MozillaWiki

Security/Reviews/Gaia/system/code: Difference between revisions

Page Discussion

Security/Reviews/Gaia/system/code (view source)

Revision as of 12:11, 26 March 2013

645 bytes removed ,  26 March 2013
→‎Relevant Source Code
 
Line 45: Line 45:
*bluetooth_transfer.js: Handles an individual transfer, including displaying confirm prompt to the user
*bluetooth_transfer.js: Handles an individual transfer, including displaying confirm prompt to the user


Todo: Bluetooth file, and metadata (filename etc) could be malicious, but code uses CustomDialog (http://mxr.mozilla.org/gaia/source/shared/js/custom_dialog.js#5) which uses textContent and createTextNode to prevent injection.
Note: Bluetooth file, and metadata (filename etc) could be malicious, but code uses CustomDialog (http://mxr.mozilla.org/gaia/source/shared/js/custom_dialog.js#5) which uses textContent and createTextNode to prevent injection. Also uses filename for notifications which is similarly protected.


*bootstrap.js: Random startup tasks, including checking for updates. Not too much to review here. Sets the wallpaper for all home screens.
*bootstrap.js: Random startup tasks, including checking for updates. Not too much to review here. Sets the wallpaper for all home screens.
Line 68: Line 68:
*captive_portal.js: Code looks ok, but could do with some testing.
*captive_portal.js: Code looks ok, but could do with some testing.


Todo: test this on to see what attack vector from a rogue wireless network.
  Todo: test this on to see what attack vector from a rogue wireless network.


*cards_view.js: Main app UI management. There have been lots of bugs in the past where background apps could interfere with the foreground app.
*cards_view.js: Main app UI management. There have been lots of bugs in the past where background apps could interfere with the foreground app. All closed now, but will be an area to keep an eye with future changes.


*context_menu.js: Simple menu helper class.
*context_menu.js: Simple menu helper class.
Line 89: Line 89:


*icc_cache.js: Sim Toolkit message handler?
*icc_cache.js: Sim Toolkit message handler?
Todo: find out what this is.


*identity.js Persona implementation for the phone. See here for detailed review: [[Security/Reviews/Gaia/system/identity.js]]
*identity.js Persona implementation for the phone. See here for detailed review: [[Security/Reviews/Gaia/system/identity.js]]


*init_logo_handler.js: loads animated logo at power on.
*init_logo_handler.js: loads animated logo at power on.


*keyboard_manager.js: Manages the keyboard. Currently just embeds keyboard app, but in future will allow for changing of keyboard apps.
*keyboard_manager.js: Manages the keyboard. Currently just embeds keyboard app, but in future will allow for changing of keyboard apps.
Line 143: Line 140:
     }
     }
</code>
</code>
However currently selectone is not implemented. Raised bug just in case this changes in the future: https://bugzilla.mozilla.org/show_bug.cgi?id=850554


*mouse2touch.js: shim to support
*mouse2touch.js: shim to support
Line 149: Line 148:
UI to display notifications. Uses DOM methods not innerHTML - hooray!
UI to display notifications. Uses DOM methods not innerHTML - hooray!


*payment.js
*payment.js: needs its own review probably: [[Security/Reviews/Gaia/system/payment.js]]
Todo: needs its own review probably: [[Security/Reviews/Gaia/system/payment.js]]


*permission_manager.js:Handles prompting for permissions. Handles fullscreen requests as well.
*permission_manager.js:Handles prompting for permissions. Handles fullscreen requests as well.


*popup_manager.js
*popup_manager.js
Line 168: Line 165:


*screenshot.js
*screenshot.js
Takes a screen shot when user press both home and power buttons. s
Takes a screen shot when user press both home and power buttons.  


*sim_lock.js
*sim_lock.js
Line 181: Line 178:


*source_view.js
*source_view.js
    Possibly should be removed.


*statusbar.js
*statusbar.js
Line 206: Line 204:


*utility_tray.js
*utility_tray.js
tray that gets dragged down from top of screen.


*value_selector
*value_selector
Code to create widgets for date selectors or select wheels etc.


*voicemail.js
*voicemail.js
Line 214: Line 214:


*window.js
*window.js
This seems dangerous:
see bug 854849
http://mxr.mozilla.org/gaia/source/apps/system/js/window.js#120


Don't know how you can reach this, but seems like f you had xss in the app name you get xss.
<code>
105  AppError.prototype.getMessage = function() {
106    if (AirplaneMode.enabled) {
107      return _('airplane-is-turned-on', { name: this.app.name });
108    } else if (!navigator.onLine) {
109      return _('network-error', { name: this.app.name });
110    } else {
111      return _('error-message', { name: this.app.name });
112    }
113  };
114
115  AppError.prototype.view = function() {
116    return '<div id="' + this.id() + '" class="' +
117        AppError.className + ' visible" role="dialog">' +
118      '<div class="modal-dialog-message-container inner">' +
119        '<h3 data-l10n-id="error-title" class="title">' +
120          this.getTitle() + '</h3>' +
121        '<p>' +
122          '<span data-l10n-id="error-message" class="message">' +
123            this.getMessage() + '</span>' +
124        '</p>' +*window_manager.js
</code>
*wrapper.js
*wrapper.js
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/641421"