Internal audit top level issue

[bennetyee]

when we start the audit, please mark all issues found during this audit as blocking this one. this issue should not be marked as complete until all blockers are resolved (fixed or deferred, etc).

general guideline / things to look for:

• identify potential attack surfaces -- e.g., user input (can users attack anything other than their own account?), unauthenticated JS loading, server auth / MITM potentials (web proxy to futz with messages), not all are nec'y valid (depends on threat model)
• input validation -- data types, value ranges, regex matching/filtering, XSS, SQLi, etc; how errors are handled/reported
• unexpected event ordering / state transitions -- what are the sources of events? are event-order validation needed?
• privilege minimization: can the extension's permissions be further restricted (removed, made optional)?
• test coverage

(please edit to add general pointers/topics).