fix(bounds): .take(LIMIT) on config/report/analyzer reads (batch 2/2)

Self-scan UnboundedAllocation: 14 critical → 1. Batch 2 bounds the
remaining 11 files (batch 1 handled the 3 external-input sites):

  report/diff.rs           report/migration.rs     adjudicate/mod.rs
  attack/profile.rs        ambush/timeline.rs      kanren/rules.rs
  mass_panic/temporal.rs   mass_panic/imaging.rs   bridge/registry.rs
  attestation/evidence.rs  assail/analyzer.rs

analyzer.rs gains a module-level `read_bounded(path, limit)` helper
and two const limits (SOURCE_FILE_READ_LIMIT=64MiB for source scans,
MANIFEST_FILE_READ_LIMIT=4MiB for Cargo.toml / deno.json / mix.exs /
pkg.json / etc). 11 call sites routed through the helper.

Limits per class:
  source files:          64 MiB   (well beyond realistic source)
  HTTP response body:    256 MiB  (OSV batch response ceiling)
  report JSON:           64 MiB   (aggregated scan output)
  image / registry:      16–256 MiB
  snapshot / index:      64 MiB
  config / manifest:     4 MiB    (curated short docs)
  timeline spec:         4 MiB
  /proc/self/*:          64 KiB   (kernel-bounded to a few KiB anyway)

Remaining 1 UnboundedAllocation finding on src/assail/analyzer.rs is
a self-reference FP — the file's own variable names
(`has_unbounded_allocations`, `unbounded_vec_patterns`, etc) match
the detector's substring heuristic. Real fix: word-boundary or
AST-based matching, not substring. Logged under task #25 (drive
assail to zero-FN) alongside other detector-refinement items.

Self-scan total: 25 → 11 findings, Critical 16 → 2 (the remaining
2 Criticals are both test/example fixtures by design:
UnsafeDeserialization in tests/fixtures/example.py, and the
self-reference UnboundedAllocation above).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: hyperpolymath

src/adjudicate/mod.rs

@@ -8,9 +8,16 @@ use crate::kanren::core::{FactDB, LogicFact, LogicRule, RuleMetadata, Term};
 use crate::report;
 use anyhow::{anyhow, Context, Result};
 use serde::{Deserialize, Serialize};
-use std::fs;
+use std::fs::{self, File};
+use std::io::Read;
 use std::path::{Path, PathBuf};
 
+/// Upper bound on report reads during adjudication. Reports are JSON
+/// documents emitted by earlier panic-attack phases; 64 MiB is well
+/// beyond realistic sizes and prevents a tampered input from exhausting
+/// memory before even being parsed.
+const REPORT_FILE_READ_LIMIT: u64 = 64 * 1024 * 1024;
+
 #[derive(Debug, Clone)]
 pub struct AdjudicateConfig {
     pub reports: Vec<PathBuf>,
@@ -229,8 +236,15 @@ fn parse_input_report(path: &Path) -> Result<ParsedReport> {
         return Ok(ParsedReport::Assault(assault));
     }
 
-    let content =
-        fs::read_to_string(path).with_context(|| format!("reading report {}", path.display()))?;
+    let content = {
+        let mut buf = String::new();
+        File::open(path)
+            .with_context(|| format!("opening report {}", path.display()))?
+            .take(REPORT_FILE_READ_LIMIT)
+            .read_to_string(&mut buf)
+            .with_context(|| format!("reading report {}", path.display()))?;
+        buf
+    };
     if let Ok(amuck) = serde_json::from_str::<AmuckReport>(&content) {
         return Ok(ParsedReport::Amuck(amuck));
     }

src/ambush/timeline.rs

@@ -5,10 +5,15 @@
 use crate::types::{AttackAxis, IntensityLevel};
 use anyhow::{anyhow, Context, Result};
 use serde::Deserialize;
-use std::fs;
+use std::fs::File;
+use std::io::Read;
 use std::path::{Path, PathBuf};
 use std::time::Duration;
 
