saneyaml 0.3.0

Pure-Rust YAML parser, emitter, and Serde compatibility layer for developer configuration files.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# Security Policy

## Supported Versions

Security triage applies to the current repository `main` line only. There are
no public backport or support branches yet.

## Reporting a Vulnerability

Use GitHub private vulnerability reporting for `jskoiz/saneyaml` when it is
available. Otherwise, contact the maintainer privately on GitHub before filing
a public issue. Public issues should not include exploit payloads, private
configuration files, credentials, minimized denial-of-service payloads, or
unreduced crash inputs that could be directly reused against another project.

For non-sensitive parser bugs, compatibility divergences, and documentation
issues, use the public issue templates.

## Resource-Limit Posture

The default loader posture is bounded for untrusted YAML inputs:

- `LoadOptions` applies a default 64 MiB input byte ceiling.
- Callers can tune `max_input_bytes()` or explicitly opt out with
  `without_input_limit()` only after bounding the source themselves.
- Alias expansion uses an input-derived budget by default and can be tuned with
  `max_alias_expansion_nodes()`.
- Recursive aliases are rejected.
- Default nesting, scalar-size, and collection-item limits protect parser,
  loader, Serde, and lossless entrypoints from unbounded structural work:
  128 constructed nesting levels, 1 MiB resolved scalars, and 16,384 entries per
  sequence or mapping.

Reader-backed entrypoints still fully buffer the bounded input before parsing.
The limits are parser and construction safety controls; they are not a
wall-clock, resident-memory, or sandbox guarantee.

## Fuzzing and Regression Coverage

The repository carries 11 configured fuzz targets, non-mutating corpus replay
through `scripts/fuzz-smoke-nonmutating.sh`, and a manual release sweep through
`scripts/fuzz-release-sweep.sh`. Corpus release floors and named safety seeds
are also gated by the property-test suite. Local hygiene sweeps record, on a
clean checkout, 1000 requested runs per target across all
configured targets with zero crash artifacts observed.

Security-relevant fixes should include the narrowest reproducible test,
fixture, corpus seed, or divergence record that proves the issue stays fixed
without disclosing sensitive payloads.