Have you implemented OpenMRS? Please participate in the Implementation Site Survey. If you already have, thank you!
Page tree
Skip to end of metadata
Go to start of metadata

 

The following checklist identifies basic security issues that should be checked at every patch check-in. This checklist represents first-line security control against vulnerable code making it to production. This is considered a starting point and the community is encouraged to get involved to improve this list.

Scenarios where this checklist could be used:

a. Review another developer's patch against secure coding best practices.

b. Review own patch against secure coding best practices.

c. Retroactively review a code module against secure coding best practices.

Secure Coding Checklist:

1- Contextual encoding is applied:

Ensure that all dynamic data is properly encoded to prevent cross-site scripting attacks.

Code Review Tasks:

    • Ensure that encoding is properly done using the correct context.
    • Ensure that data is properly quoted using double quotes.

2- Sanitize user data:

Ensures that user-supplied data is properly sanitized to prevent cross-site scripting and injection attacks.

Code Review Tasks:

    • Ensure that data retrieved from the QueryString, Header, Post Parameters, and Cookies is properly sanitized using a whitelist.

3- Use parameterized SQL statements:

Ensures that SQL statements are securely constructed to prevent SQL injection attacks.

Code Review Tasks:

    • Ensure that all SQL statements in the patch are parameterized, both for user-supplied data and for data loaded from other sources (e.g. database, files, etc)

4- File Upload/Download:

Ensures that proper procedures have been followed to prevent path manipulation attacks and unauthorized attempts to access the file system.

Code Review Tasks:

    • Restrict accepted file types to avoid dangerous extensions like .bat or .exe
    • It is preferable to use system generated filenames if files are to be saved locally. 
    • If this is not possible, then make sure to validate the file name using a whitelist, make sure to retrieve the file name only, useful routines to use is File.getName()
    • Validate the file size to avoid denial of service attacks.
    • Upon file download operations; ensure that the path can't be controlled by the user.

5- Forms should be protected with a token:

Ensures that proper procedures have been followed to prevent cross-site request forgery (CSRF) attacks.

Code Review Tasks:

    • Actionable requests must be protected using an anti-CSRF token. Actionable requests are requests which will result in data update, delete, insert, etc.

6- Check authentication status if appropriate:

Ensures that proper checks have been made to prevent insufficient authentication attacks.

Code Review Tasks:

    • For all the files in the patch. Ensure that authentication status is checked.

7- Check authorization status if appropriate:

Ensures that proper checks have been made to prevent unauthorized data access.

Code Review Tasks:

    • For all the files in the patch. Ensure that code exists to check the role of the current user if appropriate.

8- The patch does not perform a redirect based on user-controllable data:

Ensures that proper checks have been made to prevent open-redirects and HTTP splitting attacks.

Code Review Tasks:

    • Ensure that the code does not perform redirect or forward operation using data retrieved from the request.

9- The patch does not disable any security configuration accidentally:

Ensures that proper controls are in place to prevent against insecure configuration issues.

Code Review Tasks:

    • Ensure that no configurations have been turned off accidentally.

 


 

 

 

  • No labels