Skip to content

Latest commit

 

History

History
42 lines (32 loc) · 3.73 KB

threat-modeling.md

File metadata and controls

42 lines (32 loc) · 3.73 KB

Threat Model Analysis for facebook/yoga

Threat: Excessive Node Nesting DoS

  • Threat: Excessive Node Nesting DoS

    • Description: An attacker crafts an input layout configuration with an extremely deep hierarchy of nested nodes (e.g., thousands of nested nodes). This overwhelms Yoga's recursive layout calculations.
    • Impact: Denial of Service (DoS). The application becomes unresponsive or crashes due to excessive CPU consumption and/or stack overflow.
    • Affected Yoga Component: YGNodeCalculateLayout (and recursively called functions within it), the core layout calculation function. The node tree structure (YGNodeRef) is also implicated.
    • Risk Severity: High
    • Mitigation Strategies:
      • Input Validation (Nesting Depth Limit): Impose a strict limit on the maximum allowed nesting depth of nodes in the layout configuration. A reasonable limit (e.g., 50-100 levels) should be sufficient.
      • Recursive Depth Check: Within the application code that processes the layout configuration before passing it to Yoga, implement a check for excessive nesting depth.
      • Timeouts: Implement a timeout for the overall layout calculation. If it exceeds the timeout, terminate the calculation.

Threat: Extreme Dimension Values DoS

  • Threat: Extreme Dimension Values DoS

    • Description: An attacker provides layout configurations with extremely large values for dimensions (width, height, margins, padding) or flex properties (flex-grow, flex-shrink). This can lead to integer overflows or excessive memory allocation.
    • Impact: Denial of Service (DoS) or potentially memory corruption. The application may crash, become unresponsive, or exhibit unexpected behavior.
    • Affected Yoga Component: YGNodeCalculateLayout, specifically the parts handling dimension calculations and constraint solving. Functions related to floating-point arithmetic and rounding are also relevant.
    • Risk Severity: High
    • Mitigation Strategies:
      • Input Validation (Value Range Limits): Enforce strict limits on the maximum and minimum allowed values for all dimension and flex properties. Use reasonable, context-specific limits.
      • Sanitize Input: Before passing values to Yoga, sanitize them to ensure they are within acceptable bounds. Clamp values to the limits if necessary.
      • Overflow Checks (if applicable): If working with a language/environment where integer overflows are a concern, add explicit checks.

Threat: Yoga Library Tampering (Supply Chain)

  • Threat: Yoga Library Tampering (Supply Chain)

    • Description: An attacker compromises the Yoga library itself (e.g., through a compromised dependency or a malicious build) and injects malicious code.
    • Impact: Potentially any of the above (DoS, Information Disclosure, Spoofing), or even arbitrary code execution, depending on the nature of the injected code.
    • Affected Yoga Component: Potentially any part of the Yoga library.
    • Risk Severity: Critical
    • Mitigation Strategies:
      • Use Trusted Sources: Obtain Yoga from official sources (e.g., official GitHub repository, trusted package manager).
      • Verify Integrity: Use checksums or digital signatures to verify the integrity of the Yoga library before using it.
      • Dependency Management: Use a secure dependency management system that can detect and prevent the inclusion of compromised dependencies.
      • Regular Updates: Keep Yoga and all related dependencies up-to-date.