gps-denied-onboard/_docs/05_security/dependency_scan.md

Phase 1 — Dependency Scan

Scan date: 2026-05-19 Tool: pip-audit 2.10.0 (PyPI advisory DB + OSV.dev) Method: pip-audit --strict --requirement <filtered freeze> against the project's .venv (Python 3.10.8). The editable gps-denied-onboard==0.1.0 root distribution was excluded from the audited set — pip-audit cannot audit non-PyPI editable installs. Manifest: pyproject.toml (sole manifest — no requirements*.txt, no Cargo.toml, no package.json, no *.csproj, no go.mod). Audited: 94 third-party distributions (production + dev + inference + telemetry extras as installed in .venv). Excluded: the project itself (gps-denied-onboard==0.1.0); TensorRT (installed out-of-band on Jetson per pyproject.toml line 123, not a pip dep, audited via on-device SBOM at deploy time).

Findings

12 advisories across 5 packages. 0 are Critical; 0 are High in this project's threat model (per the per-finding impact analysis in § Project-Specific Triage). The single Medium is cryptography CVE-2026-39892 (only triggered by non-contiguous Python buffers — see triage).

#	Severity (this project)	Package	Installed	CVE / Advisory	Fix Version	Title
F1	Medium	cryptography	45.0.7	CVE-2026-39892 (GHSA-p423-j2cm-9vmq)	46.0.7	Hash.update() buffer overflow on non-contiguous Python buffers (Python >3.11)
F2	Low	cryptography	45.0.7	CVE-2026-26007 (GHSA-r6ph-v2qm-q3c2)	46.0.5	ECDH/ECDSA public-key not validated against small-order subgroup (SECT curves only)
F3	Low	cryptography	45.0.7	CVE-2026-34073 (GHSA-m959-cc7f-wv43)	46.0.6	DNS-name constraint validation gap between SAN and peer-name (Web PKI bypass; requires uncommon X.509 topology)
F4	Low	starlette	0.48.0	CVE-2025-62727 (GHSA-7f5h-v6xp-fcq8)	0.49.1	FileResponse._parse_range_header ReDoS via crafted Range header (O(n²) merge)
F5	Low	idna	3.14	CVE-2026-45409 (GHSA-65pc-fj4g-8rjx)	3.15	idna.encode() DoS via overlong inputs (re-fix of CVE-2024-3651)
F6	Low	paramiko	3.5.1	CVE-2026-44405 (GHSA-r374-rxx8-8654)	(no fix released)	rsakey.py allows SHA-1 algorithm
F7	Low	pillow	11.3.0	CVE-2026-25990 (GHSA-cfh3-3jmp-rvhc)	12.1.1	PSD image out-of-bounds write
F8	Low	pillow	11.3.0	CVE-2026-40192 (GHSA-whj4-6x5x-4v2j)	12.2.0	FITS decompression bomb (unbounded memory)
F9	Low	pillow	11.3.0	CVE-2026-42308 (GHSA-wjx4-4jcj-g98j)	12.2.0	Font glyph advance integer overflow
F10	Low	pillow	11.3.0	CVE-2026-42309 (GHSA-5xmw-vc9v-4wf2)	12.2.0	Nested-list coordinate heap buffer overflow in ImagePath.Path / ImageDraw.polygon
F11	Low	pillow	11.3.0	CVE-2026-42310 (GHSA-r73j-pqj5-w3x7)	12.2.0	PDF parser infinite loop on cyclic Prev pointers (100% CPU hang)
F12	Low	pillow	11.3.0	CVE-2026-42311 (GHSA-pwv6-vv43-88gr)	12.2.0	PSD memory corruption via integer overflow in tile-extent bounds check (regression of CVE-2026-25990 fix in 12.1.1)

Project-Specific Triage

The "Severity (this project)" column above reflects the actual exposure in this codebase, not the advisory's generic CVSS score. The same advisory can be High in a public-facing web app and Low here when the affected code path is unreachable.

