Input Control Adversary
The adversary has control over some input used in the application life cycle. It is the most common type of adversaries found in applications and consistently places in the risks described in the OWASP Top 101.
Cross Site Scripting
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user2
Assumptions
The adversary has control over input which is rendered in insecure ways in the frontend of the Tauri application. This is possible with (partial) control of parsed files, stored and retrieved database values, input fields or other user provided data.
Goals
Usually the adversary is trying to elevate privileges to access critical system resources. Sometimes only exfiltration3 of sensitive data outside of the frontend scope is desired.
Capabilities
The capabilities are the same a common cross-site-scripting adversary has in the context of a website with the extension of the Tauri IPC access. This IPC layer can, depending on the configuration, allow several endpoints to directly access system interfaces.
In the worst case it elevates the impact of cross-site-scripting vulnerabilities to critical (CVSS 9.0-10.0) if Remote Code Execution (RCE)4 features are enabled and improperly configured.
Remote Source Compromise
Assumptions
The adversary has control over remote domains, storage or assets (scripts, images, source files) referenced and used in the Tauri application.
Goals
Usually the adversary is trying to gain script execution in the frontend or system. Sometimes only exfiltration3 of sensitive data is desired.
Capabilities
The capabilities are similar to the cross-site-scripting adversary with the constraint that the Tauri IPC is only accessible if the remote source is directly embedded without a nonce5 or hash6 or the configuration explicitly allows the remote domain for IPC access7.
Logical Bug in Tauri Command
Assumptions
The adversary has control over parameters of Tauri commands, which expose insecure or unexpected behavior.
This can be exposed to the adversary in multiple ways:
- Exposed by the user via social engineering
- Exposed to remote systems
- Exposed to other local applications which are already compromised
Goals
Usually the adversary is trying to abuse the implemented logic of the command to cause unexpected behavior. The goals vastly differ based per application.
Capabilities
The adversary can (partially) control input passed to Tauri commands. It does not have script execution capabilities to arbitrarily invoke commands.