Skip to content

Latest commit

 

History

History
89 lines (80 loc) · 7.13 KB

mitigations.md

File metadata and controls

89 lines (80 loc) · 7.13 KB

Mitigation Strategies Analysis for marcuswestin/webviewjavascriptbridge

Mitigation Strategy: Strictly Control Exposed Native Functions

  • Description:
    1. Inventory Native Functions: Create a comprehensive list of all native functions that are potentially exposable through the webviewjavascriptbridge.
    2. Necessity Assessment: For each function, critically evaluate if it is absolutely necessary to expose it to the WebView.
    3. Whitelist Implementation: Implement a strict whitelist on the native side, explicitly defining allowed native functions for JavaScript calls.
    4. Secure Registration Mechanism: Ensure the function registration with the bridge is secure and not bypassable.
    5. Regular Review: Regularly review and update the whitelist, removing unnecessary functions.
  • Threats Mitigated:
    • Unintended Native Function Calls (High Severity): Malicious JavaScript could call unintended, sensitive native functions, leading to data breaches or system compromise.
    • Privilege Escalation (High Severity): Attackers could exploit exposed functions to gain elevated privileges.
  • Impact:
    • Unintended Native Function Calls (High Risk Reduction): Significantly reduces attack vectors by limiting exposed functions.
    • Privilege Escalation (High Risk Reduction): Makes privilege escalation attacks much harder.
  • Currently Implemented:
    • Whitelist partially implemented in NativeBridgeManager.java (Android) and NativeBridge.swift (iOS).
    • Currently, only functions related to user profile retrieval (getUserProfile) and logging (sendAppLog) are whitelisted.
  • Missing Implementation:
    • Whitelist not formally documented or fully enforced.
    • No automated checks for whitelist enforcement.
    • No scheduled process for whitelist review.

Mitigation Strategy: Input Validation and Sanitization on Native Side

  • Description:
    1. Identify Input Points: Pinpoint all native code locations processing data from webviewjavascriptbridge.
    2. Define Validation Rules: Define strict validation rules for each input point based on expected data type, format, and values.
    3. Implement Validation Logic: Implement robust input validation in native code before processing data from JavaScript.
    4. Sanitize Data: Sanitize input data to prevent injection attacks (e.g., encoding, escaping, type conversion).
    5. Error Handling: Implement proper error handling for invalid input, rejecting it gracefully and logging errors.
  • Threats Mitigated:
    • Injection Attacks (High Severity): Data from WebView could inject malicious code into native operations (SQL, command injection, etc.).
    • Data Integrity Issues (Medium Severity): Invalid data from WebView could cause crashes or data corruption.
  • Impact:
    • Injection Attacks (High Risk Reduction): Crucial for preventing injection attacks, reducing high-severity risks.
    • Data Integrity Issues (Medium Risk Reduction): Improves data integrity and application stability.
  • Currently Implemented:
    • Basic input validation for getUserProfile (data type checks).
    • Partial sanitization for logging messages in sendAppLog.
  • Missing Implementation:
    • Comprehensive input validation missing for many native functions.
    • Sanitization not consistently applied across all functions.
    • No centralized validation/sanitization library.

Mitigation Strategy: Regularly Update WebviewJavascriptBridge Library

  • Description:
    1. Dependency Management: Integrate webviewjavascriptbridge into project dependency management.
    2. Monitoring for Updates: Regularly check for library updates on GitHub or dependency management tools.
    3. Update and Test: Update the library when updates are available and thoroughly test the application.
    4. Security Advisory Monitoring: Monitor security advisories for webviewjavascriptbridge and its dependencies.
    5. Patching Process: Establish a process for quickly patching the library for security vulnerabilities.
  • Threats Mitigated:
    • Vulnerabilities in WebviewJavascriptBridge Library (High Severity): Vulnerabilities in the library itself could directly compromise application security.
    • Dependency Vulnerabilities (Medium Severity): Indirectly mitigates vulnerabilities in the library's dependencies.
  • Impact:
    • Vulnerabilities in WebviewJavascriptBridge Library (High Risk Reduction): Patches known vulnerabilities, significantly reducing exploitation risk.
    • Dependency Vulnerabilities (Medium Risk Reduction): Indirectly improves security by updating dependencies.
  • Currently Implemented:
    • webviewjavascriptbridge is in project dependency management (Gradle/Swift Package Manager).
    • Developers are generally aware of dependency update needs.
  • Missing Implementation:
    • No automated update checks or notifications.
    • No formal process for regular updates.
    • No established process for monitoring security advisories for webviewjavascriptbridge.

Mitigation Strategy: Implement Authentication and Authorization for Sensitive Native Functions (If Applicable)

  • Description:
    1. Identify Sensitive Functions: Determine which exposed native functions are sensitive.
    2. Authentication Mechanism Design: Design an authentication method to verify JavaScript calls to sensitive functions (API keys, tokens, session management, signatures).
    3. Authorization Checks: Implement native-side authorization checks to verify if authenticated JavaScript is authorized to call the function.
    4. Secure Key Management (If using API Keys/Tokens): Securely manage API keys or tokens, avoiding hardcoding in JavaScript.
  • Threats Mitigated:
    • Unauthorized Access to Sensitive Functions (High Severity): Any JavaScript could call sensitive functions without control.
    • Data Breaches (High Severity): Unauthorized access to sensitive functions could lead to data breaches.
  • Impact:
    • Unauthorized Access to Sensitive Functions (High Risk Reduction): Prevents unauthorized JavaScript from calling sensitive functions.
    • Data Breaches (High Risk Reduction): Protects sensitive data by controlling access to functions.
  • Currently Implemented:
    • No authentication or authorization mechanisms are implemented.
    • All whitelisted functions are accessible without authentication.
  • Missing Implementation:
    • Authentication mechanism needs to be designed and implemented.
    • Authorization checks need to be implemented on the native side.
    • Secure key management strategy is needed if using API keys/tokens.