F1 — cryptography CVE-2026-39892 (Medium)

Buffer overflow when a non-contiguous Python buffer is passed to Hash.update() on Python > 3.11. The project's requires-python = ">=3.10,<3.12" (pyproject.toml line 10) currently caps Python at 3.11.x — Python 3.12 is intentionally excluded. Today's deployment is therefore not exposed. The finding is kept at Medium (rather than Low) because:

• Upstream cryptography and gtsam will eventually drop the Python-3.11 cap (gtsam-4.2 ABI bind to numpy 1.x is what holds us back — see _docs/_process_leftovers/2026-05-11_d_cross_cve_1_opencv_pin_deferred.md); when that happens, this CVE re-exposes unless cryptography is also bumped.
• C10 ManifestBuilder (AZ-323) and C11 signing-key (AZ-318) build Ed25519 hash inputs via cryptography.hazmat.primitives.hashes. The current code path uses standard bytes, but a future refactor that touches memoryview or sliced inputs could regress.

Action: pin cryptography>=46.0.7 once the Python ≥ 3.12 cap is lifted (couple it to the Python-cap bump). Document the constraint in _docs/_process_leftovers/ so it doesn't get lost.

F2 — cryptography CVE-2026-26007 (Low)

SECT (Koblitz) curves only. Project's signing path is Ed25519 (cryptography.hazmat.primitives.asymmetric.ed25519, AZ-318 / AZ-323); SECT curves are never instantiated. Not exposed.

F3 — cryptography CVE-2026-34073 (Low)

DNS name-constraint validation gap during X.509 path validation. Project does NOT perform custom X.509 validation — TLS validation is handled by the standard httpx / requests paths against the operating system / certifi trust store. The Suite Satellite Service contract (D-PROJ-2) is HTTPS to a single mTLS-pinned host; no name-constraint extensions are in play. Not exposed.

F4 — starlette CVE-2025-62727 (Low)

ReDoS in FileResponse._parse_range_header. Project surface:

• e2e/fixtures/mock-suite-sat/ is a FastAPI/starlette app (test fixture, lives inside its own Docker image — never deployed to production).
• The mock's runtime container is on the e2e-net Docker network with internal: true (no external reachability per RESTRICT-SAT-1 / NFT-SEC-02).
• The mock does not serve FileResponse or StaticFiles — it's a JSON-only POST/GET stub. The _parse_range_header code path is unreachable from the mock's routes.

Not exposed in production (FastAPI/starlette never ship in the airborne binary; they're test-only dev extras per pyproject.toml lines 95-118). Test isolation prevents exposure even in CI. Recommended action: bump fastapi test-time pin upward when the next compatible release lands; no production action required.

F5 — idna CVE-2026-45409 (Low)

idna.encode() DoS via overlong inputs. Project imports idna transitively via requests / httpx. The only outbound HTTP/HTTPS path in production is C11 TileUploader → satellite-provider (single trusted host, hostname fixed at compile time) and C12 FlightsApiClient → operator GCS (single trusted host). No remote-controlled hostnames are encoded — IDN resource exhaustion requires attacker-controlled domain strings. Not exposed.

F6 — paramiko CVE-2026-44405 (Low)

SHA-1 still allowed for RSA host-key signatures. Project surface: C12 CompanionBringup (AZ-327, pyproject.toml line 92) uses paramiko to SSH the operator's companion before flight for artifact verification. Host keys are pinned per-operator (no AutoAddPolicy in production — MissingHostKeyPolicy=RejectPolicy). SHA-1 RSA host keys could still be accepted, but:

• The threat is MitM between operator workstation and companion on a network the operator already controls.
• All operator companions are pinned by host-key fingerprint at provisioning time (D-C12-7).

Not actively exploitable in the deployed model. Watch for an upstream fix; bump when one lands.

F7-F12 — pillow 6× CVEs (Low, test-only)

All pillow CVEs touch image formats (PSD, FITS, PDF) and APIs (ImagePath.Path, ImageDraw.polygon) that the SUT does NOT use. Project surface:

• pyproject.toml declares Pillow as a test-only dev dep (lines 109-117): "the production builder runs inside its own Docker image (which installs Pillow itself); this Pillow pin is only the test-time dep used by e2e/_unit_tests/fixtures/test_tile_cache_builder.py."
• The production SUT image (docker/Dockerfile) does NOT install Pillow as a runtime dep; OpenCV (opencv-python) is the sole image-decoder pathway.
• The test-time consumer only handles paired _gmaps.png reference images and stub tiles emitted by the project itself — no untrusted PSD/FITS/PDF inputs.

