Paksmith reads and parses binary archive files from potentially untrusted sources. Security-relevant areas include:
- Binary format parsing (buffer overflows, integer overflows, excessive allocations)
- AES decryption key handling
- Network requests to community registries
- File system writes during extraction
If you discover a security vulnerability, please report it privately:
- Do not open a public GitHub issue.
- Email the maintainers directly (or use GitHub's private vulnerability reporting if enabled on the repository).
- Include a description of the vulnerability, steps to reproduce, and potential impact.
We aim to acknowledge reports within 48 hours and provide a fix or mitigation within 7 days for critical issues.
Only the latest release on main is actively supported with security fixes.
unsafecode is denied workspace-wide via lint configuration.- All dependencies are subject to
cargo audit(run periodically and in CI when configured). - Fuzzing targets for binary parsers will be added as the format handling matures.
- AES keys are never logged. Tracing spans for decryption operations omit key material.
- Network requests use HTTPS exclusively. Registry endpoints validate TLS certificates.
- File extraction respects path boundaries — no path traversal via crafted archive entries.