|
|
| (24 intermediate revisions by 6 users not shown) |
| Line 1: |
Line 1: |
| = Security Review Pre-Work =
| | ;Items to be reviewed: |
| Please fill our the short section below prior to the review, and make sure you contact security@mozilla.org to schedule your actual review.
| |
|
| |
|
| == Overview == | | == Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]== |
| ''Describe the goals and objectives of the feature here.''
| | === Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)=== |
|
| |
|
| ;Background links
| | === What solutions/approaches were considered other than the proposed solution?=== |
| * feature-tracking bug links
| |
| * specs or design docs
| |
|
| |
|
| == Threats == | | === Why was this solution chosen?=== |
| Please list the top 3 security threats you have considered during the design and implementation of this feature. What mitigations have you implemented?
| |
| * Threat 1
| |
| * Threat 2
| |
| * Threat 3
| |
|
| |
|
| = Topics To Discuss During The Review = | | == Any security threats already considered in the design and why?== |
| Please be prepared to discuss the following topics as they relate to your feature / project. To the degree you can answer some of these questions prior to the review it will speed up the process, but its not a requirement.
| |
|
| |
|
| == Security and Privacy == | | == Threat Brainstorming (30-40 minutes)== |
| * Is this feature a security feature? If it is, what security issues is it intended to resolve?
| |
| * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
| |
| * How are transitions in/out of Private Browsing mode handled?
| |
| * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
| |
| * If any content or UI is displayed to the user, in what context is that content presented? Does it have chrome privileges, for example?
| |
|
| |
|
| == Exported APIs == | | == Conclusions / Action Items (10-20 minutes)== |
| * Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
| |
| * Does it interoperate with a web service? How will it do so?
| |
| * Explain the significant file formats, names, syntax, and semantics.
| |
| * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
| |
| * Does it change any existing interfaces?
| |
| | |
| == Module interactions ==
| |
| * What other modules are used (REQUIRES in the makefile, interfaces)?
| |
| | |
| == Data ==
| |
| * What data is read or parsed by this feature?
| |
| * What is the output of this feature?
| |
| * What storage formats are used?
| |
| | |
| == Reliability ==
| |
| * What failure modes or decision points are presented to the user?
| |
| * Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
| |
| | |
| == Configuration ==
| |
| * Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
| |
| * Are there build options for developers? [#ifdefs, ac_add_options, etc.]
| |
| * What ranges for the tunable are appropriate? How are they determined?
| |
| * What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
| |
| | |
| == Relationships to other projects ==
| |
| Are there related projects in the community?
| |
| * If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
| |
| * Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?
| |
| | |
| == Review comments ==
| |