+/// Upper bound on timeline-spec reads. Timelines are short curated
+/// JSON/YAML; 4 MiB is far beyond realistic sizes.
+const TIMELINE_FILE_READ_LIMIT: u64 = 4 * 1024 * 1024;
+
 #[derive(Debug, Clone)]
 pub struct TimelinePlan {
     pub program: Option<PathBuf>,
@@ -54,8 +59,15 @@ pub fn load_timeline_with_default(
     path: &Path,
     default_intensity: Option<IntensityLevel>,
 ) -> Result<TimelinePlan> {
-    let content =
-        fs::read_to_string(path).with_context(|| format!("reading timeline {}", path.display()))?;
+    let content = {
+        let mut buf = String::new();
+        File::open(path)
+            .with_context(|| format!("opening timeline {}", path.display()))?
+            .take(TIMELINE_FILE_READ_LIMIT)
+            .read_to_string(&mut buf)
+            .with_context(|| format!("reading timeline {}", path.display()))?;
+        buf
+    };
     let spec: TimelineSpec = if path.extension().and_then(|s| s.to_str()) == Some("yaml")
         || path.extension().and_then(|s| s.to_str()) == Some("yml")
     {

src/assail/analyzer.rs

@@ -13,9 +13,34 @@ use regex::Regex;
 use std::cell::RefCell;
 use std::collections::{HashMap, HashSet};
 use std::fs;
+use std::io::Read;
 use std::path::{Path, PathBuf};
 use std::sync::OnceLock;
 
+/// Upper bound on source-file reads during per-file scanning. Source
+/// files are almost always well under 16 MiB; capping at 64 MiB bounds
+/// a pathological/malicious input without losing realistic content.
+const SOURCE_FILE_READ_LIMIT: u64 = 64 * 1024 * 1024;
+
+/// Upper bound on manifest / config file reads (Cargo.toml, pyproject.toml,
+/// flake.nix, deno.json, mix.exs, rebar.config, etc). Manifests are short
+/// curated documents; 4 MiB is far beyond realistic sizes.
+const MANIFEST_FILE_READ_LIMIT: u64 = 4 * 1024 * 1024;
+
+/// Bounded replacement for `fs::read_to_string(path).ok()` — returns
+/// `Some(content)` on success (up to `limit` bytes), `None` on I/O error
+/// or if the file is absent. Used by the analyzer to cap every file read
+/// against an explicit byte ceiling rather than trusting the filesystem.
+fn read_bounded(path: &Path, limit: u64) -> Option<String> {
+    let mut buf = String::new();
+    fs::File::open(path)
+        .ok()?
+        .take(limit)
+        .read_to_string(&mut buf)
+        .ok()?;
+    Some(buf)
+}
+
 // Thread-local accumulators for migration analysis.
 // These collect deprecated/modern API counts across all files during a single
 // analyze() run, then get consumed by build_migration_metrics().
@@ -78,7 +103,7 @@ pub fn build_migration_metrics(target: &Path) -> MigrationMetrics {
             None
         }
     };
-    let config_content = config_path.and_then(|p| fs::read_to_string(p).ok());
+    let config_content = config_path.and_then(|p| read_bounded(&p, MANIFEST_FILE_READ_LIMIT));
 
     let version_bracket = Analyzer::detect_rescript_version(
         config_format,
@@ -4498,7 +4523,7 @@ impl Analyzer {
 
         // ── Cargo.toml: git deps without explicit rev= ────────────────────
         let cargo_toml_path = project_root.join("Cargo.toml");
-        if let Ok(content) = fs::read_to_string(&cargo_toml_path) {
+        if let Some(content) = read_bounded(&cargo_toml_path, MANIFEST_FILE_READ_LIMIT) {
             let git_dep_count =
                 content.matches("git = \"").count() + content.matches("git=\"").count();
             let rev_count = content.matches("rev = \"").count() + content.matches("rev=\"").count();
@@ -4541,7 +4566,7 @@ impl Analyzer {
 
