11# Security Policy
22
3+ ## Threat Model
4+
5+ BWIPP is a pure PostScript library that generates barcode graphics. It:
6+
7+ - Runs entirely within the hosting PostScript interpreter (printer, RIP,
8+ Ghostscript, Distiller, etc.) with the same privileges as that interpreter.
9+ - Does not access the network, filesystem, or any external resources beyond
10+ what the interpreter itself provides.
11+ - Processes user-supplied barcode data strings and options to produce graphical
12+ output. None of this data is executable code.
13+
14+ An attacker who can supply arbitrary PostScript to an interpreter already has
15+ full access to that interpreter's capabilities. BWIPP does not extend the
16+ interpreter's attack surface.
17+
18+ ## What Is a Vulnerability
19+
20+ A vulnerability is a bug in which barcode data or options — passed through the
21+ documented encoder interface — causes the PostScript interpreter to behave in a
22+ way that compromises the security of the hosting system, such as:
23+
24+ - ** Unbounded resource consumption** without any implementation limit being
25+ reached.
26+ - ** Interpreter crashes** from data that exceeds reasonable PostScript
27+ implementation limits (string length, dictionary size, stack depth).
28+ - ** Attempted access to system data** such as arbitrary file access or reading
29+ process memory.
30+
31+ ## What Is Not a Vulnerability
32+
33+ Most reported security bugs in BWIPP are "just bugs." The following are not
34+ considered security vulnerabilities, and should be reported openly via the
35+ [ issue tracker] ( https://github.com/bwipp/postscriptbarcode/issues ) :
36+
37+ - ** Incorrect barcode output** from valid input (a correctness bug).
38+ - ** PostScript errors** (e.g. ` stackunderflow ` , ` rangecheck ` ) caused by
39+ malformed input data or options — the library validates input and raises
40+ descriptive errors; unhandled cases are ordinary bugs (that should be
41+ reported as such).
42+ - ** API misuse** — calling encoders with incorrect stack state, wrong argument
43+ types, or outside the documented calling convention.
44+ - ** Issues in debug/development features** that require ` enabledebug ` or
45+ ` enabledontdraw ` to be explicitly set in global context.
46+
347## Supported Versions
448
549All development is done against the current head of the master branch,
@@ -8,10 +52,16 @@ regularly and often. Bugfixes are not backported to old versions.
852
953## Reporting a Vulnerability
1054
11- For BWIPP, most security bugs are "just bugs", so report them openly via the
12- issue tracker.
55+ If an issue meets the above definition of a security vulnerability, consider
56+ reporting it openly via the
57+ [ issue tracker] ( https://github.com/bwipp/postscriptbarcode/issues ) . For BWIPP,
58+ transparency is more useful than embargo.
1359
1460If you determine that the issue is so serious as to place users' systems at
15- grave risk then feel free to contact the author directly. But it is unlikely
16- to result in coordinated disclosure: The ecosystem is too diverse with the
17- code finding itself in many esoteric places.
61+ grave risk then feel free to contact the maintainer directly. But it is
62+ unlikely to result in coordinated disclosure: the ecosystem is too diverse,
63+ with the code finding itself in many esoteric places.
64+
65+ ## Known Security Issues
66+
67+ None.
0 commit comments