Skip to content

Hardening_Conductor_models

Matt Wagner edited this page Oct 25, 2012 · 1 revision

Hardening/Conductor models

Back to Hardening the app

  • permission model is correctly applied to all model level objects (see below)
  • fields requiring encryption are stored securely in the db
  • all restricted fields are hidden in logs

Mass Assignments

Mass assignments are frequently used in our project, but this is a bad practice http://guides.rubyonrails.org/security.html#mass-assignment.

All attributes will be marked as having to be explicitly set by default, with specific exceptions to this whitelisted

A patch adding preliminary support has been sent to the list and is awaiting review / further revisions:

[1] https://lists.fedorahosted.org/pipermail/aeolus-devel/2012-July/011770.html

Conductor Models

|.Model|.Permissioned Object|.Encrypted Properly|.Attributes to whitelist/backlist (see [1])|.Securely invokes functionality|.Other|.Rcov |
| | | | | |
|BasePermissionObject|yes|yes||yes|||
|CatalogEntry |||||
|Catalog |||||
|CommonFilterMethods |||||
|ConfigServer ||||no - client may specify credentials to generate any rest request, should these be limited somehow? evaluated v0.9.0rc1 as ConfigServer is not available in v0.4.0|
|CredentialDefinition|no|no - value needs to be secured as stored cloud account passwords|blacklist: id, provider
accountid, createdat, updatedat; whitelist: value, credentialdefinitionid|n/a||
|Credential |||||
|Deployable |||||
|Deployment ||||no - makes use of the $! global variable in a few places, this needs to be changed|Cyclomatic Complexity of ‘launch’ method is very large,
|Event |||||
|FrontendRealm |||||
|Graph |||||
|HardwareProfileProperty|||||
|HardwareProfile |||||
|Hook |||||
|InstanceHwp |no|n/a|n/a|n/a|||
|InstanceKey |no|?|?|y|destroy
instancekey returns true even if it fails|
|InstanceObserver |no|n/a|n/a|y||
|InstanceParameter |no|n/a|?|n/a||
|Instance |y|no - secret needs to be secured |blacklist: id, external
key, ownerid, provideraccountid, instancehwpid public/private addresses, state, lasterror, lockversion, acc*, time***, createdat, updatedat, deploymentid, *xml,uuid, providerinstanceid, uuid; whitelist: name, hwpid, frontendrealmid, poolid, userdata||csvexport method can be optimized? OAUTHSECRETSEED + secret generated as a class constant here, perhaps at a better / more configurable place? keyname algorithm makes use of objectid, good idea?|
|InstanceTask |no||||Permissions FIXME in validactionsforinstancestate? should be taken care of|
|MetadataObject |no|yes||yes||
|PermissionedObject |n/a|yes||yes||
|Permission |||||
|PoolFamily |||||
|Pool |||||
|Privilege |||||
|PropertyEnumEntry |||||
|ProviderAccount |||||
|Provider |||||credentials*hash method and its use is very inefficient, should be optimize|
|ProviderType |||||
|Quota |||||
|RealmBackendTarget |||||
|Realm |||||
|Role |||||
|SearchFilter |||||
|TaskObserver |||||
|Task |||||
|TemplateXml |||||
|User |||||
|ViewState |||||

Unused modules (should be removed)

  • app/views/layouts/tabpanel.html.haml
    * delete resource / route for :builds as corresponding controller does not exist
    * delete resource / route for :templates as corresponding controller does not exist
    * consider moving our stateful views and our permissions / metadata subsystem out into their own gems
    * remove matching
    profiles exception in hardware profiles controller require_user filter (no such method)
  • iwhd analysis was dropped as that component is being removed
Clone this wiki locally