Scope
The following scope was defined during the project intake:
| Repository Name | Repository Path | Commit Hash | Date | Person Days |
|---|---|---|---|---|
| bloopAI | https://github.com/BloopAI/ | 1409b73e5e1a51596c51084e79d4f035238e6bca | 2023.03.30 | 4 |
The total time spent on auditing was 4 person days.
The component Audit was focused on the Tauri specific parts of the application
stack.
The Tauri configuration (tauri.conf.json), commands (#[tauri::command]) and
general interaction between frontend and backend of the application
in /apps/desktop were in scope.
The /server and /client component were out of scope for manual checks, due to
time restrictions.
Threat Model
The main adversary assumed was the Input Control Adversary, as untrusted data is parsed when repositories are searched. Other possible adversaries were not explicitly excluded but considered a lower priority for this engagement.
The most impactful types of business risks were identified as:
- Loss of Integrity
- Loss of Confidentiality
