Skip to content

Security: SecurityRonin/blob-decoder

Security

SECURITY.md

Security Policy

Threat model

blob-decoder parses attacker-controllable bytes at a single entry point (identify), which fans out to every decoder. The invariants are:

  • #![forbid(unsafe_code)] — no unsafe anywhere.
  • Panic-free on any input: clippy::unwrap_used and expect_used are denied in library code, and a cargo-fuzz target asserts the no-panic invariant.
  • Bounded memory: every decompression (flate2, snap) is size-capped and the recursive unwrap is depth-capped, so a decompression bomb or an infinitely- nested wrapper is bounded, never fatal. The caps are configurable via Limits.
  • Fail-graceful: a failed or coincidental decode degrades to a lower-confidence or absent reading; it never produces a confident-but-wrong verdict.

Reporting a vulnerability

Please report suspected vulnerabilities privately via a GitHub security advisory on github.com/SecurityRonin/blob-decoder, or by email to security@securityronin.com. We aim to acknowledge within a few business days.

There aren't any published security advisories