GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → google → Go Safeweb

google / Go Safeweb

Licence: apache-2.0
Secure-by-default HTTP servers in Go.

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

securityhttphttp-serversecurity-hardening

Projects that are alternatives of or similar to Go Safeweb

Firefly
Firefly is an asynchronous web framework for rapid development of high-performance web application.
Stars: ✭ 277 (-24.32%)
Mutual labels:  http-server
Wazuh Ruleset
Wazuh - Ruleset
Stars: ✭ 305 (-16.67%)
Mutual labels:  security-hardening
Gizmo
A Microservice Toolkit from The New York Times
Stars: ✭ 3,566 (+874.32%)
Mutual labels:  http-server
Beast
HTTP and WebSocket built on Boost.Asio in C++11
Stars: ✭ 3,241 (+785.52%)
Mutual labels:  http-server
Oak
A middleware framework for handling HTTP with Deno 🐿️ 🦕
Stars: ✭ 3,799 (+937.98%)
Mutual labels:  http-server
Statcode
Man pages for HTTP status codes
Stars: ✭ 307 (-16.12%)
Mutual labels:  http-server
Pegasus.lua
🚀 Pegasus.lua is an http server to work with web applications written in Lua language.
Stars: ✭ 274 (-25.14%)
Mutual labels:  http-server
Restana
Super fast and minimalist framework for building REST micro-services.
Stars: ✭ 341 (-6.83%)
Mutual labels:  http-server
Jetty.project
Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more
Stars: ✭ 3,260 (+790.71%)
Mutual labels:  http-server
Thgtoa
The Hitchhiker’s Guide to Online Anonymity
Stars: ✭ 326 (-10.93%)
Mutual labels:  security-hardening
Webserver
A C++ High Performance Web Server
Stars: ✭ 4,164 (+1037.7%)
Mutual labels:  http-server
Atom
Java course materials
Stars: ✭ 293 (-19.95%)
Mutual labels:  http-server
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1146.17%)
Mutual labels:  security-hardening
Serialkiller
Look-Ahead Java Deserialization Library
Stars: ✭ 277 (-24.32%)
Mutual labels:  security-hardening
Rhel7 Cis
Ansible role for Red Hat 7 CIS Baseline
Stars: ✭ 337 (-7.92%)
Mutual labels:  security-hardening
Http
Host These Things Please - a basic http server for hosting a folder fast and simply
Stars: ✭ 275 (-24.86%)
Mutual labels:  http-server
Statik
Embed files into a Go executable
Stars: ✭ 3,348 (+814.75%)
Mutual labels:  http-server
Cppwebframework
​The C++ Web Framework (CWF) is a MVC web framework, Open Source, under MIT License, using C++ with Qt to be used in the development of web applications.
Stars: ✭ 348 (-4.92%)
Mutual labels:  http-server
Neutralinojs
Portable and lightweight cross-platform desktop application development framework
Stars: ✭ 4,731 (+1192.62%)
Mutual labels:  http-server
Comet
Modern PHP framework for building blazing fast REST APIs, CRUDs and microservices
Stars: ✭ 328 (-10.38%)
Mutual labels:  http-server
View All Similar Projects ➔

go-safeweb

DISCLAIMER: This is not an officially supported Google product.

go-safeweb is a collection of libraries for writing secure-by-default HTTP servers in Go.

Contributing

This project is in an early stage. We are currently not accepting any contributions.

Overview

The flexibility of Go’s net/http package allows users to quickly implement HTTP servers.

Responses are then written simply as slices of bytes, headers can be arbitrarily manipulated and so on. This approach offers much needed flexibility for these who really need it.

Unfortunately, this approach leaves great space for introducing security vulnerabilities and even experienced developers tend to do so.

This document aims to design an HTTP API that eliminates whole classes of bugs, like Cross-Site Scripting (XSS) or Cross-Site Request Forgery (XSRF). This can be achieved by an approach known at Google as safe coding. Learn more at Securing the Tangled Web (Chistoph Kern, 2014) or Preventing Security Bugs through Software Design (Christoph Kern, 2016).

