Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Textual Internal Audit #15549

Closed
5 of 34 tasks
Tracked by #11970
amaury1093 opened this issue Mar 27, 2023 · 2 comments
Closed
5 of 34 tasks
Tracked by #11970

Textual Internal Audit #15549

amaury1093 opened this issue Mar 27, 2023 · 2 comments
Assignees
@amaury1093 @facundomedica
Labels
module-readiness-checklist

Comments

@amaury1093
Copy link
Contributor

amaury1093 commented Mar 27, 2023
edited by facundomedica

Textual Internal Audit

This checklist is to be used for tracking the final internal audit of SIGN_MODE_TEXTUAL prior to inclusion in a published release.

Note: there is an external audit happening. However, it's useful to also have an internal one, to check things that external auditors might not, such as:

  • API naming and godocs
  • can the spec be improved (e.g. re human readability)?
  • make sure that the spec and implementation both match 1:1 (e.g. there's no hidden implementation detail that's not in the spec)

Scope

Methodology

The following checklist should be run for each item in the Scope. This audit should be performed on commit hash a8dcedd.

  • API audit
    • Are public structs, interfaces, methods and types well-named and organized?
    • Is everything well documented (inline godoc)?
  • Code correctness
    • Verify correctness upon visual inspection
    • Ensure all state machine code which could be confusing is properly commented
    • Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient
    • Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method
    • Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed
  • Spec
    • Can we improve human readability while maintaining security?
    • Is the spec fully implemented?
    • Are there implementation choices that should be documented in the spec?
@amaury1093 amaury1093 mentioned this issue Mar 27, 2023
Closed
39 tasks
@amaury1093 amaury1093 mentioned this issue Mar 27, 2023
Merged
19 tasks
@amaury1093
Copy link
Contributor Author

amaury1093 commented Mar 30, 2023
edited

Here's the wip audit report: https://hackmd.io/@amaurym/BJ2IOrlWn (@facundomedica's also an admin of the doc).

@facundomedica
Copy link
Member

facundomedica commented Apr 26, 2023
edited

Audit concluded, read the finished audit here: https://hackmd.io/G35OvyFES5C3tOnEuej0yw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amaury1093 amaury1093

@facundomedica facundomedica

Labels
module-readiness-checklist
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amaury1093 @facundomedica