Skip to content

Latest commit

 

History

History
163 lines (113 loc) · 11.5 KB

mitigations.md

File metadata and controls

163 lines (113 loc) · 11.5 KB

Mitigation Strategies Analysis for zenorocha/clipboard.js

Mitigation Strategy: Input Validation and Sanitization

Mitigation Strategy: Input Validation and Sanitization

  • Description:

    1. Identify Copy Sources: Determine all locations in the code where data is passed to clipboard.js for copying. This includes event handlers attached to buttons using clipboard.js, or any other user interactions that trigger a copy operation via this library.
    2. Define Allowed Data Format: For each copy source, define a strict whitelist of allowed characters, data types, and formats. This should be as restrictive as possible. Examples:
      • URLs: Use a regular expression that enforces a valid URL structure.
      • Text Snippets: Define maximum length, allowed characters, and disallow HTML tags.
      • Cryptocurrency Addresses: Validate against the specific cryptocurrency's address format.
    3. Implement Validation: Before passing data to clipboard.js, use the whitelist to validate. Reject non-conforming data. Use:
      • Regular expressions.
      • Custom validation functions.
      • Built-in JavaScript methods.
    4. Implement Sanitization: After validation, use a sanitization library (like DOMPurify, even for plain text) to remove harmful characters or code. Configure it strictly, allowing only necessary elements (ideally none for plain text). This is crucial even if you think you're only copying plain text.
    5. Error Handling: If validation/sanitization fails, handle the error. Do not copy the data. Provide user feedback (if appropriate) without revealing sensitive details.
    6. Test Thoroughly: Create unit and integration tests to verify validation and sanitization for various inputs, including edge cases and malicious payloads. Specifically test how clipboard.js handles these cases.

  • List of Threats Mitigated:

    • Malicious Clipboard Overwriting (High Severity): Prevents injection of malicious code (JavaScript, shell commands) or data (phishing links, wrong cryptocurrency addresses) into the clipboard content through clipboard.js.
    • Data Exfiltration (Medium Severity): Reduces risk of attackers using XSS to manipulate clipboard.js to exfiltrate data. Sanitization limits the attacker's control over copied content.

  • Impact:

    • Malicious Clipboard Overwriting: Significantly reduces risk. This is the primary defense.
    • Data Exfiltration: Reduces risk, but doesn't eliminate it. A crucial layer, but other mitigations are needed.

  • Currently Implemented: (Example: Validation for URLs, but no sanitization. Basic error handling.) Fill in based on your project.

  • Missing Implementation: (Example: Sanitization missing. Comprehensive unit tests lacking.) Fill in based on your project.

Mitigation Strategy: User Confirmation with Preview

Mitigation Strategy: User Confirmation with Preview

  • Description:

    1. Disable Automatic Copy: Ensure clipboard.js is not configured for automatic copying on clicks/hovers without confirmation. This is a direct configuration change to how you use clipboard.js.
    2. Create Preview Area: Designate a UI area (modal, tooltip, etc.) to preview the content.
    3. Display Exact Content: Before the clipboard.js copy operation, populate the preview with the exact text that will be copied. This is the output of validation/sanitization.
    4. Require Explicit Action: Require the user to click a "Copy to Clipboard" button after reviewing the preview. Do not proceed until clicked. This directly impacts how you trigger the clipboard.js functionality.
    5. Provide Visual Feedback: After clicking, provide feedback (animation, message) to confirm the copy.
    6. Accessibility: Ensure preview and confirmation are accessible (screen readers, etc.).

  • List of Threats Mitigated:

    • Malicious Clipboard Overwriting (High Severity): User can inspect content before clipboard.js copies it, detecting discrepancies.
    • Unexpected Clipboard Modification (Medium Severity): User is aware of the modification and content.

  • Impact:

    • Malicious Clipboard Overwriting: Significantly reduces risk (with validation/sanitization). Crucial user awareness layer.
    • Unexpected Clipboard Modification: Eliminates risk, as the user is involved.

  • Currently Implemented: (Example: No preview/confirmation. Copy on button click.) Fill in based on your project.

  • Missing Implementation: (Example: Implement preview/confirmation for all clipboard.js actions.) Fill in based on your project.

Mitigation Strategy: Limit Copyable Data Types

Mitigation Strategy: Limit Copyable Data Types

  • Description:

    1. Assess Data Needs: Determine the minimum data type needed. If plain text is enough, don't allow HTML.
    2. Use text Option: When initializing clipboard.js, use the text option (or data-clipboard-text attribute) to explicitly copy only plain text. This is the key clipboard.js-specific step.
      • Example: new ClipboardJS('.btn', { text: function(trigger) { return validatedAndSanitizedText; } });
    3. Avoid target Option (If Possible): The target option (or data-clipboard-target) copies from another element, which might include HTML. Avoid if plain text is sufficient. This is a direct choice in how you configure clipboard.js.
    4. Strict Sanitization (If HTML is Necessary): If you must copy HTML, use very strict sanitization (DOMPurify). This is a last resort.

