potiuk opened a new pull request, #677: URL: https://github.com/apache/creadur-rat/pull/677
## What Adds a **threat model** for Apache Creadur (RAT) at the Creadur PMC's request (GLASSWING / Mythos scan pre-flight): - **`THREAT_MODEL.md`** — the model ([rubric](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573)). - **`SECURITY.md`** + **`AGENTS.md`** — disclosure pointer + the `AGENTS.md -> SECURITY.md -> THREAT_MODEL.md` chain. ## The model in brief RAT is modelled as an **in-process build/CLI license-audit tool** — not a network service, and explicitly **not a security/vulnerability scanner**. Its security-relevant case is auditing **untrusted** input: the XML configuration (XXE surface) and archive descent (decompression-bomb surface). Findings that require RAT to process input the operator already trusts (the normal case — your own source tree) are out of model. ## DRAFT — you own it; two quick technical confirmations Because RAT is small, the §8-vs-§9 split hinges on two facts I've left as **section 14 questions**: - **Q3** — does `XMLConfigurationReader` disable DOCTYPE/external entities (XXE-safe)? - **Q4** — does `ArchiveWalker` bound decompression (size/depth/entry-count)? Your answers turn those from "open question" into either a provided property (§8) or a documented gap + downstream note (§9). Also **Q6**: want me to add the same chain to `creadur-whisker` and `creadur-tentacles` so all three are discoverable? Generated by the ASF Security team's threat-model tooling (Claude Opus); reviewed before opening. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
