Security

This document covers security considerations, best practices, and policies for the OPNsense Config Faker project.

Security Policy

IMPORTANT: This is a one-person operation. Please be patient and understanding with response times.

Please provide as much detail as possible:

Description: Clear explanation of the vulnerability
Impact: What could an attacker do with this vulnerability?
Steps to Reproduce: Detailed steps to demonstrate the issue
Environment: OS, Rust version, dependencies, etc.
Proof of Concept: Code or commands that demonstrate the issue (if safe to share)
Suggested Fix: If you have ideas for how to fix it
Timeline: When you discovered the issue
Disclosure Preferences: Your preferences for credit/acknowledgment

Initial Response: Within 48-72 hours (Monday–Friday, 09:00–17:00 EST/EDT)
Status Updates: Weekly until resolution (Monday–Friday, 09:00–17:00 EST/EDT)
Fix Timeline: Depends on severity and complexity
Coordinated Disclosure: Disclosure will be coordinated with the reporter and only after an agreed embargo or once a fix is available and tested

Generates test data only: All output is fake, non-functional configuration data
No network access: Tool operates entirely offline
No data collection: No telemetry, logging, or data transmission
No in-place mutations: Reads input files and writes outputs to new files; never overwrites existing configurations
Deterministic output: Same inputs produce same outputs (when seeded)

File system access: Reads input files and writes new output files (no in-place edits or overwrites)
XML parsing: Processes XML files which could contain malicious content
Memory usage: Large configurations may consume significant memory
Temporary files: May create temporary files during processing

Cannot access networks: No internet connectivity or network scanning
Cannot execute code: No code execution capabilities
Cannot access system resources: No access to system files outside specified paths
Cannot persist data: No database or persistent storage

Validate Input Files: Only use trusted XML files as base configurations
Review Output: Inspect generated configurations before using in test environments
Use Sandboxed Environments: Run the tool in isolated test environments
Monitor Resource Usage: Large configurations may require significant memory
Keep Updated: Use the latest stable release for security fixes

Dependency Management: Regularly update dependencies for security patches
Input Validation: All user inputs are validated and sanitized
Error Handling: Comprehensive error handling prevents information disclosure
Memory Safety: Rust’s memory safety prevents common vulnerabilities
No Unsafe Code: The codebase forbids unsafe in CI (e.g., #![forbid(unsafe_code)] and lint checks)
Fuzzing & Property Tests: Fuzz parsers and generators (e.g., cargo-fuzz) and add property-based tests (e.g., proptest) for robustness