Security/Reviews/Gaia/costcontrol

From MozillaWiki

< Security‎ | Reviews‎ | Gaia

Revision as of 13:30, 18 September 2013 by Rfletcher (talk | contribs) (→‎App Review Details)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

App Review Details

App: Usage (gaia/apps/costcontrol)
Review Date: Sept 2013
Review Lead: Rob Fletcher (:omerta)

Overview

Architecture

Components

Relevant Source Code

Application Code

Shared Code

shared/js/async_storage.js
shared/js/l10n.js
shared/js/l10n_date.js
shared/js/lazy_loader.js
shared/js/notification_helper.js
shared/js/settings_listener.js

Permissions

"sms":{} - sms-received, sms-sent system message.
"mobileconnection":{} - access to SIM card, check service status
"desktop-notification":{} - Notify user, with desktop notification, they've exceeded usage
"settings":{ "access": "readonly" } - to read settings... but I don't see any references to mozSettings() except in a test
"networkstats-manage":{} - Obtain statistics of data usage
"alarms": {}, - alarm system message
"telephony": {}, - telephony-call-ended system message.
"storage": {} - use storage without size limitations

Web Activity Handlers

Web Activity Usage

Notable Event Handlers

Code Review Notes

1. XSS & HTML Injection attacks

2. Secure Communications

3. Secure data storage

4. Denial of Service

5. Use of Privileged APIs

6. Interfaces with other Apps/Content

Security Risks & Mitigating Controls

Actions & Recommendations

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Reviews/Gaia/costcontrol&oldid=710878"

SecReview