Skip to content

SECURITY_OWNERSHIP.md

Latest commit

 

History

History
22 lines (17 loc) · 758 Bytes

SECURITY_OWNERSHIP.md

File metadata and controls

22 lines (17 loc) · 758 Bytes

Security Ownership

Updated: 2026-02-27

Sensitive Hotspots

  • src/papyrus/core/renderer.py (network_boundary)
  • src/papyrus/core/html_cleaner.py (input_boundary)
  • src/papyrus/core/parser.py (input_boundary)

Current Risk

  • Bus factor is 1 for untrusted-input processing and renderer execution paths.

Mitigations Applied

  • Added explicit hotspot ownership in .github/CODEOWNERS.
  • Existing parser/renderer tests retained as required baseline:
    • tests/test_renderer.py
    • tests/test_parser.py

Required to Fully Close Risk

  1. Add at least one additional human maintainer for each sensitive path.
  2. Enforce code-owner review requirement in branch protection.
  3. Add recurring pair-review for parser and renderer changes.