fix(security): prevent deep-nesting stack overflow, harden API and CI#65
Merged
Conversation
Pre-public-release security hardening (comrak stays verbatim, 0-line diff): - splice/ir: replace the recursive comrak-AST walks (ast_splice::walk, sentinel_stream::visit_text_leaves) with explicit work-stack iteration, and depth-bound the IR builder. Deeply nested input (e.g. many `> ` blockquotes — comrak caps list nesting at 100 but not blockquotes) no longer overflows the stack and aborts the process under panic=abort. Adds tests/deep_nesting.rs regression coverage. - api: hide the raw-HTML spec-only Options constructors (commonmark_only / gfm_only) from the published surface and warn; add an oversized- input guard to the public entry points. - ci/supply-chain: add a per-PR audit-comrak gate matching the vendored comrak version against RustSec advisories; pin Docker base images by digest and composite-action deps by SHA; document the panic=abort embedder contract in SECURITY.md. - playground: add a strict production Content-Security-Policy. Verified green via `just ci`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Dependency ReviewThe following issues were found:
License Issues.github/workflows/release.yml
OpenSSF Scorecard
Scanned Files
|
P4suta
added a commit
that referenced
this pull request
Jun 14, 2026
Pre-1.0 minor bump **0.3.0 → 0.4.0** to cut the next afm release, tracking the freshly released **aozora v0.4.0**. Changes (release bookkeeping only — no afm source changes): - bump afm workspace version 0.3.0 → 0.4.0 - sync the umbrella `aozora` pin (and the cargo-fuzz pin) to the released aozora **v0.4.0** commit `df0f64b` (tagged + provenance- attested), and bump the `version = "0.4.0"` constraint to match - promote `CHANGELOG.md` `[Unreleased]` → `[0.4.0] - 2026-06-14`⚠️ **Reviewer note — CHANGELOG completeness:** the `[Unreleased]` section is hand-curated. I promoted the heading and preserved all existing content, but did **not** backfill the most recent commits (#57–#67: later playground features, `fix(security)` deep-nesting stack-overflow #65, build provenance attestation #64/#66). Add any user-facing entries you want under `[0.4.0]` before merge. `just check` passes against aozora 0.4.0. After merge: tag `v0.4.0` on main → `release.yml` builds the three target binaries + attests build provenance. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
P4suta
added a commit
that referenced
this pull request
Jun 14, 2026
Post-v0.4.0 maintenance, mirroring the sibling aozora repo and addressing warnings from the v0.4.0 release run. **CI (`ci:` commit)** - bump `actions/attest-build-provenance` `v2.4.0` → `v4.1.0` (SHA-pinned): v2.4.0 runs on the deprecated Node 20; v3+ moved to Node 24. `subject-path` input unchanged. - pin the Windows release runner `windows-latest` → `windows-2025`. - add `CARGO_NET_RETRY: "10"` to `x-common-env` to ride out transient `static.crates.io` blips. **Docs (`docs:` commit)** - backfill the hand-curated `[0.4.0]` CHANGELOG section, which lagged the latest commits: round-2 playground features (#57–62), build provenance attestation (#64, #66), the aozora v0.4.0 pin, and the deep-nesting stack-overflow fix (#65). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pre-public-release security hardening
A focused security pass ahead of public release. comrak stays verbatim (0-line diff); verified green via
just ci.Fixes
ast_splice::walk,sentinel_stream::visit_text_leaves) are replaced with explicit work-stack iteration, and the IR builder is depth-bounded. comrak caps list nesting at 100 but not blockquotes, so a small input like many>markers built an arbitrarily deep AST that overflowed the call stack — underpanic = "abort"a hard process abort, fatal for any server-side library embedder. Both repos'SECURITY.mdscope this (a crash on untrusted input) in as a vulnerability. Newtests/deep_nesting.rspins ~100k-deep input returning instead of crashing, with Tier-A preserved.Optionsconstructors (commonmark_only/gfm_only, which enablerender.unsafe) are hidden from the published surface and carry a prominent warning. Productionafm_defaultis unaffected (raw HTML stays escaped).u32::MAXbefore the core lexer would abort underpanic = "abort".Hardening
audit-comrakgate matches the vendored comrak version against RustSec advisories the path dep otherwise hides; Docker base images pinned by digest; composite-action deps pinned by SHA.Verification
just cigreen locally (19 steps: lint, build-and-test, spec ×2, coverage, audit ×3, upstream-diff, types-check, wasm, book, …).🤖 Generated with Claude Code