         // ── Julia Manifest.toml: missing git-tree-sha1 hash entries ──────────
         let manifest_toml_path = project_root.join("Manifest.toml");
-        if let Ok(content) = fs::read_to_string(&manifest_toml_path) {
+        if let Some(content) = read_bounded(&manifest_toml_path, MANIFEST_FILE_READ_LIMIT) {
             // A valid v2 Manifest.toml has `git-tree-sha1` for each pinned dep.
             // If [[deps.*]] sections are present but no git-tree-sha1 appears,
             // the manifest is not providing cryptographic pinning.
@@ -4566,7 +4591,7 @@ impl Analyzer {
 
         // ── deno.json: unpinned import map entries ────────────────────────────
         let deno_json_path = project_root.join("deno.json");
-        if let Ok(content) = fs::read_to_string(&deno_json_path) {
+        if let Some(content) = read_bounded(&deno_json_path, MANIFEST_FILE_READ_LIMIT) {
             // Count import values in the "imports" section that lack a version pin.
             // Pinned deno.land specifiers contain '@' (e.g. std@0.177.0).
             // Pinned npm specifiers contain '@' after 'npm:' (e.g. npm:express@4).
@@ -4623,7 +4648,7 @@ impl Analyzer {
 
         // ── Rust: Cargo.toml with [dev-dependencies] / [[bin]] but no mutation tool ──
         let cargo_toml_path = project_root.join("Cargo.toml");
-        if let Ok(content) = fs::read_to_string(&cargo_toml_path) {
+        if let Some(content) = read_bounded(&cargo_toml_path, MANIFEST_FILE_READ_LIMIT) {
             // Only check projects that have a test infrastructure (dev-deps present
             // or test directories present).
             let has_test_infrastructure =
@@ -4689,7 +4714,7 @@ impl Analyzer {
 
         // Cargo.toml (Rust)
         let cargo_toml = target_dir.join("Cargo.toml");
-        if let Ok(content) = fs::read_to_string(&cargo_toml) {
+        if let Some(content) = read_bounded(&cargo_toml, MANIFEST_FILE_READ_LIMIT) {
             if content.contains("tokio") {
                 frameworks.insert(Framework::Networking);
             }
@@ -4719,7 +4744,7 @@ impl Analyzer {
 
         // mix.exs (Elixir)
         let mix_exs = target_dir.join("mix.exs");
-        if let Ok(content) = fs::read_to_string(&mix_exs) {
+        if let Some(content) = read_bounded(&mix_exs, MANIFEST_FILE_READ_LIMIT) {
             if content.contains(":phoenix") {
                 frameworks.insert(Framework::Phoenix);
                 frameworks.insert(Framework::WebServer);
@@ -4742,7 +4767,7 @@ impl Analyzer {
 
         // rebar.config (Erlang)
         let rebar_config = target_dir.join("rebar.config");
-        if let Ok(content) = fs::read_to_string(&rebar_config) {
+        if let Some(content) = read_bounded(&rebar_config, MANIFEST_FILE_READ_LIMIT) {
             if content.contains("cowboy") {
                 frameworks.insert(Framework::Cowboy);
                 frameworks.insert(Framework::WebServer);
@@ -4751,15 +4776,15 @@ impl Analyzer {
 
         // gleam.toml (Gleam)
         let gleam_toml = target_dir.join("gleam.toml");
-        if let Ok(content) = fs::read_to_string(&gleam_toml) {
+        if let Some(content) = read_bounded(&gleam_toml, MANIFEST_FILE_READ_LIMIT) {
             if content.contains("wisp") || content.contains("mist") {
                 frameworks.insert(Framework::WebServer);
             }
         }
 
