16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
85 lines
3.4 KiB
Plaintext
85 lines
3.4 KiB
Plaintext
https://www.w3.org/TR/permissions/#powerful-feature[Powerful features] are browser features (geolocation, camera, microphone ...) that can be accessed with JavaScript API and may require a permission granted by the user. These features can have a high impact on privacy and user security thus they should only be used if they are really necessary to implement the critical parts of an application.
|
|
|
|
|
|
This rule highlights intrusive permissions when requested with https://developer.mozilla.org/en-US/docs/Web/API/Permissions/query[the future standard (but currently experimental) web browser query API] and specific APIs related to the permission. It is highly recommended to customize this rule with the permissions considered as intrusive in the context of the web application.
|
|
|
|
== Ask Yourself Whether
|
|
|
|
* Some powerful features used by the application are not really necessary.
|
|
* Users are not clearly informed why and when powerful features are used by the application.
|
|
|
|
You are at risk if you answered yes to any of those questions.
|
|
|
|
== Recommended Secure Coding Practices
|
|
|
|
* In order to respect user privacy it is recommended to avoid using intrusive powerful features.
|
|
|
|
== Sensitive Code Example
|
|
|
|
When using https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API[geolocation API], Firefox for example retrieves personal information like nearby wireless access points and IP address and sends it to the default geolocation service provider, https://www.google.com/privacy/lsf.html[Google Location Services]:
|
|
|
|
----
|
|
navigator.permissions.query({name:"geolocation"}).then(function(result) {
|
|
}); // Sensitive: geolocation is a powerful feature with high privacy concerns
|
|
|
|
navigator.geolocation.getCurrentPosition(function(position) {
|
|
console.log("coordinates x="+position.coords.latitude+" and y="+position.coords.longitude);
|
|
}); // Sensitive: geolocation is a powerful feature with high privacy concerns
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
If geolocation is required, always explain to the user why the application needs it and prefer requesting an approximate location when possible:
|
|
|
|
[source,javascript]
|
|
----
|
|
<html>
|
|
<head>
|
|
<title>
|
|
Retailer website example
|
|
</title>
|
|
</head>
|
|
<body>
|
|
Type a city, street or zip code where you want to retrieve the closest retail locations of our products:
|
|
<form method=post>
|
|
<input type=text value="New York"> <!-- Compliant -->
|
|
</form>
|
|
</body>
|
|
</html>
|
|
----
|
|
|
|
== See
|
|
|
|
* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Web Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://cwe.mitre.org/data/definitions/250[MITRE, CWE-250] - Execution with Unnecessary Privileges
|
|
* https://cwe.mitre.org/data/definitions/359[MITRE, CWE-359] - Exposure of Private Information
|
|
* https://www.w3.org/TR/permissions/[W3C] - Permissions
|
|
* https://support.mozilla.org/en-US/kb/does-firefox-share-my-location-websites[Mozilla] - Does Firefox share my location with websites?
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Make sure the use of [xxx] is necessary.
|
|
|
|
|
|
=== Parameters
|
|
|
|
.permissions
|
|
****
|
|
_string_
|
|
|
|
----
|
|
geolocation
|
|
----
|
|
|
|
Comma-separated list of intrusive permissions to report (supported values: geolocation, camera, microphone, notifications, persistent-storage)
|
|
****
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|