ibrahimcesar/velociplot

Security audit of input handling

Open

#21 geöffnet am 29. Nov. 2025

Auf GitHub ansehen
 (1 Kommentar) (0 Reaktionen) (0 zugewiesene Personen)Rust (0 Forks)auto 404
help wantedpriority: medium

Repository-Metriken

Stars
 (3 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

Description

Perform a security audit focusing on input validation and file handling.

Areas to Review

  • CSV parsing (injection attacks)
  • JSON parsing (DoS via nested objects)
  • File path handling (traversal attacks)
  • Memory allocation limits
  • Integer overflow checks

Tasks

  • Review all input parsing code
  • Add input size limits
  • Add path validation
  • Run cargo-audit
  • Consider fuzz testing

Acceptance Criteria

  • No known vulnerabilities
  • Input limits documented
  • cargo-audit clean

Contributor Guide