Security/Reviews/Gaia/costcontrol: Difference between revisions

From MozillaWiki
< Security‎ | Reviews‎ | Gaia
Jump to navigation Jump to search
Line 24: Line 24:


====Permissions====
====Permissions====
* "sms":{} - sms-received, sms-sent system message.
* "mobileconnection":{} - access to SIM card, check service status
* "desktop-notification":{} - Notify user, with desktop notification, they've exceeded usage  29 "settings":{ "access": "readonly" } 
  - to read settings... but I don't see any references to mozSettings() except in a test
* "networkstats-manage":{} - Obtain statistics of data usage
* "alarms": {}, - alarm system message
* "telephony": {}, - telephony-call-ended system message.
* "storage": {} - use storage without size limitations


====Web Activity Handlers ====
====Web Activity Handlers ====

Revision as of 13:29, 18 September 2013

App Review Details

  • App:
  • Review Date:
  • Review Lead:

Overview

Architecture

Components

Relevant Source Code

Application Code
Shared Code
  • shared/js/async_storage.js
  • shared/js/l10n.js
  • shared/js/l10n_date.js
  • shared/js/lazy_loader.js
  • shared/js/notification_helper.js
  • shared/js/settings_listener.js

Permissions

  • "sms":{} - sms-received, sms-sent system message.
  • "mobileconnection":{} - access to SIM card, check service status
  • "desktop-notification":{} - Notify user, with desktop notification, they've exceeded usage 29 "settings":{ "access": "readonly" }
 - to read settings... but I don't see any references to mozSettings() except in a test
  • "networkstats-manage":{} - Obtain statistics of data usage
  • "alarms": {}, - alarm system message
  • "telephony": {}, - telephony-call-ended system message.
  • "storage": {} - use storage without size limitations

Web Activity Handlers

Web Activity Usage

Notable Event Handlers

Code Review Notes

1. XSS & HTML Injection attacks

2. Secure Communications

3. Secure data storage

4. Denial of Service

5. Use of Privileged APIs

6. Interfaces with other Apps/Content

Security Risks & Mitigating Controls

Actions & Recommendations