開発者向けセキュリティ チェックリスト
この文書は、開発者向けセキュリティ の補足として提供されています。 これは、一般的な開発タスクと、実行する必要のあるセキュリティ対策のリストです。
セキュリティ チェックリスト
If you are working with ... | have you ... |
---|---|
Cookie |
# Attempt to fetch the UserID cookie value. Note: The
# value returned isn't trusted and is forced to be an int.
$sId = intval( $wgRequest->getCookie( 'UserID' ) );
|
動的コード生成 |
Avoid using functions like
Sometimes you really do need these features (obviously Inline lambda functions will make it easier to make your callback inline while retaining the benefits of code that's written in native syntax instead of strings.
$str = preg_replace( "!" . preg_quote( $externalStr, '!' ) . "!", $replacement, $str );
|
外部プログラム |
// Automatically escape any naughty characters
$result = Shell::command( $cmd, '--version' )
->params( 'some', 'extra', 'parameters' )
->execute();
Note that old |
フォーム |
|
GET データ |
# Check if the action parameter is set to 'purge'
if ( $wgRequest->getVal( 'action' ) == 'purge' ) {
...
|
出力 (API、CSS、JavaScript、HTML、XML など)Any content that MediaWiki generates can be a vector for XSS attacks. |
# rawElement() escapes all attribute values
# (which, in this case, is provided by $myClass)
echo Html::rawElement( 'p', [ 'class' => $myClass ] );
|
利用者提供 CSSUser provided CSS (Say for use in a |
# let $CSSFromUser be the user's CSS.
echo Html::rawElement( 'p', [ 'style' => Sanitizer::checkCss( $CSSFromUser ) ] );
|
POST データ |
# Check if the action parameter is set to 'render'
if ( $wgRequest->getVal( 'action' ) == 'render' ) {
...
|
クエリ文字列 |
|
セッション |
|
レビュアーの不安 |
# $wgRequest isn't yet available. Forced to use $_GET instead.
if ( $_GET['setupTestSuite'] !== null ) {
$setupTestSuiteName = $_GET['setupTestSuite'];
...
|
SQL クエリ |
自動チェック
Some of these issues can be checked with phan-taint-check-plugin, which is required for all MediaWiki code in Wikimedia production. This is of course just a tool, and it cannot detect all issue types, and may miss issues even in the issue types it can check for.
関連項目