Although code review is an essential step for ensuring the quality of software, it is surprising that current code review systems do not have mechanisms to protect the integrity of the code review process. We uncover multiple attacks against the code review infrastructure which are easy to execute, stealthy in nature, and can have a significant impact, such as allowing malicious or buggy code to be merged and propagated to future releases. To improve this status quo, in this work we lay the foundations for securing the code review process. Towards this end, we first identify a set of key design principles necessary to secure the code review process. We then use these principles to propose SecureReview, a security mechanism that can be applied on top of a Git-based code review system to ensure the integrity of the code review process and provide verifiable guarantees that the code review process followed the intended review policy. We implement SecureReview as a Chrome browser extension for GitHub and Gerrit. Our security analysis shows that SecureReview is effective in mitigating the aforementioned attacks. An experimental evaluation shows that the SecureReview implementation only adds a slight storage overhead (i.e., less than 0.0006 of the repository size).
H.Afzali, S.Torres-Arias, R.Curtmola and J.Cappos, le-git-imate: Towards verifiable web-based Git repositories, in: Proceedings of the Asia Conference on Computer and Communications Security (AsiaCCS ’18), 2018, pp. 469–482.
2.
H.Afzali, S.Torres-Arias, R.Curtmola and J.Cappos, Towards adding verifiability to web-based Git repositories, Journal of Computer Security28(4) (2020), 405–436. doi:10.3233/JCS-191371.
3.
Bitbucket, https://bitbucket.org.
4.
A.Bosu and J.C.Carver, Peer code review to prevent security vulnerabilities: An empirical evaluation, in: 2013 IEEE Seventh International Conference on Software Security and Reliability Companion, IEEE, 2013, pp. 229–230. doi:10.1109/SERE-C.2013.22.
5.
A.Bosu, J.C.Carver, M.Hafiz, P.Hilley and D.Janni, Identifying the characteristics of vulnerable code changes: An empirical study, in: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2014, pp. 257–268. doi:10.1145/2635868.2635880.
6.
A.Cherepanov, Analysis of TeleBots’ cunning backdoor, https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor.
7.
C.Cimpanu, Hacker gains access to a small number of Microsoft’s private GitHub repos, https://www.zdnet.com/article/hacker-gains-access-to-a-small-number-of-microsofts-private-github-repos/.
8.
Code Reviews at Google, https://www.michaelagreiler.com/code-reviews-at-google/.
N.Fatima, S.Chuprat and S.Nazir, Challenges and benefits of modern code review-systematic literature review protocol, in: 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE), IEEE, 2018, pp. 1–5.
17.
FireEye, Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor, https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html.
M.Gerwitz, A Git horror story: Repository integrity with signed commits, https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits.
26.
Git repositories on Gerrit, https://gerrit.googlesource.com/.
27.
GitHub, https://github.com.
28.
GitHub, The state of the Octoverse, https://octoverse.github.com.
29.
GitHub, Managing a branch protection rule, https://docs.github.com/en/github/administering-a-repository/managing-a-branch-protection-rule.
GitLab, API Docs, https://docs.gitlab.com/ee/api/.
36.
GreatFire, China, GitHub and the man-in-the-middle, https://en.greatfire.org/blog/2013/jan/china-github-and-man-middle.
37.
A.Ibrahim, M.El-Ramly and A.Badr, Beware of the vulnerability! How vulnerable are GitHub’s most popular PHP applications? in: 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), IEEE, 2019, pp. 1–7.
38.
A.Kalyan, M.Chiam, J.Sun and S.Manoharan, A collaborative code review platform for Github, in: 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS), IEEE, 2016, pp. 191–196. doi:10.1109/ICECCS.2016.032.
39.
K.Kawaguchi, Summary report: Git repository disruption incident of Nov 10th, https://www.jenkins.io/blog/2013/11/25/summary-report-git-repository-disruption-incident-of-nov-10th/.
40.
S.Khandelwal, Github account of Gentoo Linux hacked, code replaced with malware, https://thehackernews.com/2018/06/gentoo-linux-github.html.
41.
Mailvelope, https://www.mailvelope.com/en.
42.
B.Marczak, N.Weaver, J.Dalek, R.Ensafi, D.Fifield, S.McKune, A.Rey, J.Scott-Railton, R.Deibert and V.Paxson, An analysis of China’s “Great Cannon”, in: Fifth {USENIX} Workshop on Free and Open Communications on the Internet ({FOCI} 15), 2015.
43.
Microsoft, Open source projects and samples from Microsoft, https://github.com/microsoft.
44.
A.Mishra, Secure code review – A necessity, https://www.kratikal.com/blog/secure-code-review-a-necessity/.
P.Ogale, M.Shin and S.Abeysinghe, Identifying security spots for data integrity, in: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Vol. 2, IEEE, 2018, pp. 462–467. doi:10.1109/COMPSAC.2018.10277.
47.
C.Osborne, Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide, https://www.zdnet.com/article/supply-chain-attack-installs-backdoors-through-hijacked-asus-live-update-software/.
L.Pascarella, D.Spadini, F.Palomba, M.Bruntink and A.Bacchelli, Information needs in contemporary code review, in: Proceedings of the ACM on Human-Computer Interaction 2 (CSCW), 2018, p. 135.
N.Popov, php.internls: Changes to Git commit workflow, https://news-web.php.net/php.internals/113838.
52.
A.Ram, A.A.Sawant, M.Castelluccio and A.Bacchelli, What makes a code change easier to review: An empirical investigation on code change reviewability, in: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ACM, 2018, pp. 201–212. doi:10.1145/3236024.3236080.
C.Sadowski, E.Söderberg, L.Church, M.Sipko and A.Bacchelli, Modern code review: A case study at Google, in: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice, ACM, 2018, pp. 181–190. doi:10.1145/3183519.3183525.
A.Sharma, Here’s how a researcher broke into Microsoft VS Code’s GitHub, https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/.
58.
D.Stuckeyi, Defending infrastructure as code in GitHub enterprise, https://www.sans.org/reading-room/whitepapers/securecode/paper/39380.
59.
Symantec, Internet security threat report 2019, https://docs.broadcom.com/doc/istr-24-2019-en.
Z.Whittaker, Linux Mint website hacked to trick users into downloading version with backdoor, https://www.zdnet.com/article/linux-mint-website-hacked-malicious-backdoor-version/.
65.
WIRED, A mysterious hacker group is on a SUpply chain hijacking spree, https://www.wired.com/story/barium-supply-chain-hackers/.
66.
C.Yang, X.-H.Zhang, L.-B.Zeng, Q.Fan, T.Wang, Y.Yu, G.Yin and H.-M.Wang, RevRec: A two-layer reviewer recommendation algorithm in pull-based development model, Journal of Central South University25(5) (2018), 1129–1143. doi:10.1007/s11771-018-3812-x.
