Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 3.29 KB

threat-modeling.md

File metadata and controls

47 lines (38 loc) · 3.29 KB

Threat Model Analysis for facebook/hermes

Threat: Threat 1: Bytecode Modification After Deployment

  • Description: An attacker gains access to the deployed application's files and modifies the precompiled Hermes bytecode. They replace legitimate bytecode with malicious code.
    • Impact: Complete application compromise. Arbitrary code execution with the application's privileges.
    • Affected Hermes Component: The precompiled bytecode file (.hbc). The entire Hermes runtime.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Code Signing: Digitally sign the bytecode and verify the signature before execution.
      • Secure Storage: Use platform-specific secure storage.
      • Integrity Checks: Runtime hash checks (e.g., SHA-256).
      • Secure Delivery (CDN): HTTPS with certificate pinning.
      • Tamper Detection: Monitor for file modifications.

Threat: Threat 2: Exploitation of a Vulnerability in Hermes's JSON.parse Implementation

  • Description: An attacker crafts a malicious JSON payload to exploit a vulnerability in Hermes's JSON.parse.
    • Impact: Potential for denial-of-service (crash) or arbitrary code execution within the Hermes runtime.
    • Affected Hermes Component: The JSON.parse function within Hermes's standard library.
    • Risk Severity: High (potentially Critical if it leads to code execution)
    • Mitigation Strategies:
      • Stay Updated: Keep Hermes updated.
      • Input Validation: Validate JSON structure and content before parsing.
      • Fuzz Testing: Fuzz test JSON.parse handling.

Threat: Threat 3: Exploitation of a Vulnerability in the Hermes Garbage Collector

  • Description: An attacker crafts JavaScript operations to trigger a bug in Hermes's garbage collector (e.g., use-after-free, double-free).
    • Impact: Application crashes (DoS) or potentially exploitable memory corruption (leading to code execution).
    • Affected Hermes Component: The Hermes garbage collector.
    • Risk Severity: High (potentially Critical if exploitable for code execution)
    • Mitigation Strategies:
      • Stay Updated: Keep Hermes updated.
      • Fuzz Testing: Fuzz test with a focus on memory management.

Threat: Threat 4: Debugger Enabled in Production

  • Description: The Hermes debugger is accidentally left enabled in a production build. An attacker connects to it remotely.
    • Impact: The attacker can inspect memory, modify variables, execute arbitrary JavaScript, and extract sensitive data.
    • Affected Hermes Component: The Hermes debugger.
    • Risk Severity: High
    • Mitigation Strategies:
      • Disable Debugger: Ensure the debugger is disabled in production builds.
      • Network Restrictions: Restrict debugger access to trusted IPs.
      • Authentication: Implement strong authentication if remote debugging is necessary.