upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-11 09:52:56 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
haproxy/doc/internals
History
Willy Tarreau 8badf5d2fa DOC: internals: add a threat model definition 
Add doc/internals/threat-model.txt describing what does and does not
qualify as a security vulnerability in HAProxy so that reporters and
developers have a common understanding of the threat model, and make it
clear that anything non-critical should be handled in the open and
not hidden behind embargoes.

The document lists assets to protect, what constitutes an attack, what
are the mitigations in place, and the severity ordering of various
risks. This may in the long term also help developers make better
choices of default settings and option names, and may also justify
changing default settings over time when modern operating systems
bring new possibilities.

A section also lists some invariants and defaults in an attempt to
limit the risk of reporting theoretical issues that are technically
impossible to happen in the field.

This is an initial version meant to be refined as cases arise. It
was incrementally designed and cross-checked with the help of three
independent LLMs (Qwen, Gemini and Claude) until each correctly
classified a set of sample reports against it. In the current state
they do not raise any residual ambiguities anymore.
2026-05-31 20:28:08 +02:00
..
api [RELEASE] Released version 3.4-dev10 2026-04-29 15:51:32 +02:00
acl.txt DOC: fix some spelling issues over multiple files 2021-01-08 14:53:47 +01:00
body-parsing.txt DOC: Fix typos in different subsections of the documentation 2018-11-18 22:23:15 +01:00
connect-status.txt [BUG] fixed connection establishment detection 2007-04-30 14:37:43 +02:00
connection-header.txt DOC: Fix typos in different subsections of the documentation 2018-11-18 22:23:15 +01:00
connection-scale.txt [DOC] imported lots of internal documentations 2007-01-07 13:03:59 +01:00
core-principles.txt DOC: internals: clarify ambiguous wording in core-principles 2026-05-31 16:38:03 +02:00
fd-migration.txt CLEANUP: assorted typo fixes in the code and comments 2021-08-16 12:37:59 +02:00
hashing.txt [RELEASE] Released version 2.4-dev19 2021-05-10 07:50:26 +02:00
list.fig [RELEASE] Released version 2.4-dev17 2021-04-23 19:11:10 +02:00
list.png CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion 2021-04-21 09:20:17 +02:00
listener-states.fig [RELEASE] Released version 2.3-dev6 2020-10-10 10:45:13 +02:00
listener-states.png MEDIUM: listeners: remove the now unused ZOMBIE state 2020-10-09 11:27:29 +02:00
lua_socket.fig [RELEASE] Released version 1.8-dev3 2017-10-22 10:13:45 +02:00
lua_socket.pdf MEDIUM: xref/lua: Use xref for referencing cosocket relation between stream and lua 2017-09-11 18:59:40 +02:00
muxes.fig DOC: internal: update the muxes doc to mention the stconn 2022-05-27 19:33:35 +02:00
muxes.pdf DOC: internal: update the muxes doc to mention the stconn 2022-05-27 19:33:35 +02:00
muxes.png DOC: internal: update the muxes doc to mention the stconn 2022-05-27 19:33:35 +02:00
muxes.svg DOC: internal: update the muxes doc to mention the stconn 2022-05-27 19:33:35 +02:00
mworker.md DOC: internals: addd mworker V3 internals 2026-02-04 16:39:44 +01:00
notes-layers.txt DOC: assorted typo fixes in the documentation 2020-03-09 14:45:58 +01:00
notes-poll-connect.txt DOC: internal: commit notes about polling states and flags on connect() 2022-11-17 16:49:00 +01:00
notes-pollhup.txt DOC: internal: commit notes about polling states and flags 2022-11-17 16:49:00 +01:00
notes-polling.txt CLEANUP: fix typos and spelling in comments and documentation 2026-03-30 09:24:19 +02:00
pattern.dia DOC: pattern: pattern organisation schematics 2014-03-20 14:10:49 +01:00
pattern.pdf DOC: pattern: pattern organisation schematics 2014-03-20 14:10:49 +01:00
polling-states.fig [RELEASE] Released version 2.3-dev7 2020-10-17 10:31:50 +02:00
sched.fig [RELEASE] Released version 2.4-dev10 2021-02-26 22:49:10 +01:00
sched.pdf DOC: scheduler: add a diagram showing the different queues and their usages 2021-02-26 17:49:37 +01:00
sched.png DOC: scheduler: add a diagram showing the different queues and their usages 2021-02-26 17:49:37 +01:00
sched.svg DOC: scheduler: add a diagram showing the different queues and their usages 2021-02-26 17:49:37 +01:00
shm-stats-file-description.txt DOC: internals: document the shm-stats-file format/mapping 2025-09-17 11:32:58 +02:00
ssl_cert.dia DOC: internals: update the SSL architecture schema 2021-05-17 10:50:24 +02:00
stats-v2.txt [DOC] imported lots of internal documentations 2007-01-07 13:03:59 +01:00
stconn-close.txt DOC: internal: add a bit of documentation for the stconn closing conditions 2023-05-23 16:18:19 +02:00
stream-sock-states.fig [RELEASE] Released version 2.0-dev6 2019-06-07 06:12:59 +02:00
thread-exec-ctx.txt DOC: internals: short explanation on how thread_exec_ctx works 2026-03-12 18:28:09 +01:00
threat-model.txt DOC: internals: add a threat model definition 2026-05-31 20:28:08 +02:00
watchdog.txt DOC: watchdog: update the doc to reflect the recent changes 2025-05-21 11:34:55 +02:00