diff --git a/.github/ISSUE_TEMPLATE/blank_issue.md b/.github/ISSUE_TEMPLATE/blank_issue.md deleted file mode 100644 index 57febe7d5..000000000 --- a/.github/ISSUE_TEMPLATE/blank_issue.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -name: Blank Issue -about: Create a blank issue. -title: '' ---- diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..9fa3fad94 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,41 @@ +--- +name: Bug report +about: Create a report to help us improve +title: "Add a placeholder for issue title. ex: [BUG]" +labels: bug +assignees: "" +--- + +**Is it a security vulnerability?** +If it results in a crash or hang, please refer to [a quick checklist](../../doc/security_need_to_know.md#is-this-bug-considered-a-security-vulnerability) to determine if it is a security vulnerability. If you are still unsure, please report it through [a security advisor](https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories) and allow the maintainer to make a decision. Thank you. + +**Describe the bug** +A clear and concise description of what the bug is. + +**Version** +Information like tags, release version, commits. + +**To Reproduce** +Steps to reproduce the behavior: + +1. Compile iwasm with flags like '...' +2. (Optional) Compile wamrc with flags like '....' +3. (Optional) Run wamrc with CLI options like '...' to generate .aot +4. Run iwasm with CLI options like '...' +5. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Actual Result** +What you've got. + +**Desktop (please complete the following information):** + +- Arch [e.g. x86_64, arm64, 32bit] +- Board [e.g. STM32F407] +- OS [e.g. Linux, Windows, macOS, FreeRTOS] +- Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..0086358db --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..f20f45ede --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: 'Add a placeholder for issue title. ex: [RFC]' +labels: help wanted +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/improvement.md b/.github/ISSUE_TEMPLATE/improvement.md deleted file mode 100644 index ffdf0906f..000000000 --- a/.github/ISSUE_TEMPLATE/improvement.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Improvement -about: A feature request or code improvement. -title: '' -labels: '' -assignees: '' ---- - -Thanks for filing a feature request! Please fill out the TODOs below. - -#### Feature - -TODO: Brief description of the feature/improvement you'd like to see in WAMR - -#### Benefit - -TODO: What is the value of adding this in WAMR? What problems does it solve? - -#### Implementation - -TODO: Do you have an implementation plan, and/or ideas for data structures or -algorithms to use? - -#### Alternatives - -TODO: What are the alternative implementation approaches or alternative ways to -solve the problem that this feature would solve? How do these alternatives -compare to this proposal? diff --git a/.github/ISSUE_TEMPLATE/report_bug.md b/.github/ISSUE_TEMPLATE/report_bug.md deleted file mode 100644 index d3058c9ca..000000000 --- a/.github/ISSUE_TEMPLATE/report_bug.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -name: WAMR bug or defect report -about: Report a bug or defect in WAMR -title: '' ---- - -Thanks for filing a bug or defect report! Please fill out the TODOs below. - -### Subject of the issue - -Describe the bug or defect here. - -### Test case - -Upload the related wasm file, wast file or the source files if you can. - -### Your environment - -* Host OS -* WAMR version, platform, cpu architecture, running mode, etc. - -### Steps to reproduce - -Tell us how to reproduce this bug or defect. - -### Expected behavior - -Tell us what should happen - -### Actual behavior - -Tell us what happens instead - -### Extra Info - -Anything else you'd like to add? diff --git a/.github/workflows/compilation_on_zephyr.yml b/.github/workflows/compilation_on_zephyr.yml index 7342804ac..06ff334f1 100644 --- a/.github/workflows/compilation_on_zephyr.yml +++ b/.github/workflows/compilation_on_zephyr.yml @@ -11,6 +11,7 @@ on: - synchronize paths: - ".github/**" + - "!.github/ISSUE_TEMPLATE/**" - "build-scripts/**" - "core/**" - "!core/deps/**" @@ -27,6 +28,7 @@ on: - "dev/**" paths: - ".github/**" + - "!.github/ISSUE_TEMPLATE/**" - "build-scripts/**" - "core/**" - "!core/deps/**" diff --git a/doc/security_need_to_know.md b/doc/security_need_to_know.md index f9163c6b3..0b1908b6a 100644 --- a/doc/security_need_to_know.md +++ b/doc/security_need_to_know.md @@ -29,9 +29,9 @@ Only bugs that affect [tier A platforms or features](./tired_support.md) should Actions that differ from Wasm rules (like calculating wrong values) are not seen as security issues as long as they stay within the sandbox. -As embedded code, trusts inputs from the guest. By default, APIs and CLIs are following the principle of **caller guarantee**. If the caller provides incorrect parameters, it is not a security issue. For example, if a user passes an invalid file descriptor to `fd_read`, it is not a security issue. +By default, APIs and CLIs are following the principle of **caller guarantee**. If the caller provides incorrect parameters or users input malformed options, it is not a security issue. For example, if a user passes an invalid file descriptor to `fd_read`, it is not a security issue. -While .aot files are trusted, .wasm files are not. Any unexpected behavior caused by a .wasm file is not a security issue. For example, if a .wasm file causes a runtime crash or hang, it is a security issue. However, if the same .wasm file causes a crash or hang when converted to an .aot file, it is not a security issue. +.wasm are not trusted. Malformed .wasm files should be handled gracefully. If a .wasm file causes a runtime crash or hang, it is a security issue. On the other hand, it's expected that aot runtime alone doesn't provide the same guarantee. So user-crafted aot modules can cause anything, including crashes or hangs. They are not considered security issues. A denial-of-service (DoS) attack is a cyberattack that aims to make a computer or network resource unavailable to its users. If the service (runtime in this case) can recover and start another module or run another function within the same instance, it is not considered unavailable, and thus not a Denial of Service (DoS).