Code Audit Report

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Created page with "== Content Of Security Audit Reports == * RT ticket * Requestor(s) * Auditor(s) * Request date * Delivery date === Target of evaluation === * Project name * Project content...")
 
 
Line 78: Line 78:
  
 
[[Category:Security]]
 
[[Category:Security]]
[[Category:Code Review]]
+
[[Category:Code Audit]]

Latest revision as of 14:25, 9 April 2013

Contents

[edit] Content Of Security Audit Reports

  • RT ticket
  • Requestor(s)
  • Auditor(s)
  • Request date
  • Delivery date

[edit] Target of evaluation

  • Project name
  • Project content ((S)RPM package or URL to version control system)
  • Version (RPM version, upstream version or version control revision)
  • Summarize the scope of the audit and, if possible, aspects of the threat model.

[edit] Basic information

  • Main programming language(s)
  • Approximate lines of codes (sloccount)
  • Contains example code (yes/no)
  • Contains test suite (yes/no)
  • Specific functionality (yes/no)
    • Handles authentication
    • Network access
    • File system access
    • D-Bus access
    • Process environment access
    • Listens on network
    • Provides D-Bus service
    • Registers MIME types or file extensions
    • Installs browser plug-ins
    • setuid executable
    • Uses fork
    • Uses threads
    • Thread-safe

[edit] Dependencies

  • Required libraries

[edit] Build options

  • Builds compiled code (yes/no)
  • Builds managed code (yes/no)
  • Builds one or more libraries (yes/no)
  • Builds one or more executables (yes/no)
  • Uses recommend Defensive Coding code generation/linking options (yes/no)
  • Uses Defensive Coding warning flags (yes/no)
  • Produces compiler warnings (yes/no)

[edit] Assumptions

List all assumptions, such as correct use of APIs. Not all such aspects can be covered in an audit, especially if they require lots of domain-specific knowledge.

[edit] Compiler warnings

Note relevant compiler warnings, possibly after changing the compiler invocation to show more warnings. (This may include warnings from non-production compilers/compiler versions).

[edit] Banned APIs

Note usage of APIs which are impossible to use correctly (`gets`, `getwd`, `readdir_r` etc.).

[edit] Dangerous APIs

Note usage of dangerous APIs (certain C string functions, incorrect temporary files, process environment access from libraries, many forms of serialization).

[edit] Definite problems

List issues known to be present in the code base. Mark each one as security-relevant or non-relevant. This includes API misuse such as missing return value checks from `malloc` or `setuid`/`setgid`. This may include dead code (especially conditionally compiled code).

[edit] Possible problems

The same list, but this time for issues which are likely, but not definitely present in the source code.

[edit] Recommendations

Give recommendations based on the observations which do not fit in the previous categories.