Security/Reviews/Gaia/costcontrol

From MozillaWiki
< Security‎ | Reviews‎ | Gaia
Revision as of 13:31, 18 September 2013 by Rfletcher (talk | contribs) (→‎Overview)
Jump to navigation Jump to search

App Review Details

  • App: Usage (gaia/apps/costcontrol)
  • Review Date: Sept 2013
  • Review Lead: Rob Fletcher (:omerta)

Overview

Usage application to see credit and data usage statistics.

Presents the user with a graph of either Mobile or Data usage or both. Also, allows the user to set notifications if usage exceeds a certain amount of usage; the user can also reset the usage amount being tracked.

Architecture

Components

Relevant Source Code

Application Code
Shared Code
  • shared/js/async_storage.js
  • shared/js/l10n.js
  • shared/js/l10n_date.js
  • shared/js/lazy_loader.js
  • shared/js/notification_helper.js
  • shared/js/settings_listener.js

Permissions

  • "sms":{} - sms-received, sms-sent system message.
  • "mobileconnection":{} - access to SIM card, check service status
  • "desktop-notification":{} - Notify user, with desktop notification, they've exceeded usage
  • "settings":{ "access": "readonly" } - to read settings... but I don't see any references to mozSettings() except in a test
  • "networkstats-manage":{} - Obtain statistics of data usage
  • "alarms": {}, - alarm system message
  • "telephony": {}, - telephony-call-ended system message.
  • "storage": {} - use storage without size limitations

Web Activity Handlers

Web Activity Usage

Notable Event Handlers

Code Review Notes

1. XSS & HTML Injection attacks

2. Secure Communications

3. Secure data storage

4. Denial of Service

5. Use of Privileged APIs

6. Interfaces with other Apps/Content

Security Risks & Mitigating Controls

Actions & Recommendations

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Reviews/Gaia/costcontrol&oldid=710881"