-
Notifications
You must be signed in to change notification settings - Fork 0
Hardening_Conductor_models
Back to Hardening the app
- permission model is correctly applied to all model level objects (see below)
- fields requiring encryption are stored securely in the db
- all restricted fields are hidden in logs
Mass assignments are frequently used in our project, but this is a bad practice http://guides.rubyonrails.org/security.html#mass-assignment.
All attributes will be marked as having to be explicitly set by default, with specific exceptions to this whitelisted
A patch adding preliminary support has been sent to the list and is awaiting review / further revisions:
[1] https://lists.fedorahosted.org/pipermail/aeolus-devel/2012-July/011770.html
|.Model|.Permissioned Object|.Encrypted Properly|.Attributes to
whitelist/backlist (see [1])|.Securely invokes
functionality|.Other|.Rcov |
| | | | | |
|BasePermissionObject|yes|yes||yes|||
|CatalogEntry |||||
|Catalog |||||
|CommonFilterMethods |||||
|ConfigServer ||||no - client may specify credentials to generate any
rest request, should these be limited somehow? evaluated v0.9.0rc1 as
ConfigServer is not available in v0.4.0|
|CredentialDefinition|no|no - value needs to be secured as stored cloud
account passwords|blacklist: id, provideraccountid, createdat,
updatedat; whitelist: value, credentialdefinitionid|n/a||
|Credential |||||
|Deployable |||||
|Deployment ||||no - makes use of the $! global variable in a few
places, this needs to be changed|Cyclomatic Complexity of ‘launch’
method is very large,
|Event |||||
|FrontendRealm |||||
|Graph |||||
|HardwareProfileProperty|||||
|HardwareProfile |||||
|Hook |||||
|InstanceHwp |no|n/a|n/a|n/a|||
|InstanceKey |no|?|?|y|destroyinstancekey returns true even if it
fails|
|InstanceObserver |no|n/a|n/a|y||
|InstanceParameter |no|n/a|?|n/a||
|Instance |y|no - secret needs to be secured |blacklist: id,
externalkey, ownerid, provideraccountid, instancehwpid
public/private addresses, state, lasterror, lockversion, acc*,
time***, createdat, updatedat, deploymentid, *xml,uuid,
providerinstanceid, uuid; whitelist: name, hwpid, frontendrealmid,
poolid, userdata||csvexport method can be optimized?
OAUTHSECRETSEED + secret generated as a class constant here, perhaps
at a better / more configurable place? keyname algorithm makes use of
objectid, good idea?|
|InstanceTask |no||||Permissions FIXME in
validactionsforinstancestate? should be taken care of|
|MetadataObject |no|yes||yes||
|PermissionedObject |n/a|yes||yes||
|Permission |||||
|PoolFamily |||||
|Pool |||||
|Privilege |||||
|PropertyEnumEntry |||||
|ProviderAccount |||||
|Provider |||||credentials*hash method and its use is very inefficient,
should be optimize|
|ProviderType |||||
|Quota |||||
|RealmBackendTarget |||||
|Realm |||||
|Role |||||
|SearchFilter |||||
|TaskObserver |||||
|Task |||||
|TemplateXml |||||
|User |||||
|ViewState |||||
- app/views/layouts/tabpanel.html.haml
* delete resource / route for :builds as corresponding controller does not exist
* delete resource / route for :templates as corresponding controller does not exist
* consider moving our stateful views and our permissions / metadata subsystem out into their own gems
* remove matchingprofiles exception in hardware profiles controller require_user filter (no such method) - iwhd analysis was dropped as that component is being removed