User:Mnandigama:SecReview

From MozillaWiki
Jump to navigation Jump to search

As many in QA and Security team are aware, we are performing a study of all fixed Security bugs that have patches which are available in the BugZilla.Chofmann and Lucas and sec-team are presented with the data and they have provided valuable recommendations/help for further analysis.

In this process we have identified 603 fixed security bugs and identified around 920 source files which were modified to fix these bugs.

Additionally, we have also studied the code coverage on these files using automated test suites and found that on average, all these source files have 14% more code coverage than the overall-average-code-coverage obtained using automated test suites.

We have also identified the TOP 30 source files that have most number of security bug fixes.

We are planning that, every week on Monday, for the next few weeks, we are going to look at all the bug fixes that went into latest-release-source-branch and generate a report as to how many source files that are modified to fix one week's worth of bugs actually modified these 'security sensitive' files and send a report.

Here is the list of TOP 30 sec sensitive source files [ excluding the .list| .html| .xhtml| .xul| .in| .mm| .mk| README| .xml| .svg| .txt|.cvs extensions ].

We are hoping that it would provide useful guidance for developers [ from pre-integration testing point of view ], patch review and patch approval [ to review the change not only in terms of its own complexity, but also from security impact point of view ].

The format of the list below is: The number of unique SEC bug fixes that happened on the source file followed by file name.

  • 64 nsCSSFrameConstructor.cpp
  • 24 jsobj.c
  • 23 nsBlockFrame.cpp
  • 22 nsPresShell.cpp
  • 19 nsDocument.cpp
  • 19 jsgc.c
  • 18 jsfun.c
  • 17 nsGenericElement.cpp
  • 16 jsscript.c
  • 16 jsemit.c
  • 15 nsDOMClassInfo.cpp
  • 13 nsXULElement.cpp
  • 13 nsXULDocument.cpp
  • 13 nsTreeBodyFrame.cpp
  • 13 jsarray.c
  • 12 nsDocument.h
  • 11 nsIDocument.h
  • 11 nsCSSFrameConstructor.h
  • 11 jsapi.c
  • 10 XPCNativeWrapper.cpp
  • 10 nsContentUtils.cpp
  • 10 jsiter.c
  • 8 nsGenericHTMLElement.cpp
  • 8 jstracer.cpp
  • 8 jsopcode.c
  • 8 jsobj.h
  • 8 jsdbgapi.c
  • 8 FeedWriter.js
  • 7 nsXPConnect.cpp
  • 7 nsTextFrameThebes.cpp

Please let us know what do you think of this plan...

Retrieved from "https://wiki.mozilla.org/index.php?title=User:Mnandigama:SecReview&oldid=139959"