(incubator-baremaps) branch main updated: Add security model

Thu, 24 Jul 2025 13:43:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

bchapuis pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-baremaps.git


The following commit(s) were added to refs/heads/main by this push:
     new 6245803fd Add security model
6245803fd is described below

commit 6245803fd8d71f342bf5b207ea7c5bb0ffa9a1b0
Author: Bertil Chapuis <[email protected]>
AuthorDate: Thu Jul 24 22:42:59 2025 +0200

    Add security model
---
 SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..b989f131a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+# Apache Baremaps Security Model
+
+This document describes the security assumptions and roles for Apache 
Baremaps. It clarifies who is trusted and their responsibilities.
+
+## Roles
+
+* **Administrator**: Administrates Apache Baremaps, managing the system, 
configurations, tasks, and data through the CLI or other administrative 
interfaces.
+* **User**: Uses Apache Baremaps through limited, controlled interfaces such 
as the web interface or API.
+
+## Trust Model
+
+* **Trusted**:
+
+    * Administrators
+
+* **Untrusted**:
+
+    * Users
+
+## Security Assumptions
+
+* Administrators are fully trusted and responsible for the security of the 
system and application.
+* Configuration files and data sources are managed exclusively by trusted 
administrators.
+
+## Security Boundaries
+
+* Apache Baremaps relies entirely on trusted administrators to manage files 
and data.
+* Risks such as file path traversal are low because only administrators have 
access to critical configuration and data inputs.
+
+### Example: Partial Path Traversal Vulnerability in Zip Files
+
+Administrator-provided files are trusted. For instance, if an administrator 
uses a zip file with a path traversal vulnerability, Apache Baremaps does not 
systematically sanitize the content, as the administrator is expected to ensure 
the integrity of the files.
+
+User-provided files are not trusted. For instance, if a user uploads a file 
through an HTTP endpoint, Apache Baremaps must systematically sanitize and 
validate the content to block partial path traversal attacks.
+
+## Reporting Security Issues
+
+Report vulnerabilities to [[email protected]](mailto:[email protected]). 
The Baremaps PMC will address issues following Apache Security guidelines.

Reply via email to