ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5604/javascript/rule.adoc
Alban Auzeill 2c306d110e Fix code block ambiguity with old header style 
Ensure blank line before list and clean the one leading space
2020-06-30 17:16:12 +02:00

56 lines
2.9 KiB
Plaintext
Raw Blame History

https://www.w3.org/TR/permissions/#powerful-feature[Powerful features] are browser features (geolocation, camera, microphone ...) that can be accessed with JavaScript API and may require a permission granted by the user. These features can have a high impact on privacy and user security thus they should only be used if they are really necessary to implement the critical parts of an application.
This rule highlights intrusive permissions when requested with https://developer.mozilla.org/en-US/docs/Web/API/Permissions/query[the future standard (but currently experimental) web browser query API] and specific APIs related to the permission. It is highly recommended to customize this rule with the permissions considered as intrusive in the context of the web application.
== Ask Yourself Whether
* Some powerful features used by the application are not really necessary.
* Users are not clearly informed why and when powerful features are used by the application.
You are at risk if you answered yes to any of those questions.
== Recommended Secure Coding Practices
* In order to respect user privacy it is recommended to avoid using intrusive powerful features.
== Sensitive Code Example
When using https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API[geolocation API], Firefox for example retrieves personal information like nearby wireless access points and IP address and sends it to the default geolocation service provider, https://www.google.com/privacy/lsf.html[Google Location Services]:
----
navigator.permissions.query({name:"geolocation"}).then(function(result) {
}); // Sensitive: geolocation is a powerful feature with high privacy concerns
navigator.geolocation.getCurrentPosition(function(position) {
console.log("coordinates x="+position.coords.latitude+" and y="+position.coords.longitude);
}); // Sensitive: geolocation is a powerful feature with high privacy concerns
----
== Compliant Solution
If geolocation is required, always explain to the user why the application needs it and prefer requesting an approximate location when possible:
----
<html>
<head>
<title>
Retailer website example
</title>
</head>
<body>
Type a city, street or zip code where you want to retrieve the closest retail locations of our products:
<form method=post>
<input type=text value="New York"> <!-- Compliant -->
</form>
</body>
</html>
----
== See
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Web Top 10 2017 Category A3] - Sensitive Data Exposure
* https://cwe.mitre.org/data/definitions/250.html[CWE-250] - Execution with Unnecessary Privileges
* https://cwe.mitre.org/data/definitions/359.html[CWE-359] - Exposure of Private Information
* https://www.w3.org/TR/permissions/[W3C] - Permissions
* https://support.mozilla.org/en-US/kb/does-firefox-share-my-location-websites[Mozilla] - Does Firefox share my location with websites?
Reference in New Issue View Git Blame Copy Permalink