With reference to industry standards and best practices, this document provides specifications for security tests of the OpenHarmony project.
Review the code of each module according to OpenHarmony C&C++ Secure Coding Guide and fix all issues found in the review.
Use the OpenHarmony gated check-in to scan your code and clear all alarms.
Use the compilation option scanning tool to scan your binary file and ensure that the settings of all the compilation options comply with the OpenHarmony Compilation Specifications.
For the module that receives and processes user-mode parameters, develop gray-box and white-box fuzz testing suites according to the Fuzz Testing Guide and complete the tests.
Use mainstream vulnerability scanning tools to scan open-source components. Ensure that all the detected vulnerabilities have been fixed according to the vulnerability management process of the community.
Perform consistency check of the released versions, and check that the released version images provide the SAH-256 checksum.
Complete the security design self-check for each module according to OpenHarmony Security Design Specifications. Ensure that all design issues found in the self-check have been fixed.
Use mainstream viruses scanning software to scan software packages. Ensure that all virus detected have been removed or confirmed as false alarms.
Search for ".cer" and ".pem" or keyword such as "PRIVATE KEY" to find the certificate key, and check that the certificate key is within the validity period and the encryption algorithm meets encryption algorithm requirements. Ensure that all certificate key issues have been resolved.
Perform black-box fuzz testing on exposed user-mode APIs, including system service APIs, kernel driver APIs, socket APIs, and more.
NOTE
The preceding requirements apply to all new and inherited features.
The mandatory security test performed before version release is complete only when:
All the security tests mentioned in Security Test Content are complete.
All security issues have been closed.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。