Create rule S7085: Missing Navigation Filtering (#4305)
* Create rule S7085 * Added rule description for S7085 --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
This commit is contained in:
github-actions[bot]
GitHub
parent
82c24b65b4
commit
a8fe186b1c
23
rules/S7085/javascript/metadata.json
Normal file
23
rules/S7085/javascript/metadata.json
Normal file
@ -0,0 +1,23 @@
|
||||
{
|
||||
"title": "Missing Navigation Filtering",
|
||||
"type": "VULNERABILITY",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
"func": "Constant\/Issue",
|
||||
"constantCost": "5min"
|
||||
},
|
||||
"tags": [
|
||||
],
|
||||
"defaultSeverity": "Major",
|
||||
"ruleSpecification": "RSPEC-7085",
|
||||
"sqKey": "S7085",
|
||||
"scope": "All",
|
||||
"defaultQualityProfiles": ["Sonar way"],
|
||||
"quickfix": "unknown",
|
||||
"code": {
|
||||
"impacts": {
|
||||
"SECURITY": "MEDIUM"
|
||||
},
|
||||
"attribute": "COMPLETE"
|
||||
}
|
||||
}
|
||||
115
rules/S7085/javascript/rule.adoc
Normal file
115
rules/S7085/javascript/rule.adoc
Normal file
@ -0,0 +1,115 @@
|
||||
Unrestricted navigation in Electron applications can lead to security issues.
|
||||
|
||||
== Why is this an issue?
|
||||
|
||||
By default, Electron allows renderers to navigate to any location. This navigation can be triggered by clicking on the link of a web content page, by dragging and dropping URLs on the application’s window, and in other ways. This might allow navigating to malicious pages and websites that might be able to take advantage of potential render privileges (IPC events, exposed API functions, etc).
|
||||
|
||||
=== What is the potential impact?
|
||||
|
||||
Unrestricted navigation in Electron applications poses significant security risks. Electron apps combine web technologies with native capabilities, making them powerful but also potentially vulnerable to web-based attacks. If navigation is not properly restricted, malicious actors can exploit this to navigate to untrusted or harmful web content. This can lead to a variety of security issues, including:
|
||||
|
||||
==== Cross-Site Scripting (XSS) Attacks
|
||||
Unrestricted navigation can allow attackers to inject malicious scripts into the application, leading to data theft, session hijacking, or other malicious activities.
|
||||
|
||||
==== Phishing Attacks
|
||||
Users can be redirected to phishing sites that mimic legitimate services, tricking them into divulging sensitive information such as login credentials or financial details.
|
||||
|
||||
==== Remote Code Execution
|
||||
By navigating to a malicious site, an attacker might exploit vulnerabilities in the Electron app or its dependencies to execute arbitrary code on the user's machine.
|
||||
|
||||
== How to fix it
|
||||
|
||||
=== Code examples
|
||||
|
||||
==== Noncompliant code example
|
||||
|
||||
[source,javascript,diff-id=1,diff-type=noncompliant]
|
||||
----
|
||||
const { app, BrowserWindow } = require('electron/main')
|
||||
|
||||
const createWindow = () => {
|
||||
const win = new BrowserWindow({
|
||||
width: 600,
|
||||
height: 800,
|
||||
})
|
||||
|
||||
win.loadUrl('https://safe.example.com')
|
||||
}
|
||||
|
||||
app.whenReady().then(() => {
|
||||
createWindow()
|
||||
})
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,javascript,diff-id=1,diff-type=compliant]
|
||||
----
|
||||
const { app, BrowserWindow } = require('electron/main')
|
||||
const { URL } = require('url')
|
||||
|
||||
const createWindow = () => {
|
||||
const win = new BrowserWindow({
|
||||
width: 600,
|
||||
height: 800,
|
||||
})
|
||||
|
||||
win.loadUrl('https://safe.example.com')
|
||||
}
|
||||
|
||||
app.on('web-contents-created', (event, contents) => {
|
||||
contents.on('will-navigate', (event, navigationUrl) => {
|
||||
const parsedUrl = new URL(navigationUrl)
|
||||
|
||||
if (parsedUrl.origin !== 'https://safe.example.com') {
|
||||
event.preventDefault()
|
||||
}
|
||||
})
|
||||
})
|
||||
|
||||
app.whenReady().then(() => {
|
||||
createWindow()
|
||||
})
|
||||
----
|
||||
|
||||
=== How does this work?
|
||||
|
||||
The compliant code adds an event listener that will check for every webcontent that will navigate,
|
||||
if the target URL points to a safe host.
|
||||
|
||||
//=== Pitfalls
|
||||
|
||||
//=== Going the extra mile
|
||||
|
||||
|
||||
== Resources
|
||||
=== Documentation
|
||||
|
||||
* Electron Documentation - https://www.electronjs.org/docs/latest/tutorial/security#13-disable-or-limit-navigation[Disable or limit navigation]
|
||||
* Electron Documentation - https://www.electronjs.org/docs/latest/api/web-contents#event-will-navigate[Event: 'will-navigate']
|
||||
|
||||
|
||||
//=== Articles & blog posts
|
||||
//=== Conference presentations
|
||||
//=== Standards
|
||||
//=== External coding guidelines
|
||||
//=== Benchmarks
|
||||
|
||||
ifdef::env-github,rspecator-view[]
|
||||
|
||||
'''
|
||||
== Implementation Specification
|
||||
(visible only on this page)
|
||||
|
||||
=== Message
|
||||
* Make sure to restrict navigation targets.
|
||||
|
||||
=== Highlighting
|
||||
|
||||
Highlight the first new BrowserWindow() call that is found.
|
||||
|
||||
'''
|
||||
== Comments And Links
|
||||
(visible only on this page)
|
||||
|
||||
endif::env-github,rspecator-view[]
|
||||
2
rules/S7085/metadata.json
Normal file
2
rules/S7085/metadata.json
Normal file
@ -0,0 +1,2 @@
|
||||
{
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user