tmpltool 1.5.0

A fast and simple command-line template rendering tool using MiniJinja templates with environment variables
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169

# Security Policy

## Supported Versions

We release security updates for the following versions:

| Version | Supported          |
| ------- | ------------------ |
| 1.2.x   | :white_check_mark: |
| 1.1.x   | :white_check_mark: |
| 1.0.x   | :x:                |
| < 1.0   | :x:                |

## Reporting a Vulnerability

**Please do not report security vulnerabilities through public GitHub issues.**

If you discover a security vulnerability in tmpltool, please report it by emailing the maintainers. You can find the contact information in the repository.

### What to Include

Please include the following information in your report:

- **Description** of the vulnerability
- **Steps to reproduce** the issue
- **Potential impact** of the vulnerability
- **Suggested fix** (if you have one)
- **Your contact information** for follow-up

### Response Timeline

- **Initial Response:** We aim to respond to security reports within 48 hours
- **Confirmation:** We will confirm the vulnerability within 5 business days
- **Fix Timeline:** We will work on a fix and aim to release a patch within 14 days for critical vulnerabilities
- **Disclosure:** We will coordinate with you on the disclosure timeline

## Security Best Practices for tmpltool

When using tmpltool, please follow these security best practices:

### 1. Trust Mode (`--trust`)

**⚠️ WARNING:** Only use `--trust` mode with templates you completely trust.

```bash
# ✗ DANGEROUS - Don't use --trust with untrusted templates
tmpltool --trust untrusted_template.tmpltool

# ✓ SAFE - Use without --trust for untrusted templates
tmpltool untrusted_template.tmpltool
```

**Why?** Trust mode disables security restrictions:
- Can read any file on the system (e.g., `/etc/passwd`, SSH keys)
- Can access parent directories (`../`)
- Can read sensitive configuration files

**Only use `--trust` when:**
- You wrote the template yourself
- You've reviewed and audited the template
- You trust the template source completely
- You need to access system files intentionally

### 2. Template Security

**Avoid processing untrusted templates without review:**

```bash
# ✗ DANGEROUS - Don't process templates from untrusted sources
curl https://untrusted-site.com/template.tmpltool | tmpltool

# ✓ SAFE - Review templates before using them
curl https://trusted-site.com/template.tmpltool -o template.tmpltool
# Review the template
cat template.tmpltool
# Then use it
tmpltool template.tmpltool
```

**What to check in templates:**
- File system access attempts
- Unexpected environment variable usage
- Suspicious patterns or obfuscation

### 3. Environment Variables

**Be careful with sensitive environment variables:**

```bash
# ✗ DANGEROUS - Don't expose secrets in environment
export DATABASE_PASSWORD="secret123"
tmpltool template.tmpltool  # Template could leak this

# ✓ BETTER - Use secure secret management
# Load secrets only when needed and clear them after use
```

**Best practices:**
- Don't put secrets in environment variables if possible
- Use dedicated secret management tools
- Clear sensitive env vars after use
- Review templates for `filter_env(pattern="*")` which could expose all env vars

### 4. Filesystem Access

**Default security (without `--trust`):**
- ✓ Only relative paths allowed
- ✓ No access to parent directories (`..`)
- ✓ No absolute paths (`/etc/passwd`)
- ✓ Restricted to current working directory

**With `--trust` mode:**
- ⚠️ Full filesystem access
- ⚠️ Can read any file the user can access
- ⚠️ No restrictions

### 5. Docker Security

When using Docker:

```bash
# ✓ SAFE - Mount only necessary directories
docker run --rm -v $(pwd):/workspace -w /workspace tmpltool template.tmpltool

# ✗ DANGEROUS - Don't mount entire filesystem
docker run --rm -v /:/host tmpltool template.tmpltool
```

## Known Security Considerations

### 1. Template Injection

tmpltool uses the Tera template engine. While Tera is designed to be safe, be aware that:
- Templates have access to environment variables via `get_env()`
- Templates can read files via filesystem functions
- Trust mode disables all security restrictions

### 2. Filesystem Access

Filesystem functions enforce security by default:
- `read_file()` - Restricted to relative paths
- `file_exists()` - Restricted to relative paths
- `list_dir()` - Restricted to relative paths
- `glob()` - Restricted to current directory

Use `--trust` only when necessary and with caution.

### 3. Environment Variable Exposure

Functions like `filter_env(pattern="*")` can expose all environment variables. Review templates carefully to ensure they don't leak sensitive information.

## Security Updates

Security updates will be:
1. Developed privately
2. Tested thoroughly
3. Released as patch versions (e.g., 1.2.1)
4. Announced in release notes with `[SECURITY]` tag
5. Added to this SECURITY.md file

## Security Hall of Fame

We'd like to thank the following people for responsibly disclosing security issues:

<!-- Names will be added here as vulnerabilities are reported and fixed -->

---

**Remember:** Security is everyone's responsibility. If you see something, say something!