Skip to main content

Gosu Secure Coding Guidelines


Introduction

Understanding how to code securely in Gosu is foundational for developing safe and reliable software. These guidelines provide a reference for writing secure code in the Gosu programming language. By following these rules, you can avoid common mistakes that could lead to security vulnerabilities in your software.

Scope

These guidelines were created using Gosu version 2021.04 and the Java 11 Development Kit API. They focus on preventing mistakes and insecure practices in Gosu code that could make your software vulnerable to attacks.

This guide does not address the following issues:

  • Design and Architecture: Planning, building, and design-level vulnerabilities that could compromise system security.
  • Content: Java APIs that deal with the user interface (user interface toolkits)..
  • Controversial Rules: The guide avoids rules that might spark strong disagreements, focusing instead on widely agreed-upon principles for coding securely.

Coding Style

This guide does not enforce a specific coding style, but consistency is key. Tools like Guidewire Studio can help you maintain a consistent style throughout your projects.

Contents and Organization

The guide is divided into rules, each targeting a specific vulnerability that could be exploited. Each rule gives clear instructions on what programmers should or shouldn't do to prevent potential attacks. It provides examples of both good and bad code to illustrate the rule effectively. Additionally, each rule is evaluated based on how severe, likely, and costly it is to fix.

Rule identifiers

Each rule is uniquely identified for easy reference. The identifier comprises three parts:

  1. Three-letter Mnemonic: Representing a collection of similar coding practices.

  2. Unique Two-Digit Numeric Value: Ranging from 00 to 99, identifying each coding practice within its coding practice.

  3. "G" Letter: Signifying that the rule applies to the Gosu language.

This convention follows the name convection created by the Software Engineering Institute (SEI).

MnemonicDefinition
CLSClass Structure: Addresses security issues related to the design and structure of classes.
ERRError handling: Involves proper exception handling techniques.
INJInjection attacks: Concerns untrusted strings used without proper sanitization in restricted contexts.
JCKJackson: Discusses vulnerabilities related to Jackson JSON serialization.
RESResources: Covers best practices for resource management.
SECSecurity: Encompasses measures for protecting data at rest and during transport.
SERJava Serialization: Examines vulnerabilities associated with Java serialization.
STRString handling: Focuses on common errors and proper handling of strings to ensure data validation.
WEBWeb: Deals with security issues commonly found in web interfaces.

Priorities and Levels

Rules are categorized by priorities ranging from low to high severity, likelihood, and remediation costs based on failure mode, effects, and criticality analysis (FMECA). A prioritization score between 1 and 27 is derived by multiplying these values, aiding in the systematic application of rules based on their relative importance.

Severity

How serious are the consequences of not adhering to the rule?

LevelDefinition
1Low (denial-of-service attack, abnormal termination)
2Medium (encryption weaknesses, unintentional information disclosure)
3High (run arbitrary code, privilege escalation)

Likelihood

How likely is it that a flaw introduced by violating the rule could lead to an exploitable vulnerability?

LevelDefinition
1Unlikely
2Likely
3Highly likely

Remediation cost

How expensive is it to remediate existing code to comply with the rule?

LevelDefinition
1Low
2Medium
3High

Risk Assessment Summary

The following table summarizes the risk assessment of the rules documented in these guidelines.

RuleSeverityLikelihoodRemediation CostPriorityLevel
CLS01-GMediumHighly LikelyMediumL12L1
ERR00-GLowProbableMediumL4L3
ERR01-GLowHighly LikelyMediumL6L2
ERR02-GMediumHighly LikelyMediumL12L1
ERR03-GMediumProbableHighL4L3
INJ00-GHighProbableMediumL12L1
INJ02-GHighProbableMediumL12L1
INJ03-GHighProbableMediumL12L1
INJ04-GMediumProbableMediumL8L2
INJ05-GHighProbableMediumL12L1
JCK00-GHighProbableLowL9L1
RES00-GLowProbableMediumL4L3
SEC00-GHighProbableMediumL12L1
SER00-GHighHighly LikelyMediumL18L1
STR00-GHighProbableHighL6L2
STR01-GMediumProbableMediumL8L2
STR02-GMediumProbableMediumL8L2
WEB00-GHighProbableMediumL12L1

Additional Resources