Goals and Non-Goals

Goals

G1: Secure-by-default

Security mechanisms are applied by default (opt-out, not opt-in).

G2: Unsafe Usage is Easy to Review, Track and Restrict

All opt-outs from security mechanisms are explicit. Wherever possible, they’re contained inside a package or an option that’s easy to restrict.

G3: Designed for Evolving Security Requirements

Enforcing new security measures is feasible through AST manipulation. Existing users can be migrated using static analysis and/or runtime monitoring. Read more here.

G4: High Compatibility with Go’s Standard Library and Existing Open-Source Frameworks

Whenever possible, keep existing layouts, function signatures and other API parts the same as the Go’s standard library. High compatibility enables wide adoption.

Non Goals

NG1: Safe API Completeness

Creating safe APIs for all the corner cases might result in a bloated codebase. Our experience shows that this isn’t necessary.

NG2: Full Compatibility with Go’s Standard Library and Existing Open-Source Frameworks

Existing open-source frameworks or the Go standard library need to support each developer scenario. This would have left us with limited options of creating safe-by-default HTTP servers.

NG3: Features That Are Not Security Critical

Go Safe Web aims to help you create a secure-by-default Go HTTP server and nothing more. Features that are not security critical will not be added. Focusing solely on security allows us to maintain high compatibility with the standard library and makes adoption easier.

Security Vulnerabilities and Mitigations

On a high level, we plan to address, or provide the needed infrastructure to address, following issues (not an exhaustive list):

  • XSS (cross-site scripting) and XSSI (cross-site script inclusion) - e.g. by controlling how responses are generated
  • XSRF (cross-site request forgery) - e.g. by using Fetch Metadata policies, supporting token-based XSRF protection
  • CORS (cross-origin resource sharing) - e.g. by taking control of CORS response headers and handling CORS preflight requests
  • CSP (content security policy) - e.g. by automatically adding script nonces to HTML responses, adding relevant security headers
  • Transport Security - e.g. by enforcing HSTS support
  • IFraming - e.g. by setting relevant HTTP headers to restrict framing or providing server-side support for origin selection
  • Auth (access control) - e.g. by providing infrastructure for plugging in access control logic in an uniform, auditable way
  • HTTP Request Parsing Bugs - e.g. by implementing strict and well documented parsing behavior
  • Error responses - e.g. by providing infrastructure for uniform error handling (e.g. to prevent accidental leaks or XSS from error responses)
  • Enforcement of other security specific HTTP headers - here

Appendix

Evolving Security Requirements (example)

Imagine an API for configuring access control. It features three types of rules:

  • ALLOW(user) - allows a given user
  • DENY(user) - denies a given user (has priority over ALLOW)
  • REPORT(user) - reports that it has seen a request from a given user

Imagine now that at some point, security standards need to be increased and user = "frombulator" has been determined to not meet the desired bar.

How do we, for all the services running in our company, address this?

  1. For existing services, we add a LegacyFrombulatorAccess option like so: security.AccessControl(rules, unsafe.LegacyFrombulatorAccess()).
  2. We change the security.AccessControl() call to add by default a DENY("frombulator") rule. This rule is not added if unsafe.LegacyFrombulatorAccess is applied.
  3. Instead, unsafe.LegacyFrombulatorAccess adds a REPORT("frombulator") rule.

This way, we have:

  • Ensured that all new callers of security.AccessControl use the safe setting by default.
  • Can monitor existing services dependence on calls from the frombulator. After a period of observation (let’s say, 30 days):
    • If the service doesn’t receive requests from the frombulator: prune the unsafe.LegacyFrombulatorAccess option.
    • If the service does receive requests from the frombulator: inform the service owners and plan a fix.

Crucially, only the last case (dependence on unsafe configuration) requires engineering work per service. The rest can be automated.

This approach is possible due to careful API design. A missing DENY or REPORT rule, or a single sink in the form of security.AccessControl would make this infeasible.

Source Code Headers

Every file containing source code must include copyright and license information. This includes any JS/CSS files that you might be serving out to browsers. (This is to help well-intentioned people avoid accidental copying that doesn't comply with the license.)

Apache header:

Copyright 2020 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].