Please DO NOT report security vulnerabilities through public GitHub issues.

1. Email: Send details to security contact listed in .well-known/security.txt
2. Encryption: Use PGP key if available (see .well-known/security.txt)
3. Information: Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity
  • Critical: 7 days
  • High: 14 days
  • Medium: 30 days
  • Low: 90 days

• We follow responsible disclosure practices
• Security advisories will be published after:
  • Fix is available
  • Users have had time to update (typically 7-14 days)
  • Coordination with affected parties

1. Keep Updated: Always use the latest version
2. Verify Downloads: Check signatures and checksums
3. Review Permissions: Understand what access the tool requires
4. Audit Configurations: Review generated configs before use
5. Report Issues: Help us identify vulnerabilities

1. Input Validation: Always validate external input
2. Avoid Shell Injection: Use safe subprocess APIs (duct)
3. No Unsafe Rust: Avoid unsafe blocks unless absolutely necessary
4. Dependency Audits: Run cargo audit regularly
5. Secrets Management: Never commit secrets or credentials
6. Code Review: All changes require review

• ✅ Type Safety: Rust compile-time guarantees
• ✅ Memory Safety: No buffer overflows, use-after-free
• ✅ Safe Subprocess: duct for shell command execution
• ✅ Input Validation: Strict parsing and validation
• ✅ Audit Logging: Track all operations
• ✅ SELinux Support: Context-aware security

# Run security audit
cargo audit

# Check for unsafe code
cargo geiger

# Dependency tree
cargo tree

# License compliance
cargo license

The tool executes asdf commands via subprocess. Mitigations:

• Input sanitization
• No shell interpolation
• Allowlist of valid commands
• Audit logging

Requires read/write to:

• ~/.asdf/ directory
• Cache directory
• Configuration files

Mitigations:

• Path validation
• No symbolic link following
• Permission checks

Cache could be manipulated. Mitigations:

• Integrity verification
• TTL enforcement
• Cache validation
• Secure permissions (0600)

Rust dependencies could introduce vulnerabilities. Mitigations:

• cargo audit in CI
• Minimal dependency footprint
• Regular updates
• Review of dependency changes

# Audit dependencies
just audit

# Check for unsafe code
just security-check

# Verify RSR compliance
just rsr-verify

# Run all security checks
just security-full

• Command injection via asdf arguments
• Path traversal attacks
• Cache poisoning
• Dependency vulnerabilities
• Denial of service (resource exhaustion)

• Vulnerabilities in asdf itself
• OS-level exploits
• Social engineering
• Physical access attacks

See .well-known/security.txt for current contact information.

We acknowledge security researchers who responsibly disclose vulnerabilities:

(None yet - be the first!)

• OWASP Top 10
• Rust Security Guidelines
• RFC 9116: security.txt
• CWE Top 25

Last Updated: 2024-11-22