search

ros2 / design

Design documentation for ROS 2.0 effort
http://design.ros2.org/
Apache License 2.0
218 stars 193 forks source link

Adds security_testing Proposal #235

Closed ryanewel closed 4 years ago

ryanewel commented 5 years ago

This adds a proposed package to test ROS2 Security Vulnerabilities.

The package is meant to build on the work from the ROS2 Threat Model and provide a place for the ROS2 community to collect code that can be used to “attack” ROS 2 applications.

ryanewel commented 5 years ago

Output from running: ./node_modules/remark-cli/cli.js --frail articles/

articles/010_why_ros2.md: no issues found
articles/020_ros_with_dds.md: no issues found
articles/030_ros_with_zeromq.md: no issues found
articles/040_stories.md: no issues found
articles/050_ros_rpc_design.md: no issues found
articles/055_ros_parameter_design.md: no issues found
articles/060_ros_middleware_interface.md: no issues found
articles/080_ros_documentation_system.md: no issues found
articles/100_ament.md: no issues found
articles/101_build_tool.md: no issues found
articles/110_interface_definition.md: no issues found
articles/111_mapping_dds_types.md: no issues found
articles/112_generated_interfaces_cpp.md: no issues found
articles/114_generated_interfaces_python.md: no issues found
articles/120_realtime_background.md: no issues found
articles/121_realtime_proposal.md: no issues found
articles/130_ros_time.md: no issues found
articles/140_topic_and_service_name_mapping.md: no issues found
articles/141_static_remapping.md: no issues found
articles/142_idl.md: no issues found
articles/143_legacy_interface_definition.md: no issues found
articles/200_migration_guide_from_ros1.md: no issues found
articles/actions.md: no issues found
articles/changes.md: no issues found
articles/discovery_and_negotiation.md: no issues found
articles/node_lifecycle.md: no issues found
articles/qos.md: no issues found
articles/ros2_sectest.md: no issues found
articles/ros2_threat_model.md: no issues found
articles/serialization.md: no issues found
vmayoral commented 5 years ago

ping @ryanewel and @thomas-moulard, any chance the comments above could be reviewed and add any value?

vmayoral commented 5 years ago

Question, security_testing is used in the content however both the source code and the proposal are named as ROS2_SecTest. Would it be possible to unify everything and go with security_testing or is there any reason against it?

thomas-moulard commented 5 years ago

We'll update this PR next week - thanks everyone for the input!

thomas-moulard commented 4 years ago

I have a local update to this PR that I will push tomorrow.

thomas-moulard commented 4 years ago

Updated.

thomas-moulard commented 4 years ago

@tfoote could someone ptal? What's the next step to get this merged?

tfoote commented 4 years ago

This looks like it needs a rebase. There's a lot of unrelated commits now embedded in this PR.

Reading through the document it reads a lot more like the README.md for the package rather than a high level design article. As stated in the opening paragraph it's specifically scoped to the package. And as such I might suggest that this actually be added there and not specifically here. It will keep the documentation local to the code and the ownership/maintainership is much clearer for the documentation.

thomas-moulard commented 4 years ago

Thanks for the feedback Tully, we'll move that to our repo.