ascfix 0.3.0 - Docs.rs

# Security Policy

## Reporting Security Vulnerabilities

If you discover a security vulnerability in ascfix, please **do not** open a public issue. Instead, please email the maintainers privately with details of the vulnerability.

When reporting, please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)

We take security seriously and will work with you to address any issues promptly.

---

## Security Audit Status

### Current Status
✅ **No known vulnerabilities**

- Last audit: 2026-02-06
- Tool: `cargo audit`
- Result: Clean

### Continuous Monitoring
- **Weekly security audits** via GitHub Actions (see `.github/workflows/audit.yml`)
- **Automated dependency updates** via Dependabot
- All dependencies monitored for CVEs

---

## Code Safety Guarantees

### Unsafe Code
**Forbidden** - ascfix contains **zero unsafe code**

```toml
[lints.rust]
unsafe_code = "forbid"
```

All unsafe code is explicitly forbidden at compile-time. This ensures memory safety throughout the codebase.

### Panic Safety
No panics on untrusted input. All inputs are validated:

**Input Boundaries:**
- File paths: Validated before opening
- File content: No unwrap/expect on untrusted data
- CLI arguments: Parsed by `clap`, validated
- Diagram blocks: Safe iteration with bounds checking

**Error Handling:**
- `Result<T>` used throughout
- Graceful degradation for ambiguous structures
- Conservative approach: only fixes well-understood patterns

---

## Input Validation

### File Operations
```rust
// Safe file reading with proper error handling
let content = fs::read_to_string(&path)?;  // Returns Result
```

- Path validation prevents directory traversal
- File permissions respected
- Read-only operations (no write without explicit --in-place flag)

### Content Processing
```rust
// Safe diagram processing
- Grid bounds checked before access
- Iterator-based loops prevent out-of-bounds
- No index-based access to untrusted data
```

**Process:**
1. Content parsed line-by-line (safe iteration)
2. Diagram blocks extracted with bounds validation
3. Grid created with explicit dimensions
4. All cell access checked: `grid.get(row, col)` returns `Option`

### Markdown Parsing
- Ignores code fences (no processing of code blocks)
- Preserves unknown structures (conservative approach)
- No injection vulnerabilities (text-only processing)

---

## Dependencies

### Minimal, Audited Dependencies

```toml
[dependencies]
clap = "4.5"      # CLI parsing (widely used, well-maintained)
anyhow = "1.0"    # Error handling (minimal, focused)
```

**Dev Dependencies:**
```toml
[dev-dependencies]
tempfile = "3.8"  # Test file creation
insta = "1.36"    # Snapshot testing
```

All dependencies are:
- ✅ Actively maintained
- ✅ Audited for security
- ✅ Minimal scope (no bloat)
- ✅ Monitored via `cargo audit`

### Dependency Updates
- Automatic PRs via Dependabot (weekly)
- Security updates applied immediately
- All updates tested before merge

---

## Data Security

### No Sensitive Data Handling
ascfix does **not**:
- Store user data
- Send data to remote servers
- Create logs or telemetry
- Store temporary files (uses ephemeral temp directories)
- Process secrets or credentials

### File Operations
- Files are modified in-place (with `--in-place` flag)
- Original file permissions preserved
- No backup files created (user's responsibility)
- No data cached beyond operation lifetime

---

## Testing & Verification

### Test Coverage
- **258 automated tests** covering:
  - Unit tests (122 tests)
  - Integration tests (129 tests)
  - Golden file tests (6 tests)
  - Roundtrip tests (1 test)

### Security Testing
- ✅ No panics on random input
- ✅ Malformed diagrams handled gracefully
- ✅ Path traversal attempts rejected
- ✅ Large files processed safely
- ✅ All linting passes (Clippy pedantic)

### Reproducible Builds
```bash
cargo build --release
```

Produces deterministic binary suitable for verification.

---

## Best Practices for Users

### Safe Usage
```bash
# Always check output before in-place modification
ascfix file.md                           # Preview changes (stdout)

# Then apply if safe
ascfix file.md --in-place --mode=diagram

# Use check mode in CI/CD
ascfix file.md --check --mode=diagram
```

### In CI/CD
```yaml
# Example GitHub Actions
- name: Validate diagrams
  run: ascfix docs/*.md --check --mode=diagram
```

Exit codes:
- `0` - No changes needed
- `1` - Changes needed (in check mode) or error occurred

---

## Security Considerations

### Conservative Philosophy
ascfix follows a **conservative, defensive approach**:

1. **Unknown patterns are preserved** - If structure is ambiguous, diagram is left unchanged
2. **No inference** - We don't guess intent; we only fix obvious issues
3. **Text-only processing** - No executable content
4. **Idempotent** - Running twice produces identical output (predictable, safe)

### What ascfix WILL NOT do
- ❌ Add content not in original
- ❌ Delete content
- ❌ Reword diagrams
- ❌ Infer business logic
- ❌ Process code blocks
- ❌ Execute any code
- ❌ Write to system locations

---

## Changelog & Updates

See [CHANGELOG.md](CHANGELOG.md) for security-related updates and vulnerability fixes across versions.

---

## Questions?

For security questions or concerns, please contact the maintainers privately rather than opening public issues.

See [CONTRIBUTING.md](CONTRIBUTING.md) for more information about the project.