Security Review Finding — HIGH Priority
Source: Krillnotes Security Review v1.0.1 (April 2026)
Location: krillnotes-core/src/core/scripting/engine.rs
Description
Rhai scripts can call registered native functions (get_note, get_children, create_child, set_field, set_title, markdown, etc.). However, there is no explicit restriction on Rhai's built-in file I/O capabilities if enabled. The Engine::new() default may allow read_file/write_file depending on Rhai feature flags.
Impact
If Rhai's file I/O packages are enabled (even unintentionally), user-authored scripts could read/write arbitrary files on the host filesystem. This is a sandbox escape risk.
Recommendation
- Audit Rhai feature flags in
Cargo.toml — ensure no_std or disable file system packages
- Register only explicitly allowlisted functions
- Verify that
Engine::new() does not include file I/O packages by default with current feature flags
- Consider using
Engine::new_raw() + explicit package registration for defense in depth
Acceptance Criteria
Security Review Finding — HIGH Priority
Source: Krillnotes Security Review v1.0.1 (April 2026)
Location:
krillnotes-core/src/core/scripting/engine.rsDescription
Rhai scripts can call registered native functions (
get_note,get_children,create_child,set_field,set_title,markdown, etc.). However, there is no explicit restriction on Rhai's built-in file I/O capabilities if enabled. TheEngine::new()default may allowread_file/write_filedepending on Rhai feature flags.Impact
If Rhai's file I/O packages are enabled (even unintentionally), user-authored scripts could read/write arbitrary files on the host filesystem. This is a sandbox escape risk.
Recommendation
Cargo.toml— ensureno_stdor disable file system packagesEngine::new()does not include file I/O packages by default with current feature flagsEngine::new_raw()+ explicit package registration for defense in depthAcceptance Criteria
read_file/write_fileare not callable from scripts