Skip to content

Document security #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
osteele merged 4 commits into from
Nov 8, 2025
Merged

Document security #119

osteele merged 4 commits into from
Nov 8, 2025

Conversation

@osteele
Copy link
Owner

@osteele osteele commented Nov 8, 2025

Checklist

  • I have read the contribution guidelines.
  • make test passes.
  • make lint passes.
  • New and changed code is covered by tests.
  • Performance improvements include benchmarks.
  • Changes match the documented (not just the implemented) behavior of Shopify.

claude added 4 commits November 8, 2025 11:08
@claude
docs: add comprehensive security documentation (#35)
296e237 
Add detailed security policy documentation to address issue #35 about
end-user security guarantees and limitations.

Changes:
- Add SECURITY.md with comprehensive security documentation covering:
  - Built-in security guarantees (no disk/network access, sandboxed execution)
  - Known limitations (DoS vulnerabilities, no resource limits)
  - Data injection risks and XSS concerns
  - Third-party extension security considerations
  - Production deployment recommendations with code examples
  - Security best practices and audit status
- Update README.md to reference security documentation
  - Add Security section to table of contents
  - Add Security section with key highlights and link to SECURITY.md

The security documentation provides transparency about what protections
users can rely on and what additional safeguards they need to implement
when processing untrusted templates in production environments.

Fixes #35
@claude
docs: enhance security documentation with detailed Ruby comparison
b8465d3 
Expand the comparison section in SECURITY.md to provide comprehensive
analysis of security differences between the Go and Ruby implementations.

Enhancements:
- Add detailed comparison of production battle-testing
- Document Ruby's built-in resource limiting capabilities
  (render_score_limit, render_length_limit, assign_score_limit)
- Compare memory safety and type system characteristics
- Analyze community security review differences
- Add "Bottom Line: Which to Choose?" decision guide
- Provide specific recommendations for when to use each implementation
- Include must-implement safeguards for Go with untrusted templates

This gives users clear guidance on which implementation to choose based
on their security requirements and use case.

Related to #35
@claude
docs: update security documentation to reflect FRender capabilities
07cf265 
Update security documentation to reflect that FRender (merged in v1.4.0)
provides timeout and output size limiting capabilities for untrusted templates.

Changes to SECURITY.md:
- Add "Mitigation via FRender" section explaining available protections
- Replace goroutine-based timeout example with proper FRender+context approach
- Add comprehensive FRender examples for timeouts, size limits, and combined protection
- Update Ruby comparison to show Go now has timeout/size limiting via FRender
- Revise "Bottom Line: Which to Choose?" with more balanced comparison
- Update best practices to recommend FRender for untrusted templates
- Cross-reference docs/FRender.md for detailed examples

Changes to README.md:
- Update security section to mention FRender resource limiting
- Link to FRender documentation for implementation details
- Remove outdated claim of "no built-in" limits (now available via FRender)

Key improvements:
- FRender provides proper cancellation (stops rendering, not just detection)
- Output size limiting equivalent to Ruby's render_length_limit
- No resource leaks from continuing goroutines
- Composable writer pattern for flexible security controls

The Go implementation now has comparable timeout and output limiting to Ruby,
though Ruby still has advantages in automatic complexity scoring.

Related to #35
@claude
docs: add co-authorship attribution to security documentation
c6c5933 
Add Claude Code co-authorship to SECURITY.md version history.
@osteele osteele merged commit b0b3f90 into main Nov 8, 2025
8 checks passed
@osteele osteele deleted the claude/add-project-documentation-011CUv7P3YWoPCESsrQa6XDx branch November 8, 2025 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@osteele @claude