-
-
Notifications
You must be signed in to change notification settings - Fork 0
security
The full security policy lives in SECURITY.md. This page summarizes it.
Do not open a public issue for security reports. Use GitHub's private advisory channel:
→ https://github.com/1-3-7/disrobe/security/advisories/new
Include a description and impact, a minimal reproducer (input bytes, command line, expected vs observed), the disrobe --version output, the OS/arch, and whether you have a candidate fix. Reports are acknowledged within 72 hours; high-severity fixes target 30 days, with same-week turnaround for parsing-of-untrusted-input issues. Reporters are credited (with their preferred handle) in the advisory and release notes; anonymous reports are welcome.
-
Memory safety in the parsing surface. Any panic/abort on adversarial input that is not a clean
Result::Err; any heap corruption is high severity. -
Resource exhaustion. Zip-bombs, decompression bombs, recursion bombs, and malformed-length-field bombs: bypasses of the
crates/disrobe-binfmt/src/quota.rsquotas. - Path traversal. zip-slip and equivalents on every container extraction path.
-
Server input handling.
disrobe serve(HTTP/gRPC/LSP/MCP) acceptsbytes_b64only; any way to make it read a file via a client-controlled string is high severity. - Subprocess invocation. Command injection or argument smuggling in backend invocation.
-
.drenvelope handling. Read-past-end, integer overflow, or BLAKE3-mismatch acceptance. - Supply chain. Tampering with published binaries, signature bypass, replay, cosign-bundle manipulation.
- Decompilation output correctness on adversarial input: that is correctness work flagged by the round-trip metric, not a security bug. File a normal issue.
- Compute exhaustion from legitimate input (a slow decompile of a 66 MiB bundle is not a vulnerability).
- Issues in third-party tools disrobe wraps: report to their upstreams.
#![forbid(unsafe_code)] workspace-wide (except the two pyo3-interop crates). Strict clippy gate on every commit. cargo deny on every push plus weekly; cargo audit weekly. Shared container quota machinery. BLAKE3-pinned fixtures. Loopback-default servers with a warning banner on non-loopback binds. Branch protection on main (1 approval + green CI + linear history + no force-push).
Release binaries are signed with cosign keyless OIDC (recorded in the Rekor transparency log) and minisign:
cosign verify-blob \
--certificate-identity-regexp '^https://github.com/1-3-7/disrobe/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--signature disrobe-<version>-<target>.tar.zst.sig \
--bundle disrobe-<version>-<target>.tar.zst.cosign.bundle \
disrobe-<version>-<target>.tar.zstThis wiki is generated from docs/src in the disrobe repository by scripts/wiki_sync.py. Edit the docs there, not the wiki pages here.
Getting started
Architecture
- Overview
- The five-rung IR ladder
- Passes and the capability model
- The chain runner
- The .dr envelope
- LLM sidecar and provenance
Reverse-engineering toolkit
Language and format guides
- Python
- JavaScript / TypeScript
- WebAssembly
- JVM and Android
- .NET / CIL
- Native (PE / ELF / Mach-O)
- Go
- Lua
- PHP
- Ruby
- BEAM (Erlang / Elixir)
- Swift / Objective-C
- ActionScript 3 / Flash
- Mobile (Hermes / Flutter)
- Python pickle
- Shell / PowerShell
- Containers and archives
Reference
- CLI overview
- Global flags
- Command reference
- Project configuration
- Batch directory processing
- Run reports
- Analysis-depth commands
- Diff and guard tooling
- The daemon: HTTP, gRPC, LSP, MCP
- Use it as a library
- Python bindings
- The browser playground
- Forensics and malware-safety posture
- Threat model
Integrations
Project