         // package.json (JS/TS/ReScript)
         let pkg_json = target_dir.join("package.json");
-        if let Ok(content) = fs::read_to_string(&pkg_json) {
+        if let Some(content) = read_bounded(&pkg_json, MANIFEST_FILE_READ_LIMIT) {
             if content.contains("\"express\"")
                 || content.contains("\"fastify\"")
                 || content.contains("\"koa\"")
@@ -4783,7 +4808,7 @@ impl Analyzer {
         // requirements.txt / pyproject.toml (Python)
         for manifest in &["requirements.txt", "pyproject.toml", "setup.py"] {
             let path = target_dir.join(manifest);
-            if let Ok(content) = fs::read_to_string(&path) {
+            if let Some(content) = read_bounded(&path, MANIFEST_FILE_READ_LIMIT) {
                 if content.contains("flask")
                     || content.contains("django")
                     || content.contains("fastapi")
@@ -4812,9 +4837,9 @@ impl Analyzer {
         // string literals in tests and analyzer patterns.
         for file in files {
             let file_lang = Language::detect(file.to_str().unwrap_or(""));
-            let content = match fs::read_to_string(file) {
-                Ok(c) => c,
-                Err(_) => continue,
+            let content = match read_bounded(file, SOURCE_FILE_READ_LIMIT) {
+                Some(c) => c,
+                None => continue,
             };
 
             match file_lang {

src/attack/profile.rs

@@ -8,9 +8,15 @@ use serde::Deserialize;
 use serde_json;
 use serde_yaml;
 use std::collections::HashMap;
-use std::fs;
+use std::fs::File;
+use std::io::Read;
 use std::path::Path;
 
+/// Upper bound on attack-profile config reads. Profiles are short curated
+/// JSON/YAML documents; 4 MiB is far beyond realistic sizes and bounds
+/// a tampered or malformed input.
+const PROFILE_FILE_READ_LIMIT: u64 = 4 * 1024 * 1024;
+
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct AttackProfile {
     #[serde(default)]
@@ -23,8 +29,15 @@ pub struct AttackProfile {
 
 impl AttackProfile {
     pub fn load(path: &Path) -> Result<Self> {
-        let content = fs::read_to_string(path)
-            .with_context(|| format!("reading attack profile {}", path.display()))?;
+        let content = {
+            let mut buf = String::new();
+            File::open(path)
+                .with_context(|| format!("opening attack profile {}", path.display()))?
+                .take(PROFILE_FILE_READ_LIMIT)
+                .read_to_string(&mut buf)
+                .with_context(|| format!("reading attack profile {}", path.display()))?;
+            buf
+        };
         // Extension-based dispatch is explicit to avoid ambiguous parsing behavior.
         match path.extension().and_then(|ext| ext.to_str()) {
             Some("json") => serde_json::from_str(&content)

src/attestation/evidence.rs

@@ -18,6 +18,12 @@ use sha2::{Digest, Sha256};
 use std::collections::HashSet;
 use std::time::Instant;
 
+/// Upper bound on /proc/self/{stat,status} reads. Kernel-bounded in
+/// practice to a few KiB; 64 KiB silently truncates any pathological
+/// kernel entry without breaking the best-effort metric.
+#[cfg(target_os = "linux")]
+const PROC_FILE_READ_LIMIT: u64 = 64 * 1024;
+
 /// Checkpoint interval — one checkpoint per this many files.
 const CHECKPOINT_INTERVAL: usize = 100;
 