  • List of Threats Mitigated:

    • Malicious Clipboard Overwriting (High Severity): Reduces attack surface by limiting data types. Plain text is less vulnerable than HTML.

  • Impact:

    • Malicious Clipboard Overwriting: Significantly reduces risk if plain text is sufficient. If HTML is needed, risk reduction is less, and sanitization is critical.

  • Currently Implemented: (Example: target option used, allowing HTML. No text option.) Fill in based on your project.

  • Missing Implementation: (Example: Use text option where plain text is enough. Strict sanitization where HTML is required.) Fill in based on your project.

Mitigation Strategy: Short-Lived Copy Actions

Mitigation Strategy: Short-Lived Copy Actions

  • Description:

    1. Identify Copy Triggers: Determine user actions that trigger copy (button clicks, etc.).
    2. On-Demand Initialization: Instead of global initialization, create the ClipboardJS instance only when the trigger event occurs. This is a fundamental change in how you use the library.
      • Example (see previous, full example).
    3. Immediate Destruction: After copy (success or error), immediately destroy the instance: clipboard.destroy(). This removes listeners and prevents further interaction. This is a crucial clipboard.js-specific step.
    4. Avoid Global Instances: Minimize globally scoped ClipboardJS instances.

  • List of Threats Mitigated:

    • Malicious Clipboard Overwriting (Medium Severity): Reduces the window of opportunity.
    • Data Exfiltration (Low Severity): Makes it slightly harder to exploit.

  • Impact:

    • Malicious Clipboard Overwriting: Moderate risk reduction.
    • Data Exfiltration: Small risk reduction.

  • Currently Implemented: (Example: Global ClipboardJS instance on page load.) Fill in based on your project.

  • Missing Implementation: (Example: Refactor to on-demand initialization and immediate destruction.) Fill in based on your project.

Mitigation Strategy: Transparency and User Expectations

Mitigation Strategy: Transparency and User Expectations

  • Description:

    1. Clear Visual Cues: Place elements triggering clipboard.js actions near the affected content.
    2. Descriptive Labels: Use clear labels (e.g., "Copy Link to Clipboard").
    3. Avoid Hidden Actions: Do not use clipboard.js for unexpected actions (hover, scroll). This is about how you choose to use the library's functionality.
    4. User Education: If interaction is complex, provide instructions.

  • List of Threats Mitigated:

    • Unexpected Clipboard Modification (Medium Severity): Prevents confusion by informing users.

  • Impact:

    • Unexpected Clipboard Modification: Eliminates risk.

  • Currently Implemented: (Example: Generic labels ("Copy"). No tooltips.) Fill in based on your project.

  • Missing Implementation: (Example: Improve labels. Add tooltips/cues.) Fill in based on your project.

Mitigation Strategy: Avoid Automatic Copying

Mitigation Strategy: Avoid Automatic Copying

  • Description:

    1. Review Code: Find instances of clipboard.js configured for automatic copying (page load, hover, focus).
    2. Remove Automatic Triggers: Remove listeners/configurations causing automatic copies. This is a direct change to your clipboard.js usage.
    3. Require Explicit Action: All clipboard.js operations should be initiated by user action (button click, etc.).

  • List of Threats Mitigated:

    • Unexpected Clipboard Modification (Medium Severity): Prevents modification without consent.
    • Malicious Clipboard Overwriting (Low Severity): Slightly reduces risk.

  • Impact:

    • Unexpected Clipboard Modification: Eliminates risk.
    • Malicious Clipboard Overwriting: Small reduction.

  • Currently Implemented: (Example: Automatic copy on page load.) Fill in based on your project.

  • Missing Implementation: (Example: Remove automatic copy. Require button click.) Fill in based on your project.

Mitigation Strategy: Minimize Clipboard.js Usage (Consider Native API)

Mitigation Strategy: Minimize Clipboard.js Usage (Consider Native API)

  • Description:

    1. Evaluate navigator.clipboard: Check if navigator.clipboard.writeText() can be used instead. It's widely supported.
    2. Replace If Possible: If the native API is sufficient, replace clipboard.js with it. This removes the dependency.
    3. Justify Remaining Usage: If clipboard.js can't be removed, document why (older browser support, specific features).
    4. Permission request: If using navigator.clipboard API, make sure that you are requesting permission from user before accessing clipboard.

  • List of Threats Mitigated:

    • Malicious Clipboard Overwriting (Low Severity): Reduces attack surface by removing a dependency. Native API is generally more secure.
    • Unexpected Clipboard Modification (Low Severity): Native API often has built-in security.

  • Impact:

    • Malicious Clipboard Overwriting: Small reduction.
    • Unexpected Clipboard Modification: Small reduction.

  • Currently Implemented: (Example: clipboard.js used throughout.) Fill in based on your project.

  • Missing Implementation: (Example: Evaluate replacing clipboard.js with navigator.clipboard. Replace where possible.) Fill in based on your project.