max
/
tauri-plugins-workspace
mirror of https://github.com/tauri-apps/plugins-workspace
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Security Policy and Threat Model for Log Plugin (#828)

Browse Source 
* Initial threat model and security contact

* Corrections and finalize policy
pull/832/head
Tillmann 2 years ago committed by GitHub
parent 69a1fa099c
commit 1eaf640255
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File

55
plugins/log/SECURITY.md
Unescape View File

@ -0,0 +1,55 @@
# Security Policy
**Do not report security vulnerabilities through public GitHub issues.**
**Please use the [Private Vulnerability Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) feature of GitHub.**
Include as much of the following information:
- Type of issue (e.g. improper input parsing, privilege escalation, etc.)
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- The distribution affected or used to help us with reproduction of the issue
- Step-by-step instructions to reproduce the issue
- Ideally a reproduction repository
- Impact of the issue, including how an attacker might exploit the issue
We prefer to receive reports in English.
## Contact
Please disclose a vulnerability or security relevant issue here: [https://github.com/tauri-apps/plugins-workspace/security/advisories/new](https://github.com/tauri-apps/plugins-workspace/security/advisories/new).
Alternatively, you can also contact us by email via [security@tauri.app](mailto:security@tauri.app).
## Threat Model
### Security Assumptions
- The log file interpreting applications are hardened, as input is not sanitized
- No log events in the rust core are leaked to the frontend unless explicitly configured to output to the `TargetKind::Webview` component
- The log events generated in the frontend can be accessed from everywhere in the frontend
- There is no secret censoring inbuilt and developers need to take care of what they log in their application
### Threats
#### Secret Leakage
One possible threat you need to consider when using this plugin is that secrets
in logs can theoretically be leaked when the application's frontend gets compromised.
For this threat to be possible all of the following requirements need to be fulfilled:
- `TargetKind::Webview` enabled OR secrets stem from frontend logs
- Frontend application is compromised via something like XSS (cross-site-scripting) OR logs are directly exposed
- Logs contain secrets or sensitive information
If these requirements are not met, the leakage should not be possible.
#### Out Of Scope
- Any exploits on the log viewer/file viewer accessing the logs
## Best Practices
Do not log secrets or sensitive values in your logging and ensure that the upstream crates are not leaking such values in their logging events.
Ensure that logs are sanitized or trusted before opening them with third party tools.
Write Preview
Loading…
Cancel
Save