@@ -195,7 +201,13 @@ impl EvidenceAccumulator {
 fn get_cpu_time_ms() -> Option<u64> {
     #[cfg(target_os = "linux")]
     {
-        let stat = std::fs::read_to_string("/proc/self/stat").ok()?;
+        use std::io::Read;
+        let mut stat = String::new();
+        std::fs::File::open("/proc/self/stat")
+            .ok()?
+            .take(PROC_FILE_READ_LIMIT)
+            .read_to_string(&mut stat)
+            .ok()?;
         let fields: Vec<&str> = stat.split_whitespace().collect();
         // Fields 13 (utime) and 14 (stime) are in clock ticks
         if fields.len() > 14 {
@@ -216,7 +228,13 @@ fn get_cpu_time_ms() -> Option<u64> {
 fn get_peak_rss() -> Option<u64> {
     #[cfg(target_os = "linux")]
     {
-        let status = std::fs::read_to_string("/proc/self/status").ok()?;
+        use std::io::Read;
+        let mut status = String::new();
+        std::fs::File::open("/proc/self/status")
+            .ok()?
+            .take(PROC_FILE_READ_LIMIT)
+            .read_to_string(&mut status)
+            .ok()?;
         for line in status.lines() {
             if line.starts_with("VmHWM:") {
                 let kb_str = line

src/bridge/registry.rs

@@ -9,10 +9,17 @@
 //! See docs/patch-bridge-design.md Section 8 for full lifecycle specification.
 
 use super::{AssessedCve, Classification};
-use anyhow::Result;
+use anyhow::{Context, Result};
 use serde::{Deserialize, Serialize};
+use std::fs::File;
+use std::io::Read;
 use std::path::{Path, PathBuf};
 
+/// Upper bound on mitigation-registry reads. Registries track active
+/// CVEs with lifecycle metadata; 16 MiB handles tens of thousands of
+/// entries and bounds tampered inputs wholesale.
+const REGISTRY_FILE_READ_LIMIT: u64 = 16 * 1024 * 1024;
+
 /// A registered mitigation for an active CVE.
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct MitigationEntry {
@@ -74,7 +81,15 @@ impl MitigationRegistry {
     pub fn load(project_dir: &Path) -> Result<Self> {
         let path = registry_path(project_dir);
         if path.exists() {
-            let content = std::fs::read_to_string(&path)?;
+            let content = {
+                let mut buf = String::new();
+                File::open(&path)
+                    .with_context(|| format!("opening registry {}", path.display()))?
+                    .take(REGISTRY_FILE_READ_LIMIT)
+                    .read_to_string(&mut buf)
+                    .with_context(|| format!("reading registry {}", path.display()))?;
+                buf
+            };
             Ok(serde_json::from_str(&content)?)
         } else {
             Ok(Self::new())

src/kanren/rules.rs

@@ -6,9 +6,15 @@ use crate::kanren::core::{LogicEngine, LogicFact, LogicRule, RuleMetadata, Term}
 use anyhow::{Context, Result};
 use serde::Deserialize;
 use serde_json;
-use std::fs;
+use std::fs::File;
+use std::io::Read;
 use std::path::Path;
 
+/// Upper bound on rule-catalog reads. The miniKanren catalog is a
+/// curated JSON document; 4 MiB is far beyond any realistic catalog
+/// and bounds tampered or malformed input.
+const RULE_CATALOG_READ_LIMIT: u64 = 4 * 1024 * 1024;
+
 #[derive(Debug, Deserialize)]
 pub struct RuleSpec {
     pub name: String,
@@ -91,7 +97,15 @@ impl RuleCatalog {
     }
 
     pub fn from_file(path: &Path) -> Result<Self> {
-        let data = fs::read_to_string(path).context("reading rule catalog")?;
+        let data = {
+            let mut buf = String::new();
+            File::open(path)
+                .context("opening rule catalog")?
+                .take(RULE_CATALOG_READ_LIMIT)
+                .read_to_string(&mut buf)
+                .context("reading rule catalog")?;
+            buf
+        };
         let specs: Vec<RuleSpec> = serde_json::from_str(&data).context("parsing rule catalog")?;
         Ok(Self {
             rules: specs.into_iter().map(|spec| spec.to_logic_rule()).collect(),