Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-903 Findings from the Threat Model Source-to-image (S2I) Builder Image 1.3.8
  3. BUILD-904

T279: Avoid dynamically loading any code without proper security considerations

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • None
    • False
    • None
    • False
    • SECFLOWOTL-30 - s2i Security Review

      While dynamic loading of code is possible in some programming languages and frameworks like Java and Android, it is recommended that you avoid this capability as it increases the code complexity and makes your application dependent on an external resource. However, If you have to load any module dynamically, consider the following recommendations:

      • Avoid loading modules from shared locations, such as from an external storage.
      • Avoid loading modules through unencrypted networks. Otherwise, files in transit would be at risk of manipulation.
      • If you have to load a class from an external location, generate a signature of the class (binary) and check the signature before loading the class to verify that the integrity of the class is maintained.

      Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T279/

              diagrawa Divyanshu Agrawal
              sdelements Jira-SD-Elements-Integration Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: