Input Control Adversary

The adversary has control over some input used in the application life cycle. It is the most common type of adversaries found in applications and consistently places in the risks described in the OWASP Top 10¹.

https://owasp.org/www-project-top-ten/

Cross Site Scripting

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user²

Assumptions

The adversary has control over input which is rendered in insecure ways in the frontend of the Tauri application. This is possible with (partial) control of parsed files, stored and retrieved database values, input fields or other user provided data.

Goals

Usually the adversary is trying to elevate privileges to access critical system resources. Sometimes only exfiltration³ of sensitive data outside of the frontend scope is desired.

Capabilities

The capabilities are the same a common cross-site-scripting adversary has in the context of a website with the extension of the Tauri IPC access. This IPC layer can, depending on the configuration, allow several endpoints to directly access system interfaces.

In the worst case it elevates the impact of cross-site-scripting vulnerabilities to critical (CVSS 9.0-10.0) if Remote Code Execution (RCE)⁴ features are enabled and improperly configured.

https://owasp.org/www-community/attacks/xss/

https://en.wikipedia.org/wiki/Data_exfiltration

⁴

https://en.wikipedia.org/wiki/Arbitrary_code_execution

Remote Source Compromise

Assumptions

The adversary has control over remote domains, storage or assets (scripts, images, source files) referenced and used in the Tauri application.

Goals

Usually the adversary is trying to gain script execution in the frontend or system. Sometimes only exfiltration³ of sensitive data is desired.

Capabilities

The capabilities are similar to the cross-site-scripting adversary with the constraint that the Tauri IPC is only accessible if the remote source is directly embedded without a nonce⁵ or hash⁶ or the configuration explicitly allows the remote domain for IPC access⁷.

⁵

https://content-security-policy.com/nonce/

⁶

https://content-security-policy.com/hash/

⁷

RemoteDomainAccessScope

Logical Bug in Tauri Command

Assumptions

The adversary has control over parameters of Tauri commands, which expose insecure or unexpected behavior.

This can be exposed to the adversary in multiple ways:

Exposed by the user via social engineering
Exposed to remote systems
Exposed to other local applications which are already compromised

Goals

Usually the adversary is trying to abuse the implemented logic of the command to cause unexpected behavior. The goals vastly differ based per application.

Capabilities

The adversary can (partially) control input passed to Tauri commands. It does not have script execution capabilities to arbitrarily invoke commands.

Bloop.ai Tauri Component Audit