panic-attack estate sweep — Track C tracking issue
panic-attack assail flagged the findings below in this repo on 2026-05-26. They are aggregated here for human triage rather than as individual PRs because each requires judgement (supply-chain pin choice, schema-design call, mutation-test gap, etc.).
PA001/PA007 UnsafeCode/UnsafeFFI findings are NOT in this list. Findings already suppressed in audits/assail-classifications.a2ml are also excluded.
Estate tracker: hyperpolymath/panic-attack#32.
CommandInjection (2 findings)
file:line list
Critical tests/aspect/cross_cutting_test.sh:? eval usage in tests/aspect/cross_cutting_test.sh
### `SupplyChain` (1 findings)
file:line list
### `UnboundedAllocation` (10 findings)
file:line list
Critical src/januskey/src/lib.rs:? Potential unbounded allocation pattern detected in src/januskey/src/lib.rs
Critical src/januskey/src/transaction.rs:? Potential unbounded allocation pattern detected in src/januskey/src/transaction.rs
Critical src/januskey/src/obliteration.rs:? Potential unbounded allocation pattern detected in src/januskey/src/obliteration.rs
Critical src/januskey/src/keys.rs:? Potential unbounded allocation pattern detected in src/januskey/src/keys.rs
Critical crates/januskey-cli/src/lib.rs:? Potential unbounded allocation pattern detected in crates/januskey-cli/src/lib.rs
Critical crates/januskey-cli/src/obliteration.rs:? Potential unbounded allocation pattern detected in crates/januskey-cli/src/obliteration.rs
Critical crates/januskey-cli/src/keys.rs:? Potential unbounded allocation pattern detected in crates/januskey-cli/src/keys.rs
Critical crates/reversible-core/src/content_store.rs:? Potential unbounded allocation pattern detected in crates/reversible-core/src/content_store.rs
Critical crates/reversible-core/src/transaction.rs:? Potential unbounded allocation pattern detected in crates/reversible-core/src/transaction.rs
🤖 Discovered during the panic-attack estate sweep (2026-05-26). See hyperpolymath/panic-attack#32 for campaign tracker.
panic-attack estate sweep — Track C tracking issue
panic-attack assailflagged the findings below in this repo on 2026-05-26. They are aggregated here for human triage rather than as individual PRs because each requires judgement (supply-chain pin choice, schema-design call, mutation-test gap, etc.).PA001/PA007 UnsafeCode/UnsafeFFI findings are NOT in this list. Findings already suppressed in
audits/assail-classifications.a2mlare also excluded.Estate tracker: hyperpolymath/panic-attack#32.
CommandInjection(2 findings)file:line list
file:line list
file:line list
🤖 Discovered during the panic-attack estate sweep (2026-05-26). See hyperpolymath/panic-attack#32 for campaign tracker.