• Create ticket/issue

Follow the guide to enable codebase context checks.

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No audit logs: The new code adds video system types and UI class toggles without any logging of critical
actions such as mode changes, making it unclear if audit trails for such changes exist
elsewhere.

    $('.preview').toggleClass('preview_hdzero cut43_left', (video_type == 'HDZERO'))
    $('.third_right').toggleClass('preview_hdzero_side', (video_type == 'HDZERO'))
    // -- BFHDCOMPAT
    $('.third_left').toggleClass('preview_bfhdcompat_side', (video_type == 'BFHDCOMPAT' || video_type == 'DJI_NATIVE'))
    $('.preview').toggleClass('preview_bfhdcompat cut43_left', (video_type == 'BFHDCOMPAT' || video_type == 'DJI_NATIVE'))
    $('.third_right').toggleClass('preview_bfhdcompat_side', (video_type == 'BFHDCOMPAT' || video_type == 'DJI_NATIVE'))

    OSD.GUI.updateGuidesView($('#videoGuides').find('input').is(':checked'));
};

Learn more about managing compliance generic rules or creating your own custom rules

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No parsing checks: The updated parsing of servo rules changes integer reads to unsigned without additional
validation or error handling for malformed data buffers, leaving edge cases unhandled if
upstream data is invalid.

if (data.byteLength % 6 === 0) {
    for (let i = 0; i < data.byteLength; i += 6) {
        FC.SERVO_RULES.put(new ServoMixRule(
            data.getUint8(i),
            data.getUint8(i + 1),
            data.getInt16(i + 2, true),
            data.getUint8(i + 4),
            data.getInt8(i + 5)
        ));

Learn more about managing compliance generic rules or creating your own custom rules

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Input validation: The MSP data parsing reads bytes from external/input data without explicit validation or
range checks after changing to unsigned reads, which may pose risks if data originates
from untrusted sources.

if (data.byteLength % 6 === 0) {
    for (let i = 0; i < data.byteLength; i += 6) {
        FC.SERVO_RULES.put(new ServoMixRule(
            data.getUint8(i),
            data.getUint8(i + 1),
            data.getInt16(i + 2, true),
            data.getUint8(i + 4),
            data.getInt8(i + 5)
        ));

Learn more about managing compliance generic rules or creating your own custom rules