The task was to implement a security-critical webshop that can be used to sell and buy animated images stored in a custom format. The webshop has to support CAFF (_CrySyS Animated File Format_). The system consists of a web service and a mobile or web client.
# Overview of the implementation
During the design phase, we decided to implement a web client.
Our implementation consists of the following modules:
- **CAFF previewer** / [caff-previewer](https://github.com/UnstableVortexSecurity/caff-previewer): A program written in C that is used to extract a preview (a single frame) from a CAFF file. The extracted preview is saved in .tga (TARGA) format, which is a simple bitmap image format.
- **CAFF previewer wrapper** / [caff-previewer-wrapper](https://github.com/UnstableVortexSecurity/caff-previewer-wrapper): A wrapper written in Python/Flask that provides a simple HTTP interface between CAFF previewer and the web client. The wrapper also converts the extracted preview to PNG using ImageMagick.
- **Web application** / [webshop](https://github.com/UnstableVortexSecurity/webshop): A web client written in Python/Flask. This client implements the user functions.
This module is responsible for extracting previews from CAFF files. The module can be built using CMake, detailed instructions are available in the module's [README file](https://github.com/UnstableVortexSecurity/caff-previewer/blob/master/README.md).
## Error handling
Functions that perform a complex task can fail in multiple ways. In order to be able to pinpoint the exact issue, these functions always have to return with a status code. The type of the status code is `uint8_t`.
Successful execution is indicated by the status code `0x00`. Any outputs of the function must be returned using pointers given in the parameters. The status code is almost always used as an exit code for the program, so users can easily identify the exact issue.
Each error type must have a status code that is unique in the whole program. The status codes are divided into two parts:
- First 4 bits: identifies a certain module of the previewer
The module provides its own memory allocation library called **MagicMemory**. The library can be used to create MagicMemory contexts. All memory allocation calls must be performed through this library. If a function allocates memory, it has to take a MagicMemory context (that has the type `mm_ctx`) as its first parameter and perform the memory allocation inside that context. Before the program exits, all of the contexts must be freed up.
## Data validation
There are two different kinds of functions that perform data validation:
- **Validator**: A validator only validates data according to its format specification.
- **Parser**: A parser validates data and then extracts some fields from the data.
It is not unusual for a parser function to call a validator function to validate its whole input before extracting the fields.
Since our webshop is a modern web application it has quite a few dependencies. To make trying it out easier we deployed to our own secure Kubernetes cluster. It is available at https://unstablevortex.kmlabz.com/ .
The application connects to every dependency (Minio, Caff Previewer Wrapper, SMTP and PostgreSQL server) over TLS and the configuration environment variables are stored in Vault.
