potiuk opened a new pull request, #106: URL: https://github.com/apache/synapse/pull/106
**This is a draft proposal for the Synapse PMC to review — please correct, reject, or discuss as needed.** Nothing here is a requirement; the maintainers are the decision-makers. This PR adds `THREAT_MODEL.md` + `SECURITY.md` + `AGENTS.md`, wiring `AGENTS.md -> SECURITY.md -> THREAT_MODEL.md`. The model's framing: Synapse is a *mediation engine*, not a finished app. The **integration developer** authors the config (sequences, scripts, XSLT/XQuery, endpoints, security); that config is **trusted input**, while the **inbound message from a network client is the untrusted adversary**. So properties are conditional, and the integrator-responsibilities section carries weight. Draft-first, mostly inferred (~12 documented / 0 maintainer / ~48 inferred); every `*(inferred)*` claim routes to a numbered **§14** question. The **wave-1** rulings decide `VALID`-vs-misconfiguration: - Do the message builders and **XSLT/XQuery mediators disable DTD / external-entity / `document()` resolution** on untrusted inbound messages by default (so an XXE/SSRF-via-transform report against defaults is `VALID`)? - Are there default **message-size / depth / streaming limits** bounding XML DoS? Also flagged: dynamic/content-based **endpoint resolution as an SSRF surface**, and confirming script/XSLT/XQuery bodies are trusted config. Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting. Drafted via the [threat-model-producer](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573) rubric. If you'd rather author it yourselves, close this PR and we'll regroup. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
