Closed
Bug 814659
Opened 12 years ago
Closed 11 years ago
[Homescreen] Vulnerability analysis issues - DoATAPI.js
Categories
(Firefox OS Graveyard :: Gaia::Everything.me, defect)
Tracking
(b2g18+ fixed, b2g18-v1.0.1 fixed)
RESOLVED
FIXED
People
(Reporter: macajc, Assigned: evyatar)
References
Details
Attachments
(1 file)
231 bytes,
text/html
|
crdlc
:
review+
lsblakk
:
approval-gaia-v1+
|
Details |
We have run an automated vulnerability analysis on the Gaia code. After manually filtering the results we have found the following possible issue on the Homescreen app: * everything.me/js/api/DoATAPI.js On lines 877 and 594 of DoATAPI.js the program uses insecure Randomness. Standard pseudo-random number generators cannot withstand cryptographic attacks. 875 var queryString = {}; 876 (location.search || '').replace(/(?:[?&]|^)([^=]+)=([^&]*)/g, function(ig, k, v) {queryString[k] = v;}) 877 return queryString["did"] || "web_" + (new Date()).getTime() + "" + Math.round(Math.random()*1234567890); 878 } 592 593 this.generateId = function() { 594 return SESSION_PREFIX + Math.round(Math.random()*1234567890); 595 }; 596 The standard pseudorandom generator isn't good enough for anything that requires non predictability. If this session is used to keeping track of a session at the server, a more robust generator should be used. http://baagoe.org/en/w/index.php/Better_random_numbers_for_javascript homescreen's everything.me/js/api/DoATAPI.js can be checked for a better way to implement this.
Updated•12 years ago
|
Assignee: nobody → ran
Reporter | ||
Updated•12 years ago
|
Assignee: ran → nobody
Updated•12 years ago
|
Component: Gaia::Homescreen → Gaia::Everything.me
Reporter | ||
Comment 1•12 years ago
|
||
>> homescreen's everything.me/js/api/DoATAPI.js can be checked for a better way to >> implement this.
Sorry for the error. This should read "Calendar's js/ext/uuid.js can be checked for a better way to securely implement random number generation"
Comment 2•11 years ago
|
||
We'll implement the uuid.js to replace Math.random()
Assignee | ||
Comment 3•11 years ago
|
||
Assignee: nobody → evyatar
Attachment #707034 -
Flags: review?(crdlc)
Attachment #707034 -
Flags: approval-gaia-v1?(francisco.jordano)
Updated•11 years ago
|
Status: NEW → ASSIGNED
Comment 4•11 years ago
|
||
Comment on attachment 707034 [details]
Patch - redirect to github PR
ok from my side
Attachment #707034 -
Flags: review?(crdlc) → review+
Comment 5•11 years ago
|
||
Nominating as tracking-b2g18 cause it could represent a security issue. The bug is reviewed, IMHO, we should accept it for v1-train. Thanks, F.
tracking-b2g18:
--- → ?
Updated•11 years ago
|
Comment 6•11 years ago
|
||
Comment on attachment 707034 [details]
Patch - redirect to github PR
approving for v1-train.
Attachment #707034 -
Flags: approval-gaia-v1?(francisco.jordano) → approval-gaia-v1+
Assignee | ||
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 7•11 years ago
|
||
382badc6261f37155b9876eb56aa6f97b4b73f83
Comment 8•11 years ago
|
||
(In reply to John Ford [:jhford] from comment #7) > 382badc6261f37155b9876eb56aa6f97b4b73f83 v1-train: 382badc6261f37155b9876eb56aa6f97b4b73f83
status-b2g18:
--- → fixed
Comment 9•11 years ago
|
||
Batch edit: bugs fixed on b2g18 since 1/25 branch of v1.0 are fixed on v1.0.1
status-b2g18-v1.0.1:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•