Not exposed in production. Not exposed in CI (test inputs are local-data-only fixtures, license-checked, committed to repo). Recommended action: bump Pillow to >=12.2.0 when next test-infra session touches the pin — purely hygienic.

D-CROSS-CVE-1 / CVE-2025-53644 — Cross-Reference Re-Validation

Cycle-1 leftover _docs/_process_leftovers/2026-05-11_d_cross_cve_1_opencv_pin_deferred.md asks the security review team to re-validate CVE-2025-53644 against the currently-pinned opencv-python==4.11.0.86.

Outcome of this scan: opencv-python==4.11.0.86 is listed in the pip-audit output with "vulns": [] — neither PyPI's advisory feed nor OSV.dev has a published advisory tying CVE-2025-53644 to that pin band. The 4.x-line supported branch (per the leftover document) appears to have absorbed the relevant patch in 4.11.0.86. NFT-SEC-04 (which feeds cve-jpeg-fixture to every OpenCV imread/imdecode path under AddressSanitizer) is the executable evidence that confirms this in the test suite.

Recommendation: the D-CROSS-CVE-1 leftover entry can remain OPEN because the upstream constraint (gtsam → numpy<2) is unchanged, but the CVE-2025-53644 exposure window has effectively closed at the current pin. Update the leftover entry's "CVE exposure window" section to reflect this scan's finding (pip-audit clean against the current pin; NFT-SEC-04 ASan run validates runtime). The pin-replay condition (gtsam numpy-2 wheels) remains the same.

Out-of-Band Dependencies (Not Audited Here)

Dep	Why excluded	How audited
tensorrt	Installed via JetPack 6.2 on Jetson Orin Nano Super — not a PyPI distribution	NVIDIA security bulletins + JetPack release notes; tracked in ci_cd_pipeline.md § Security as a manual on-deploy SBOM check
TRT EP engines (*.engine)	Build artifacts, not deps	Engine signing + filename schema validation (helpers/engine_filename_schema.md, sha256_sidecar.md)
gtsam==4.2 (C++ side)	The PyPI wheel embeds a C++ build of GTSAM; CVEs against the C++ library itself are not in PyPI's advisory feed	Monthly osv-scanner against the GTSAM commit pinned in cmake/dependencies.cmake per _docs/02_document/deployment/ci_cd_pipeline.md § Security
Docker base images	docker/Dockerfile base + ardupilot/ardupilot-sitl:plane-stable + inavflight/inav-sitl:9.0.0 + ardupilot/mavproxy:latest	Trivy on all CI-built images per ci_cd_pipeline.md § Security

Self-Verification

• All package manifests scanned — pyproject.toml is the only one
• Each finding has a CVE ID + advisory alias (GHSA / BIT)
• Upgrade paths identified for every finding (or marked "no fix released" for F6)
• D-CROSS-CVE-1 leftover re-validated against the cycle-1 relaxed pin

Recommendations

Immediate (Critical/High)

None — no Critical or High findings in this project's threat model.

Short-term (Medium)

• F1: when the Python-3.12 cap lifts (gtsam numpy-2 unblock), pin cryptography>=46.0.7 as a coupled bump. Add a one-line note in _docs/_process_leftovers/2026-05-11_d_cross_cve_1_opencv_pin_deferred.md so the constraint is replayed in the same session that lifts the opencv pin.

Long-term (Low / Hardening)

• Bump pillow dev-extra pin to >=12.2.0 (purely hygienic; not exposed).
• Bump starlette (via fastapi dev-extra pin) to a version ≥ 0.49.1 (purely hygienic; not exposed).
• Bump idna indirectly via requests / httpx next release.
• Watch upstream paramiko for a CVE-2026-44405 fix; bump when published.
• Update D-CROSS-CVE-1 leftover entry to record that CVE-2025-53644 is no longer flagged against the current 4.11.0.86 pin (per this scan).