diff --git a/audits/assail-classifications.a2ml b/audits/assail-classifications.a2ml new file mode 100644 index 0000000..f4def3a --- /dev/null +++ b/audits/assail-classifications.a2ml @@ -0,0 +1,158 @@ +;; SPDX-License-Identifier: MPL-2.0 +;; Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) +;; +;; Assail Classifications — gossamer + +(assail-classifications + (metadata + (version "1.0.0") + (project "gossamer") + (last-updated "2026-05-26") + (entries 24) + (status "active")) + + (classification + (file "src/interface/ffi/src/webview_gtk.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_gtk.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/csp.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/csp.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/plugin.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/main.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/dialog.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/dialog.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_cocoa.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_cocoa.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/clipboard.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/clipboard.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_ios.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_ios.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/ssg.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/file_watcher.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/file_watcher.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/groove.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/ipc_handlers.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/webview_win32.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/tray.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/tray.zig") + (category "UnsafeFFI") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/conf.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) + (classification + (file "src/interface/ffi/src/shell.zig") + (category "UnsafeCode") + (classification "legitimate-ffi") + (audit "audits/audit-ffi-2026-05-26.md") + (rationale "Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary.")) +) diff --git a/audits/audit-ffi-2026-05-26.md b/audits/audit-ffi-2026-05-26.md new file mode 100644 index 0000000..ca040d4 --- /dev/null +++ b/audits/audit-ffi-2026-05-26.md @@ -0,0 +1,24 @@ + + +# Audit: FFI `unsafe` blocks (gossamer) + +**Auditor**: Jonathan D.A. Jewell +**Date**: 2026-05-26 +**Scope**: panic-attack assail Critical/High UnsafeCode/UnsafeFFI findings under `src/interface/ffi/src/`. +**Cross-reference**: [hyperpolymath/panic-attack#32](https://github.com/hyperpolymath/panic-attack/issues/32). +**Registry**: `audits/assail-classifications.a2ml`. + +## Rationale + +Zig FFI bridge for the gossamer interface layer (WebKit GTK webview, CSP enforcement). Each unsafe block is an extern call across the Zig→C boundary. + +Every `unsafe` block is at the C-ABI boundary and is required by Zig to call into C. The classification is scoped to `src/interface/ffi/src/`. Any `unsafe` block outside that root remains visible. + +## Anti-gameability + +Registry is a separate file from any source under scan; new unsafe in the FFI root requires a companion classification edit + audit-doc update. + +Refs hyperpolymath/panic-attack#32.