mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
f96a89e7c1
* feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
1.7 KiB
1.7 KiB
Security Policy
Supported Versions
| Version | Supported | Notes |
|---|---|---|
| 0.2.x | ✅ | Latest stable line |
| 0.1.x | ✅ | Critical fixes only |
| < 0.1 | ❌ | End-of-life |
We follow Semantic Versioning as soon as we hit 1.0.0.
Before that, breaking changes may land in any minor release.
Reporting a Vulnerability
-
Private disclosure first.
Please do not open public GitHub issues for security bugs. -
How to report
- To report a vulnerability, please use the GitHub disclosure in the security tab to alert us to a security issue.
-
What to include
– A minimal PoC or reproduction steps
– Affected Nyx version (nyx --version) and OS
– Impact explanation (e.g. RCE, DoS, data leak) -
Response timeline
We acknowledge within 3 business days and give a status update every 7 days thereafter until resolution.
Disclosure Process
- We confirm the issue and assign a CVE (via GitHub or MITRE).
- A fix is developed on a private branch and back-ported if needed.
- Coordinated release: new version on crates.io + public advisory.
- Credit is given to the reporter unless they request anonymity.
Scope & Severity
This policy covers vulnerabilities that let an untrusted Nyx input cause:
- Remote or local code execution in the Nyx process
- Privilege escalation, data exfiltration, or denial of service
False positives / missed detections in scan results are quality issues, not security issues—please file normal GitHub issues for those.