diff --git a/SECURITY-CHECKLIST.md b/SECURITY-CHECKLIST.md index dff34bb..e612292 100644 --- a/SECURITY-CHECKLIST.md +++ b/SECURITY-CHECKLIST.md @@ -5,12 +5,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Pre-Development Security Checklist ### Script Header Requirements + - [ ] Includes comprehensive header with author, version, and security notes - [ ] Documents all parameters and their validation requirements - [ ] Specifies required permissions and security considerations - [ ] Includes usage examples with security implications ### Initial Security Setup + - [ ] Uses `set -euo pipefail` for strict error handling - [ ] Defines readonly constants for sensitive paths and configurations - [ ] Implements cleanup function with proper trap handling @@ -19,6 +21,7 @@ This checklist should be used for all new shell scripts and when modifying exist ## Input Validation and Sanitization ### Command Line Arguments + - [ ] Validates all positional parameters - [ ] Checks parameter count and types - [ ] Sanitizes file paths to prevent directory traversal @@ -26,12 +29,14 @@ This checklist should be used for all new shell scripts and when modifying exist - [ ] Rejects dangerous characters in string inputs ### Environment Variables + - [ ] Validates all used environment variables - [ ] Provides secure defaults for missing variables - [ ] Sanitizes environment-derived paths and commands - [ ] Documents required environment setup ### File and Directory Operations + - [ ] Verifies file existence before operations - [ ] Checks file permissions and ownership - [ ] Validates file paths for traversal attempts @@ -41,18 +46,21 @@ This checklist should be used for all new shell scripts and when modifying exist ## Variable Usage and Quoting ### Variable Declaration + - [ ] Uses `readonly` for constants - [ ] Uses `local` for function variables - [ ] Initializes all variables before use - [ ] Uses descriptive variable names ### Variable Expansion + - [ ] **CRITICAL:** All variables quoted in command contexts: `"$VARIABLE"` - [ ] Array expansions properly quoted: `"${ARRAY[@]}"` - [ ] Parameter expansions use braces: `"${VAR:-default}"` - [ ] Command substitutions properly quoted: `RESULT="$(command)"` ### Dangerous Patterns to Avoid + - [ ] **NEVER:** Unquoted variables in commands: `command $VAR` - [ ] **NEVER:** Unquoted variables in file operations: `rm $FILE` - [ ] **NEVER:** Unquoted variables in loops: `for item in $LIST` @@ -61,18 +69,21 @@ This checklist should be used for all new shell scripts and when modifying exist ## Command Execution Security ### External Commands + - [ ] Validates command existence before execution - [ ] Uses full paths for critical system commands - [ ] Escapes or validates all command arguments - [ ] Handles command failures appropriately ### Dangerous Command Patterns + - [ ] **AVOID:** `eval` statements (if used, sanitize inputs extensively) - [ ] **AVOID:** `source` or `.` with user-controlled paths - [ ] **AVOID:** `curl | bash` or `wget | sh` patterns - [ ] **AVOID:** Uncontrolled `find -exec` operations ### Privilege Escalation + - [ ] Minimizes `sudo` usage to specific commands - [ ] Uses service-specific users instead of root where possible - [ ] Validates commands before privilege escalation @@ -81,6 +92,7 @@ This checklist should be used for all new shell scripts and when modifying exist ## Network and Remote Operations ### Download Security + - [ ] **REQUIRED:** Download to temporary location first - [ ] **RECOMMENDED:** Verify checksums or signatures - [ ] **REQUIRED:** Validate content before execution @@ -88,6 +100,7 @@ This checklist should be used for all new shell scripts and when modifying exist - [ ] Implement timeout and retry logic ### API and Service Interactions + - [ ] Validates API responses before processing - [ ] Uses authentication tokens securely - [ ] Implements proper error handling for network failures @@ -96,12 +109,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Database and File System Security ### Database Operations + - [ ] Uses parameterized queries or proper escaping - [ ] Validates database paths and names - [ ] Implements backup and recovery procedures - [ ] Handles database locks and corruption gracefully ### File System Security + - [ ] Sets appropriate file permissions (644 for files, 755 for directories) - [ ] Validates ownership before operations - [ ] Implements secure temporary file creation @@ -110,12 +125,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Service and Container Management ### Service Operations + - [ ] Validates service state before operations - [ ] Implements proper start/stop sequences - [ ] Handles service failures gracefully - [ ] Logs service management activities ### Container Security + - [ ] Validates container names and IDs - [ ] Uses specific image tags instead of 'latest' - [ ] Implements proper volume and network security @@ -124,12 +141,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Error Handling and Logging ### Error Handling Requirements + - [ ] Implements comprehensive error handling for all operations - [ ] Uses appropriate exit codes (0 for success, 1-255 for various errors) - [ ] Provides meaningful error messages - [ ] Implements cleanup on error conditions ### Logging Security + - [ ] Logs security-relevant events - [ ] Avoids logging sensitive information (passwords, tokens) - [ ] Implements log rotation and retention policies @@ -138,12 +157,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Testing and Validation ### Security Testing + - [ ] **REQUIRED:** Run `bash -n script.sh` for syntax validation - [ ] **RECOMMENDED:** Use ShellCheck for security analysis - [ ] Test with various input combinations including edge cases - [ ] Test error conditions and recovery procedures ### Manual Security Review + - [ ] Review all variable usage for proper quoting - [ ] Verify all file operations use absolute paths - [ ] Check for potential race conditions @@ -152,12 +173,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Documentation Requirements ### Security Documentation + - [ ] Document all security assumptions - [ ] List required permissions and privileges - [ ] Document potential security risks - [ ] Provide secure usage examples ### Operational Security + - [ ] Document deployment security requirements - [ ] Specify required environment security - [ ] Document integration security considerations @@ -166,12 +189,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Code Review Checklist ### Pre-Commit Review + - [ ] All variables properly quoted - [ ] No unvalidated user inputs - [ ] Appropriate error handling implemented - [ ] Security documentation updated ### Peer Review Requirements + - [ ] Security-critical changes reviewed by security-aware developer - [ ] Privilege usage justified and documented - [ ] External integrations reviewed for security implications @@ -180,12 +205,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Deployment Security ### Production Deployment + - [ ] Environment variables secured and validated - [ ] File permissions set appropriately - [ ] Service accounts configured with minimal privileges - [ ] Logging and monitoring configured ### Security Monitoring + - [ ] Failed authentication attempts logged - [ ] Privilege escalation attempts logged - [ ] Unusual file access patterns monitored @@ -194,12 +221,14 @@ This checklist should be used for all new shell scripts and when modifying exist ## Maintenance and Updates ### Regular Security Maintenance + - [ ] Review and update security dependencies - [ ] Update security documentation - [ ] Review and rotate secrets and tokens - [ ] Update security testing procedures ### Security Incident Response + - [ ] Document security incident procedures - [ ] Implement security rollback procedures - [ ] Define security escalation paths @@ -209,7 +238,8 @@ This checklist should be used for all new shell scripts and when modifying exist ## Common Security Anti-Patterns -### ❌ DO NOT DO THIS: +### ❌ DO NOT DO THIS + ```bash # Unquoted variable in command docker pull $IMAGE @@ -230,7 +260,8 @@ chmod 777 /path/to/file rm -rf $USER_PROVIDED_PATH ``` -### ✅ DO THIS INSTEAD: +### ✅ DO THIS INSTEAD + ```bash # Quoted variable in command docker pull "$IMAGE"