Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tghosth-patch-1 #2023

Merged
merged 3 commits into from
Aug 27, 2024
Merged

Tghosth-patch-1 #2023

merged 3 commits into from
Aug 27, 2024

Conversation

sandrogauci
Copy link
Contributor

This Pull Request relates to issue #1612

@sandrogauci sandrogauci mentioned this pull request Aug 17, 2024
Merged
@tghosth tghosth changed the base branch from master to tghosth-patch-1 August 26, 2024 15:41
@tghosth
Copy link
Collaborator

tghosth commented Aug 26, 2024

Hi @elarlang, can you confirm if the updates here resolve all the points you raised?

@tghosth tghosth requested a review from elarlang August 26, 2024 15:42
@elarlang
Copy link
Collaborator

Nice work, I approved the PR, also I give some more feedback.

53.2.4

... from causing DoS or audio or video media insertion on new or existing media streams.

  • 4x or, quite complicated to follow.
  • DoS - maybe to write it out as denial of service

I think 53.2.5, 53.2.6, and 53.2.7 need more work as there seem to be duplicate recommendations and those are quite long requirements.

53.2.5

This should be achieved by implementing rate limiting, validating timestamps, using synchronized clocks to match real-time intervals, and managing buffers to prevent overflow and maintain proper timing. If packets for a particular media session arrive too quickly, excess packets should be dropped.

53.2.6

... by implementing rate limiting, validating timestamps, using synchronized clocks to match real-time intervals, and managing buffers to prevent overflow and maintain proper timing. If packets for a particular media session arrive too quickly, excess packets should be dropped.

53.2.7

This should be achieved by implementing input validation, safely handling integer overflows, preventing buffer overflows, and employing other robust error-handling techniques.

@tghosth
Copy link
Collaborator

tghosth commented Aug 27, 2024
edited
Loading

@sandrogauci I proposed a refactoring here:
https://github.com/sandrogauci/ASVS/pull/1/files

This should address Elar's concerns I think.

If you are comfortable with the changes, you can merge that PR which will include in this PR.

@sandrogauci
Copy link
Contributor Author

@sandrogauci I proposed a refactoring here: https://github.com/sandrogauci/ASVS/pull/1/files

This should address Elar's concerns I think.

If you are comfortable with the changes, you can merge that PR which will include in this PR.

That is really helpful thanks! I asked for one minor change.

@tghosth
Refactor certain requirements (#1)
92bce5f 
* Refactor certain requirements

* Split guidance for malformed messages and packets
@tghosth tghosth merged commit 5db9b1d into OWASP:tghosth-patch-1 Aug 27, 2024
5 of 6 checks passed
tghosth added a commit that referenced this pull request Aug 27, 2024
@sandrogauci @tghosth
Address feedback (#2023)
001aceb 
* define acronyms where possible

* slash replaced with "or"

* Refactor certain requirements (#1)

* Refactor certain requirements

* Split guidance for malformed messages and packets

---------

Co-authored-by: Josh Grossman <tghosth@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elarlang elarlang elarlang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sandrogauci @tghosth @elarlang