-
-
Notifications
You must be signed in to change notification settings - Fork 0
security
The full security policy lives in SECURITY.md. This page summarizes it.
Do not open a public issue for security reports. Use GitHub's private advisory channel:
Report at: https://github.com/1-3-7/disrobe/security/advisories/new
Include a description and impact, a minimal reproducer (input bytes, command line, expected vs observed), the disrobe --version output, the OS/arch, and whether you have a candidate fix. Reports are acknowledged within 72 hours; high-severity fixes target 30 days, with same-week turnaround for parsing-of-untrusted-input issues. Reporters are credited (with their preferred handle) in the advisory and release notes; anonymous reports are welcome.
-
Memory safety in the parsing surface. Any panic/abort on adversarial input that is not a clean
Result::Err; any heap corruption is high severity. -
Resource exhaustion. Zip-bombs, decompression bombs, recursion bombs, and malformed-length-field bombs: bypasses of the
crates/disrobe-binfmt/src/quota.rsquotas. - Path traversal. zip-slip and equivalents on every container extraction path.
-
Server input handling.
disrobe serve(HTTP/gRPC/LSP/MCP) acceptsbytes_b64only; any way to make it read a file via a client-controlled string is high severity. - Subprocess invocation. Command injection or argument smuggling in backend invocation.
-
.drenvelope handling. Read-past-end, integer overflow, or BLAKE3-mismatch acceptance. - Supply chain. Tampering with published binaries, signature bypass, replay, cosign-bundle manipulation.
- Decompilation output correctness on adversarial input: that is correctness work flagged by the round-trip metric, not a security bug. File a normal issue.
- Compute exhaustion from legitimate input (a slow decompile of a 66 MiB bundle is not a vulnerability).
- Issues in third-party tools disrobe wraps: report to their upstreams.
The default parsing path is Rust and keeps unsafe out of format decoders. Unsafe blocks are restricted to audited boundary code such as C interop, WASM exports, archive/io shims, build/install helpers, and native-loader interfaces. Strict clippy runs on every commit. cargo deny runs on every push plus weekly; cargo audit runs weekly. Shared container quota machinery, BLAKE3-pinned fixtures, loopback-default servers, and a warning banner on non-loopback binds backstop the runtime surface. Branch protection on main requires review, green CI, linear history, and no force-push.
Release binaries are signed with cosign keyless OIDC and recorded in the Rekor transparency log:
cosign verify-blob \
--certificate-identity-regexp '^https://github.com/1-3-7/disrobe/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle disrobe-<version>-<target>.tar.zst.cosign.bundle \
disrobe-<version>-<target>.tar.zstThis wiki is generated from docs/src in the disrobe repository by scripts/wiki_sync.py. Edit the docs there, not the wiki pages here.
Getting started
Architecture
- Overview
- The five-rung IR ladder
- Passes and the capability model
- The chain runner
- The .dr envelope
- Metadata sidecar and provenance
Reverse-engineering toolkit
- Supported families catalog
- Anti-analysis defeat
- Queryable IR and capabilities
- Recon, prowl, and indicators
Language and format guides
- Python
- JavaScript / TypeScript
- WebAssembly
- JVM and Android
- .NET / CIL
- Native (PE / ELF / Mach-O)
- Go
- Lua
- PHP
- Ruby
- BEAM (Erlang / Elixir)
- Swift / Objective-C
- ActionScript 3 / Flash
- Mobile (Hermes / Flutter)
- Python pickle
- Shell / PowerShell
- Containers and archives
Reference
- CLI overview
- Global flags
- Command reference
- Project configuration
- Batch directory processing
- Run reports
- Analysis-depth commands
- Diff and guard tooling
- The daemon: HTTP, gRPC, LSP, MCP
- Use it as a library
- Python bindings
- The browser playground
- Forensics and malware-safety posture
- Threat model
Integrations
Project