Skip to content

Latest commit

 

History

History
77 lines (58 loc) · 6.33 KB

mitigations.md

File metadata and controls

77 lines (58 loc) · 6.33 KB

Mitigation Strategies Analysis for swisspol/gcdwebserver

Mitigation Strategy: Connection and Request Limits (GCDWebServer-Specific)

  • Description:

    1. Set Connection Limit (GCDWebServer API): While GCDWebServer doesn't have a direct API for total connection limits, leverage GCD constructs in conjunction with GCDWebServer's connection handling. Use a DispatchSemaphore within the GCDWebServer delegate methods (if you're using a delegate) or within your connection handling logic. Before calling GCDWebServerConnection's open or similar methods, semaphore.wait(). After closing the connection, semaphore.signal(). This controls the concurrency managed by GCDWebServer.
    2. Configure Timeouts (GCDWebServer API): Use GCDWebServer's configuration options:
      • GCDWebServerOption_ConnectedStateCoalescingInterval: Set this to a reasonable value (e.g., 0.5 seconds) to control how often the server checks for connection timeouts. This is a direct GCDWebServer setting.
      • readTimeout (on GCDWebServerRequest or in your connection handling): Set a maximum time to wait for a client to send a request. This is often handled within a GCDWebServerConnection subclass or a request handler.
      • writeTimeout (on GCDWebServerResponse or in your connection handling): Set a maximum time to wait for a client to receive a response. Again, this is typically handled within the connection or response logic.
    3. Request Throttling (Within GCDWebServer Handlers): Implement request throttling logic inside your GCDWebServer request handlers (the blocks you provide to addHandlerWithMatchBlock: or similar methods). This is indirectly related to GCDWebServer, as it's within the context of its request processing.

  • Threats Mitigated:

    • Denial of Service (DoS) due to excessive connections: (Severity: High) - Prevents GCDWebServer from being overwhelmed by connections.
    • Denial of Service (DoS) due to rapid requests: (Severity: High) - Limits requests per client within GCDWebServer's processing.
    • Resource Exhaustion (general, GCDWebServer-related): (Severity: Medium) - Timeouts prevent GCDWebServer from holding resources for slow clients.

  • Impact:

    • DoS (excessive connections): Risk significantly reduced.
    • DoS (rapid requests): Risk significantly reduced.
    • Resource Exhaustion: Risk moderately reduced.

  • Currently Implemented:

    • Basic request timeout configuration is present in WebServerConfig.swift (using GCDWebServer's options).

  • Missing Implementation:

    • DispatchSemaphore for connection limiting within GCDWebServer's connection handling is not implemented.
    • Request throttling within GCDWebServer handlers is not implemented.
    • Fine-tuning of GCDWebServerOption_ConnectedStateCoalescingInterval is needed.

Mitigation Strategy: Strictly Control GCDWebServerFileResponse and GCDWebServerDataResponse Usage (GCDWebServer API)

  • Description:

    1. Identify Usage: Locate all uses of GCDWebServerFileResponse and GCDWebServerDataResponse within your GCDWebServer handlers.
    2. Whitelist (Files): Directly related to how you use GCDWebServerFileResponse. Before creating the response, verify the requested file path against a predefined, hardcoded list of allowed paths. Do not construct the file path directly from user input.
    3. Sanitization (Files - Last Resort): If a whitelist is absolutely impossible (strongly discouraged), sanitize user input before passing it to GCDWebServerFileResponse. This sanitization must happen before the GCDWebServer API is used.
    4. Data Source Validation (Data): Directly related to how you use GCDWebServerDataResponse. Ensure the data you pass to GCDWebServerDataResponse is from a trusted source and is not constructed directly from unvalidated user input.
    5. Read-Only Directory (GCDWebServer Configuration): When setting up GCDWebServer, configure it to serve static files from a directory with read-only permissions for the user running the web server process. This is a configuration aspect of GCDWebServer.

  • Threats Mitigated:

    • Path Traversal: (Severity: High) - Prevents using GCDWebServerFileResponse to access unauthorized files.
    • Information Disclosure: (Severity: High) - Prevents leaking sensitive data via GCDWebServerFileResponse or GCDWebServerDataResponse.

  • Impact:

    • Path Traversal: Risk significantly reduced (eliminated with a proper whitelist).
    • Information Disclosure: Risk significantly reduced.

  • Currently Implemented:

    • Static files are served from a dedicated static_files directory with read-only permissions (GCDWebServer configuration).
    • GCDWebServerFileResponse is used in StaticFileHandler.swift.

  • Missing Implementation:

    • A strict whitelist for allowed files used with GCDWebServerFileResponse is not implemented.
    • GCDWebServerDataResponse usage in APIHandler.swift needs review to ensure data sources are trusted.

Mitigation Strategy: Keep GCDWebServer Updated

  • Description: This is directly related to the security of the GCDWebServer library itself.

    1. Dependency Management: Use a dependency manager.
    2. Regular Checks: Check for GCDWebServer updates.
    3. Review Release Notes: Examine release notes for security fixes related to GCDWebServer.
    4. Update Dependency: Update the GCDWebServer version.
    5. Test: Test after updating GCDWebServer.

  • Threats Mitigated:

    • Known Vulnerabilities in GCDWebServer: (Severity: Variable) - Addresses vulnerabilities specific to the GCDWebServer library itself.

  • Impact:

    • Known Vulnerabilities: Risk significantly reduced.

  • Currently Implemented:

    • GCDWebServer is managed using Swift Package Manager.

  • Missing Implementation:

    • Regular update checks are not scheduled.
    • The project is using an outdated version of GCDWebServer.