rspec/rules/S7071/rationale.adoc

Chromium uses process sandboxing to separate components that are part of 
its attack surface from the rest of the application. Since Electron uses 
Chromium internally, the same sandboxing principle is used here for the 
renderers and for preload scripts.

Renderer sandboxing is a critical component of the security model of 
Electron. Within the renderer, it is only possible to access a limited 
subset of APIs. Any privileged actions, e.g. filesystem interactions or 
spawning subprocesses, have to be executed through IPC with the main 
process. If renderer sandboxing is disabled, then an attacker who gains 
code execution within the renderer (for example through XSS) can pivot 
this easily into file system access and RCE.
Create rule S7071: Sandboxing should be enabled (#4304) * Add html to rule S7071 * Add HTML to S7071 * Added message and highlighting --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> 2024-09-20 13:48:02 +02:00			`Chromium uses process sandboxing to separate components that are part of`
			`its attack surface from the rest of the application. Since Electron uses`
			`Chromium internally, the same sandboxing principle is used here for the`
			`renderers and for preload scripts.`

			`Renderer sandboxing is a critical component of the security model of`
			`Electron. Within the renderer, it is only possible to access a limited`
			`subset of APIs. Any privileged actions, e.g. filesystem interactions or`
			`spawning subprocesses, have to be executed through IPC with the main`
			`process. If renderer sandboxing is disabled, then an attacker who gains`
			`code execution within the renderer (for example through XSS) can pivot`
			`this easily into file system access and RCE.`