November 12th, 2011

Books

Risk analysis of one OOo variable, for BBST Test Design Assignment 2

I worked through the lab assignment's questions and now need to covert this into a list of risks for other to critique. This was so much fun to write I wanted to hang onto it anyway even as an intermediate product. My actual submission for class is below the cut.

1) The variable of lastname is input (optionally) in the wizard that runs on first program execution of OOo applications, modified in the Options dialogue of any OOo application, and used in every facet of the office suite.

2a) Undefined is a valid state for this variable and any code path that uses the variable without checking for undef or doing so incorrectly will introduce errors in its functions. Additionally, too much data in this field would also be dangerous to any of the code that uses it do the likelihood of buffer overruns and unexpected characters or encoding in this field could lead to format string errors or exceptions in library string-handling code. If you can get a non-character or non-string value into this field due to input validation failures then wholesale memory and stack corruption becomes a concern.

2b) Use of lastname as well as the companion variables first name and initials is widespread throughout the SUT applications. Beyond the dialogs which directly manipulate this value (new user wizard, Options) many other functions read this variable and incorporate it into interface displays (document properties) or include it in requests to other modules (printing). The name variables are included in various places in the document data saved to disk automatically and intentionally including the document properties. If change tracking is enabled a tag generated from name variables and dates is displayed next to each change made by a particular user and recored with version information in the document files. Perhaps most excitingly the name variables are posted to Internet servers with registration information allowing for the small possibility that an error related to this variable could affect not only systems that process the document but completely remote systems as well!

2bi) Lastname is used in (at least) many display functions in all parts of the SUT applications, change tracking functions, save/load functions, printing functions, macros, user preferences, data generating functions such as headers and footers, and online registration.

2bii) Values of lastname are displayed in numerous parts of the UI, in change-tracking feature's tags, inside saved documents (and temp/autosaved ones), and may be printed depending on settings for header/footer and cover pages.

2biii) Values of lastname are sent to the operating system as part of stored data about the user and document as well as to remote devices for printing (settings dependent) and to remote Internet servers with optional software registration. I'm unsure about how lastname values may be used in API calls and macros.

2biv) Values of lastname are sent to the operating system as part of stored dat
a about the user (registry UserProfile.xcu) and document (meta.xml).

2bv) Values are read from the registry user profile files if available and may be input into the SUT via the first-run wizard or on demand with Options dialogs.

2c) Changes to the presence or boundedness (?) of last name during program operations could lead to corrupted data in memory, on disk, and displayed to users.

2cviii) Display of user data, document data or metadata could be impacted by incorrect information about the presence (undef), values (could change), or boundedness (wrong data type) of last name.

2cix) Boundary errors on lastname could influence other variable values in document metadata, document content, or application configuration leading to problems with these unrelated variables and functions. Gross misbehaviour on the part of lastname could completely corrupt XML program and document data structures rendering the document or preferences unreadable and thus broadly disrupting document or application functionality.

2cx) There any number of cases where software errors could cause the value of lastname currently in memory and on disk in the user registry or document to become de-synched. This could lead to incorrect data being saved or printed. Some of these cases include local or remote file system errors, unaccounted for 'races' with other OOo (or alien) process running on either the SUT or the file storage device, or just faulty RAM.

2cxi) Lastname is optionally sent with registration information to remote Internet servers operated by the OOo project. A chained failure of input filtering or other unlikely occurrence could cause unexpected format, encoding, or sized lastname to be injected into the remote system and processed. It is not entirely far-fetched that this could lead to serious problems on the remote system(s) that receive and process the data such as a buffer overflow or SQL injection attack.

2cxii) Perhaps the most outlandish and unlikely risk is to the hardware of a printer that receives a document to print with malformed or corrupt lastname information in the cover page, headers, or document body. The could lead the printer to malfunction, develop sentience, or start making toast if enough failures chain together in just the right (wrong?) way.

Collapse )