e30ae8ed09
- App.tsx: full navigation (Auth stack + Main tabs with 5 screens) - Auth: LoginScreen, RegisterScreen, ForgotPasswordScreen - HomeScreen: dashboard with IoT metrics, weather widget, alerts, quick actions, sensors - MapScreen: interactive map with layer toggles (6 layers) - MarketplaceScreen: categories (6), products (5), search - ChatScreen: AI chat with quick prompts (4), bot responses - ProfileScreen: user info, stats, menu (9 items), logout - AlertsScreen: alert list with severity, acknowledge - SensorsScreen: sensor list with type filters (6 types), search - ZonesScreen: zone cards with stats - SettingsScreen: language picker (FR/EN/ES/DE), privacy, about - Stores: iotStore (sensors, zones, alerts), notificationStore, uiStore + i18n - Hooks: useSensors, useAlerts, useNotifications, useLocation - Components: Card, Button, LoadingSpinner, ErrorBoundary, Header - Services: iotService, notificationService (with axios API client) - Utils: formatters (temp, AQI, noise, dates), validators (email, password, IBAN) - Theme: colors.ts with full design system (Blue Ocean palette) - Ditto: fixed MongoDB connection, new JWT secrets, official gateway image
4.1 KiB
4.1 KiB
Threat Model for resolve (module path resolution library)
1. Library Overview
- Library Name: resolve
- Brief Description: Implements Node.js
require.resolve()algorithm for synchronous and asynchronous file path resolution. Used to locate modules and files in Node.js projects. - Key Public APIs/Functions:
resolve.sync()/resolve/sync,resolve()/resolve/async
2. Define Scope
This threat model focuses on the core path resolution algorithm, including filesystem interaction, option handling, and cache management.
3. Conceptual System Diagram
Caller Application → resolve(id, options) → Resolution Algorithm → File System
│
└→ Options Handling
└→ Cache System
Trust Boundaries:
- Input module IDs: May come from untrusted sources (user input, configuration)
- Filesystem access: The library interacts with the filesystem to resolve paths
- Options: Provided by the caller
- Cache: Used to improve performance, but could be a vector for tampering or information disclosure if not handled securely
4. Identify Assets
- Integrity of resolution output: Ensure correct and safe file path matching.
- Confidentiality of configuration: Prevent sensitive path information from being leaked.
- Availability/performance for host application: Prevent crashes or resource exhaustion.
- Security of host application: Prevent path traversal or unintended filesystem access.
- Reputation of library: Maintain trust by avoiding supply chain attacks and vulnerabilities[1][3][4].
5. Identify Threats
| Component / API / Interaction | S | T | R | I | D | E |
|---|---|---|---|---|---|---|
Public API Call (resolve/async, resolve/sync) |
✓ | ✓ | – | ✓ | – | – |
| Filesystem Access | – | ✓ | – | ✓ | ✓ | – |
| Options Handling | ✓ | ✓ | – | ✓ | – | – |
| Cache System | – | ✓ | – | ✓ | – | – |
Key Threats:
- Spoofing: Malicious module IDs mimicking legitimate packages, or spoofing configuration options[1].
- Tampering: Caller-provided paths altering resolution order, or cache tampering leading to incorrect results[1][4].
- Information Disclosure: Error messages revealing filesystem structure or sensitive paths[1].
- Denial of Service: Recursive or excessive resolution exhausting filesystem handles or causing application crashes[1].
- Path Traversal: Malicious input allowing access to files outside the intended directory[4].
6. Mitigation/Countermeasures
| Threat Identified | Proposed Mitigation |
|---|---|
| Spoofing (malicious module IDs/config) | Sanitize input IDs; validate against known patterns; restrict basedir to app-controlled paths[1][4]. |
| Tampering (path traversal, cache) | Validate input IDs for directory escapes; secure cache reads/writes; restrict cache to trusted sources[1][4]. |
| Information Disclosure (error messages) | Generic "not found" errors without internal paths; avoid exposing sensitive configuration in errors[1]. |
| Denial of Service (resource exhaustion) | Limit recursive resolution depth; implement timeout; monitor for excessive filesystem operations[1]. |
7. Risk Ranking
- High: Path traversal via malicious IDs (if not properly mitigated)
- Medium: Cache tampering or spoofing (if cache is not secured)
- Low: Information disclosure in errors (if error handling is generic)
8. Next Steps & Review
- Implement input sanitization for module IDs and configuration.
- Add resolution depth limiting and timeout.
- Audit cache handling for race conditions and tampering.
- Regularly review dependencies for vulnerabilities.
- Keep documentation and threat model up to date.
- Monitor for new threats as the ecosystem and library evolve[1][3].