Skip to content

Security: HasithFernando/Numerical-Methods-GUI

Security

SECURITY.md

Security Policy

Supported Versions

Currently supporting the following version:

Version Supported
1.0.x

Reporting a Vulnerability

We take the security of our software seriously. If you discover a security vulnerability, please follow these steps:

How to Report

  1. Do NOT open a public issue
  2. Send a private message to the repository maintainers
  3. Or email to: [your-email@example.com]

What to Include

Please include the following information in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if you have one)

Response Time

  • We will acknowledge your report within 48 hours
  • We will provide an initial assessment within 7 days
  • We will work on a fix and keep you updated on progress

After a Fix

  • We will release a patch as soon as possible
  • We will credit you in the CHANGELOG (unless you prefer to remain anonymous)
  • We will publish a security advisory if necessary

Security Best Practices

For Users

  1. Keep Dependencies Updated

    pip install --upgrade numpy matplotlib sympy

  2. Use Virtual Environments

    python -m venv .venv

  3. Verify Downloads

    • Always download from official repository
    • Check commit signatures

For Contributors

  1. Code Review

    • All pull requests are reviewed before merging
    • Security implications are considered

  2. Input Validation

    • All user inputs are validated
    • Function parsing is done in safe namespace

  3. Dependencies

    • Only use trusted, well-maintained packages
    • Keep dependencies minimal and up-to-date

Known Limitations

Current Security Considerations

  1. Function Evaluation

    • Uses eval() with restricted namespace
    • Only mathematical functions are exposed
    • No system or file operations available

  2. Input Sanitization

    • Function strings are validated before execution
    • Error handling prevents malicious input

  3. Data Privacy

    • No data is sent to external servers
    • All computations are performed locally
    • No telemetry or tracking

Safe Usage Guidelines

DO:

✅ Use the application with mathematical functions ✅ Test functions in the safe environment provided ✅ Report any unexpected behavior ✅ Keep Python and dependencies updated

DON'T:

❌ Modify the namespace restrictions ❌ Execute untrusted code ❌ Bypass input validation ❌ Share sensitive data through function inputs

Updates and Patches

Security updates will be released as needed:

  • Critical vulnerabilities: Immediate patch
  • High severity: Within 7 days
  • Medium severity: Within 30 days
  • Low severity: Next regular release

Contact

For security concerns, contact:

  • GitHub Issues (for non-security bugs)
  • Direct message to maintainers (for security issues)

Last Updated: November 11, 2025

There aren’t any published security advisories