Skip to content

Latest commit

 

History

History
63 lines (50 loc) · 5.27 KB

mitigations.md

File metadata and controls

63 lines (50 loc) · 5.27 KB

Mitigation Strategies Analysis for naptha/tesseract.js

Mitigation Strategy: Resource Limits (Timeouts within tesseract.js calls)

Description:

  1. Timeouts:
    • Wrap the tesseract.js recognize() function call within a Promise that also incorporates a timeout mechanism.
    • Utilize Promise.race() to resolve with either the OCR result from tesseract.js or a timeout error. This prevents the recognize() call from running indefinitely.
    • Establish a reasonable timeout duration (e.g., 30 seconds, 60 seconds) based on the anticipated processing time for typical images within your application's context. Adjust this value as needed based on testing and observation.
    • If the timeout is triggered, reject the Promise and handle the resulting error appropriately. This might involve logging the error, displaying a message to the user, or retrying with a different image or configuration.
    • Example (JavaScript): 
      async function recognizeWithTimeout(image, timeoutMs) {
    const ocrPromise = Tesseract.recognize(image); // Direct tesseract.js call
    const timeoutPromise = new Promise((_, reject) => {
        setTimeout(() => reject(new Error('OCR timeout')), timeoutMs);
    });
    return Promise.race([ocrPromise, timeoutPromise]);
}

  • List of Threats Mitigated:

    • Denial of Service (DoS) (High Severity): Directly prevents attackers from submitting complex or crafted images designed to cause excessively long processing times within the tesseract.js engine, leading to resource exhaustion.

  • Impact:

    • Denial of Service (DoS): Significantly reduces the risk by placing a hard limit on the execution time of the tesseract.js recognize() function.

  • Currently Implemented:

    • Specify where this timeout mechanism is implemented in relation to tesseract.js calls. Example: "Implemented in the processImage function in ocrService.js, wrapping the Tesseract.recognize() call."

  • Missing Implementation:

    • Identify any instances where Tesseract.recognize() is called without a timeout. Example: "The quickOCR function in utility.js calls Tesseract.recognize() directly without any timeout mechanism."

Mitigation Strategy: Disable Unnecessary Features (Language Models and Options)

Description:

  1. Language Selection:
    • During the initialization of tesseract.js, or when calling Tesseract.recognize(), explicitly specify only the language models that are absolutely required for your application's functionality. Do not load all available languages.
    • Utilize the lang parameter within Tesseract.recognize() to define the specific language(s) to be used for OCR.
    • Example: Tesseract.recognize(image, 'eng') // Only use the English language model.
    • Example: Tesseract.recognize(image, 'eng+fra') // Use English and French models.
  2. Option Review and Minimization:
    • Thoroughly examine all available configuration options provided by the tesseract.js API documentation.
    • Disable or avoid setting any options that are not strictly necessary for your application's core OCR functionality. This minimizes the potential attack surface.
    • For instance, if you don't need to specify a custom worker path, don't set the workerPath option. Rely on the default behavior whenever possible.
    • Document the rationale for each option that is explicitly set, explaining why it's needed.

  • List of Threats Mitigated:

    • Vulnerabilities in Unused Language Models (Low Severity): Reduces the risk, albeit small, of potential vulnerabilities within language models that are loaded but never actually used by your application.
    • Denial of Service (DoS) (Low Severity): Loading fewer language models can marginally decrease memory consumption and initialization time, offering a slight improvement in resource usage.
    • Exploitation of Unnecessary Features (Variable Severity): By minimizing the number of active features and options, you reduce the overall attack surface, making it less likely that an attacker can find and exploit an obscure or unintended behavior.

  • Impact:

    • Vulnerabilities in Unused Language Models: Low impact, but a good security practice.
    • Denial of Service (DoS): Minor impact on resource usage.
    • Exploitation of Unnecessary Features: The impact varies depending on the specific features disabled, but generally contributes to a more secure configuration.

  • Currently Implemented:

    • Describe the current configuration of tesseract.js regarding language models and options. Example: "Only the 'eng' language model is loaded. The tessedit_char_whitelist option is set to restrict recognized characters."

  • Missing Implementation:

    • Identify any areas where unnecessary features are enabled. Example: "The 'deu' (German) language model is loaded, but the application only supports English and Spanish. The workerPath option is set, but the default worker location would suffice."