Skip to content

doc/dev: audit CSRF threat model; document it; add key recommendations

Administrator requested to merge sg/csrf-threat-model into main

Created by: slimsag

In response to the potentially large future risks I've observed in #23140 I've taken time over my weekend / outside of work to do a full audit our CSRF threat model. We're all good currently, but have much room for improvement.

As part of this process, I've verified what is actually true in our codebase today both through looking at the code and testing various properties.

I've documented the threat model extensively, so that any developer at Sourcegraph can easily understand what the model is and why without necessarily having an expert understanding of CSRF.

At the end of the document, I've made some key recommendations for exactly what we should do - as soon as reasonably possible - to improve our CSRF threat model and ensure that we continue to have good security as time goes on, more people work on Sourcegraph, and we extend integrations out to more third-party websites and parties.

cc @andreeleuterio - this should help with the problem/challenges we're facing considerably. I will next look into employing some of these recommendations, time permitting (as this, of course, isn't my primary work) :)

Signed-off-by: Stephen Gutekanst [email protected]

Note: I have tagged this PR as API docs solely for tracking purposes, since that is where I currently track my work.

Merge request reports

Loading