Gosu Secure Coding Guidelines
Introduction
Understanding how to code securely in Gosu is foundational for developing safe and reliable software. These guidelines provide a reference for writing secure code in the Gosu programming language. By following these rules, you can avoid common mistakes that could lead to security vulnerabilities in your software.
Scope
These guidelines were created using Gosu version 2021.04 and the Java 11 Development Kit API. They focus on preventing mistakes and insecure practices in Gosu code that could make your software vulnerable to attacks.
This guide does not address the following issues:
- Design and Architecture: Planning, building, and design-level vulnerabilities that could compromise system security.
- Content: Java APIs that deal with the user interface (user interface toolkits)..
- Controversial Rules: The guide avoids rules that might spark strong disagreements, focusing instead on widely agreed-upon principles for coding securely.
Coding Style
This guide does not enforce a specific coding style, but consistency is key. Tools like Guidewire Studio can help you maintain a consistent style throughout your projects.
Contents and Organization
The guide is divided into rules, each targeting a specific vulnerability that could be exploited. Each rule gives clear instructions on what programmers should or shouldn't do to prevent potential attacks. It provides examples of both good and bad code to illustrate the rule effectively. Additionally, each rule is evaluated based on how severe, likely, and costly it is to fix.
Rule identifiers
Each rule is uniquely identified for easy reference. The identifier comprises three parts:
Three-letter Mnemonic: Representing a collection of similar coding practices.
Unique Two-Digit Numeric Value: Ranging from 00 to 99, identifying each coding practice within its coding practice.
"G" Letter: Signifying that the rule applies to the Gosu language.
This convention follows the name convection created by the Software Engineering Institute (SEI).
Mnemonic | Definition |
---|---|
CLS | Class Structure: Addresses security issues related to the design and structure of classes. |
ERR | Error handling: Involves proper exception handling techniques. |
INJ | Injection attacks: Concerns untrusted strings used without proper sanitization in restricted contexts. |
JCK | Jackson: Discusses vulnerabilities related to Jackson JSON serialization. |
RES | Resources: Covers best practices for resource management. |
SEC | Security: Encompasses measures for protecting data at rest and during transport. |
SER | Java Serialization: Examines vulnerabilities associated with Java serialization. |
STR | String handling: Focuses on common errors and proper handling of strings to ensure data validation. |
WEB | Web: Deals with security issues commonly found in web interfaces. |
Priorities and Levels
Rules are categorized by priorities ranging from low to high severity, likelihood, and remediation costs based on failure mode, effects, and criticality analysis (FMECA). A prioritization score between 1 and 27 is derived by multiplying these values, aiding in the systematic application of rules based on their relative importance.
Severity
How serious are the consequences of not adhering to the rule?
Level | Definition |
---|---|
1 | Low (denial-of-service attack, abnormal termination) |
2 | Medium (encryption weaknesses, unintentional information disclosure) |
3 | High (run arbitrary code, privilege escalation) |
Likelihood
How likely is it that a flaw introduced by violating the rule could lead to an exploitable vulnerability?
Level | Definition |
---|---|
1 | Unlikely |
2 | Likely |
3 | Highly likely |
Remediation cost
How expensive is it to remediate existing code to comply with the rule?
Level | Definition |
---|---|
1 | Low |
2 | Medium |
3 | High |
Risk Assessment Summary
The following table summarizes the risk assessment of the rules documented in these guidelines.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
CLS01-G | Medium | Highly Likely | Medium | L12 | L1 |
ERR00-G | Low | Probable | Medium | L4 | L3 |
ERR01-G | Low | Highly Likely | Medium | L6 | L2 |
ERR02-G | Medium | Highly Likely | Medium | L12 | L1 |
ERR03-G | Medium | Probable | High | L4 | L3 |
INJ00-G | High | Probable | Medium | L12 | L1 |
INJ02-G | High | Probable | Medium | L12 | L1 |
INJ03-G | High | Probable | Medium | L12 | L1 |
INJ04-G | Medium | Probable | Medium | L8 | L2 |
INJ05-G | High | Probable | Medium | L12 | L1 |
JCK00-G | High | Probable | Low | L9 | L1 |
RES00-G | Low | Probable | Medium | L4 | L3 |
SEC00-G | High | Probable | Medium | L12 | L1 |
SER00-G | High | Highly Likely | Medium | L18 | L1 |
STR00-G | High | Probable | High | L6 | L2 |
STR01-G | Medium | Probable | Medium | L8 | L2 |
STR02-G | Medium | Probable | Medium | L8 | L2 |
WEB00-G | High | Probable | Medium | L12 | L1 |
Additional Resources
Was this page helpful?