
- Builds one or more libraries (yes/no)
- Builds one or more executables (yes/no)
- Uses recommend Defensive Coding code generation/linking options (yes/no)
- Uses Defensive Coding warning flags (yes/no)
- Produces compiler warnings (yes/no)
List all assumptions, such as correct use of APIs. Not all such aspects can be covered in an audit, especially if they require lots of domain-specific knowledge.
Note relevant compiler warnings, possibly after changing the compiler invocation to show more warnings. (This may include warnings from non-production compilers/compiler versions).
Note usage of APIs which are impossible to use correctly (`gets`, `getwd`, `readdir_r` etc.).
Note usage of dangerous APIs (certain C string functions, incorrect temporary files, process environment access from libraries, many forms of serialization).
List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from `malloc` or `setuid`/`setgid`. This may include dead code (especially conditionally compiled code).
The same list, but this time for issues which are likely, but not definitely present in the source code.
Give recommendations based on the observations which do not fit in the previous categories.