Firefox3.1/JSONSecurityReview

From MozillaWiki
Jump to: navigation, search

Overview

Describe the goals and objectives of the feature here.

Background links

Security and Privacy

  • Is this feature a security feature?
    • No, other than giving developers an option to avoid using eval to parse JSON.
  • What potential security issues in your feature have you already considered and addressed?
      • Mostly DOS issues and unintended modification of JS objects.
  • Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
      • No.
  • Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
      • The main risk would be a way to squeeze code (JS functions, etc) through the parser. The grammar is pretty strict, and we have many tests covering a variety of valid and invalid JSON.
  • How are transitions in/out of Private Browsing mode handled?
      • Not relevant.

Exported APIs

  • Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
    • Some additions to jsapi.h
  • Does it interoperate with a web service? How will it do so?
    • No.

Module interactions

  • What other modules are used (REQUIRES in the makefile, interfaces)?
    • Only SpiderMonkey dependencies.

Data

  • What data is read or parsed by this feature?
    • JSON data.
  • What is the output of this feature?
    • Either a string containing JSON or a JS value parsed from a JSON string.

Reliability

  • What failure modes or decision points are presented to the user?
    • JS Exceptions
  • Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
    • It can hold GC roots if the caller fails to call the parser clean up function.

Review comments