Skip to content

Latest commit

 

History

History
99 lines (86 loc) · 7.43 KB

attack-tree.md

File metadata and controls

99 lines (86 loc) · 7.43 KB

Attack Tree Analysis for reactivex/rxswift

Objective: Compromise Application via Improper RxSwift Usage

Attack Tree Visualization

Goal: Compromise Application via Improper RxSwift Usage ├── 1. Denial of Service (DoS) │ ├── 1.1 Uncontrolled Resource Consumption [HIGH RISK] │ │ ├── 1.1.1 Memory Leaks [HIGH RISK] │ │ │ ├── 1.1.1.1 Missing disposeBag or dispose(by:) CRITICAL │ │ │ └── 1.1.1.2 Retain Cycles with Closures CRITICAL │ ├── 1.2 Application Hang/Freeze [HIGH RISK] │ │ ├── 1.2.1 Deadlocks on Main Thread CRITICAL ├── 2. Unintended Application Behavior │ ├── 2.1 Race Conditions [HIGH RISK] │ │ ├── 2.1.1 Concurrent Updates to Shared State CRITICAL ├── 2.4 Error Handling Failures [HIGH RISK] ├── 2.4.1 Unhandled Errors Terminating Streams CRITICAL

Attack Tree Path: 1. Denial of Service (DoS)

  • 1.1 Uncontrolled Resource Consumption [HIGH RISK]

    • 1.1.1 Memory Leaks [HIGH RISK]
      • Description: Memory leaks occur when objects are no longer needed but are still held in memory, preventing them from being deallocated. Over time, this can lead to excessive memory consumption, performance degradation, and eventually, application crashes.
      • 1.1.1.1 Missing disposeBag or dispose(by:) CRITICAL
        • Description: RxSwift subscriptions create strong references to the observer and the observable. If these subscriptions are not explicitly disposed of when they are no longer needed, the associated objects will remain in memory, even if they are no longer reachable. The DisposeBag is a convenient mechanism for managing multiple subscriptions and ensuring they are disposed of together.
        • Likelihood: High
        • Impact: Medium (Gradual degradation, eventual crash)
        • Effort: Very Low
        • Skill Level: Novice
        • Detection Difficulty: Medium
        • Mitigation:
          • Always add subscriptions to a DisposeBag.
          • Ensure the DisposeBag is deallocated when the owning object is deallocated (e.g., in the deinit method).
          • Use dispose(by:) to explicitly dispose of individual subscriptions when needed.
          • Employ linting rules to enforce DisposeBag usage.
      • 1.1.1.2 Retain Cycles with Closures CRITICAL
        • Description: Closures used within observable chains can create retain cycles if they capture self strongly. This happens when the observable is also held by self (directly or indirectly), creating a circular dependency that prevents either object from being deallocated.
        • Likelihood: Medium
        • Impact: Medium (Similar to missing disposeBag)
        • Effort: Very Low
        • Skill Level: Intermediate
        • Detection Difficulty: Medium
        • Mitigation:
          • Use [weak self] or [unowned self] in the closure's capture list to break the retain cycle.
          • [weak self] creates an optional reference to self, which will be nil if self is deallocated.
          • [unowned self] creates an unowned reference, which assumes that self will always be valid during the closure's execution. Use with caution, as it can lead to crashes if self is deallocated prematurely.
          • Carefully analyze the scope and lifetime of closures and objects to identify potential retain cycles.

  • 1.2 Application Hang/Freeze [HIGH RISK]

    • 1.2.1 Deadlocks on Main Thread CRITICAL
      • Description: Deadlocks occur when two or more threads are blocked indefinitely, waiting for each other to release resources. In the context of RxSwift and UI applications, this often happens when long-running operations or blocking calls are performed on the main thread, which is responsible for updating the user interface.
      • Likelihood: Medium
      • Impact: High (Complete UI freeze)
      • Effort: Low
      • Skill Level: Intermediate
      • Detection Difficulty: Easy
      • Mitigation:
        • Use subscribeOn to offload long-running operations to a background thread.
        • Use observeOn(MainScheduler.instance) to ensure that UI updates are performed on the main thread.
        • Avoid making any blocking calls (e.g., synchronous network requests, file I/O) on the main thread.
        • Use asynchronous APIs whenever possible.

Attack Tree Path: 2. Unintended Application Behavior

  • 2.1 Race Conditions [HIGH RISK]

    • 2.1.1 Concurrent Updates to Shared State CRITICAL
      • Description: Race conditions occur when multiple threads or observable sequences access and modify shared mutable state concurrently, without proper synchronization. This can lead to unpredictable results, data corruption, and inconsistent application state.
      • Likelihood: Medium
      • Impact: Medium to High (Data corruption, inconsistent state)
      • Effort: Low
      • Skill Level: Intermediate
      • Detection Difficulty: Hard
      • Mitigation:
        • Use thread-safe data structures (e.g., atomic variables, concurrent collections) when accessing shared state from multiple observables.
        • Use synchronization mechanisms (e.g., locks, mutexes, semaphores) to protect critical sections of code that modify shared state.
        • Prefer immutable data structures and data transformations over mutable state. This eliminates the possibility of race conditions by design.
        • Use RxSwift operators like serialize to ensure that events from a single observable are processed sequentially, even if they are generated on different threads.

  • 2.4 Error Handling Failures [HIGH RISK]

    • 2.4.1 Unhandled Errors Terminating Streams CRITICAL
      • Description: In RxSwift, if an error occurs within an observable sequence and is not handled, the sequence will terminate. This means that no further events (including onNext, onCompleted) will be emitted. This can lead to unexpected behavior if parts of the application rely on the continued operation of that sequence.
      • Likelihood: High
      • Impact: Medium (Unexpected termination of functionality)
      • Effort: Very Low
      • Skill Level: Novice
      • Detection Difficulty: Easy
      • Mitigation:
        • Use catchError, catchErrorJustReturn, or related operators to handle errors within the observable chain.
        • catchError allows you to intercept the error and potentially recover by returning a new observable sequence.
        • catchErrorJustReturn allows you to replace the error with a default value.
        • Use retry to automatically resubscribe to the observable sequence if an error occurs, potentially with a delay or a limited number of retries.
        • Implement a global error handling strategy to catch any unhandled errors that might escape the observable chains.
        • Log errors appropriately for debugging and monitoring.