blob-decoder 0.1.1

Identify and decode opaque forensic blobs of unknown type — scored, cited candidates, recursively unwrapping nested wrappers (base64 → gzip → binary-plist).
Documentation
# Security Policy

## Threat model

`blob-decoder` parses **attacker-controllable bytes** at a single entry point
(`identify`), which fans out to every decoder. The invariants are:

- `#![forbid(unsafe_code)]` — no unsafe anywhere.
- Panic-free on any input: `clippy::unwrap_used` and `expect_used` are denied in
  library code, and a `cargo-fuzz` target asserts the no-panic invariant.
- Bounded memory: every decompression (`flate2`, `snap`) is size-capped and the
  recursive unwrap is depth-capped, so a decompression bomb or an infinitely-
  nested wrapper is bounded, never fatal. The caps are configurable via `Limits`.
- Fail-graceful: a failed or coincidental decode degrades to a lower-confidence
  or absent reading; it never produces a confident-but-wrong verdict.

## Reporting a vulnerability

Please report suspected vulnerabilities privately via a GitHub security advisory
on [github.com/SecurityRonin/blob-decoder](https://github.com/SecurityRonin/blob-decoder/security/advisories),
or by email to security@securityronin.com. We aim to acknowledge within a few
business days.