Skip to content

Audit remediation: codec subprocess timeout + LICENSE#2

Open
audriB wants to merge 3 commits into
mainfrom
audit/ndi-compress-python-2026-06
Open

Audit remediation: codec subprocess timeout + LICENSE#2
audriB wants to merge 3 commits into
mainfrom
audit/ndi-compress-python-2026-06

Conversation

@audriB

@audriB audriB commented Jun 12, 2026

Copy link
Copy Markdown

Addresses the NDI ecosystem audit findings for NDI-compress-python (§6.2-7, §6.2-8). For review — please do not merge without sign-off.

Changes

  • Subprocess timeout (§6.2-7): every codec C-executable call goes through _call_c_exec, which now runs with a timeout (default 300 s) so a hung/looping codec process can't block indefinitely. Override via the NDI_COMPRESS_TIMEOUT env var (invalid value → default + warning); subprocess.TimeoutExpired is surfaced as a clear RuntimeError. Documented in the README.
  • LICENSE (§6.2-8): added CC BY-NC-SA 4.0, matching the NDI-compress-matlabp counterpart.

Deferred (flagged, not done here)

  • Codec provenance + checksum manifest + cross-language round-trip test (§6.2-7): the codec is opaque (MATLAB P-code vs committed C binaries, built at different times). Verifying byte-identity needs the codec source and a paired MATLAB run — out of reach in this environment. See docs/Audit_Remediation_Results_2026-06-12.md.

….2-8)

6.2-7 (timeout): _call_c_exec ran the C codec via subprocess.run with no
timeout, so a hung or looping codec process would block indefinitely. Add a
generous default timeout (_C_EXEC_TIMEOUT = 300s, overridable via
NDI_COMPRESS_TIMEOUT) and turn TimeoutExpired into a clear RuntimeError.

6.2-8 (LICENSE): add LICENSE (CC BY-NC-SA 4.0) matching the NDI-compress-matlabp
counterpart.

FLAGGED (not done): the deeper 6.2-7 concern — codec provenance (P-code vs
committed C binaries built at different times; can't rule out format drift) —
needs the codec source vendored + built in CI or a pinned versioned build +
checksum manifest, plus a cross-language round-trip fixture. That requires the
build provenance and a paired MATLAB run; see docs/Audit_Remediation_Results.

Authored without the codec C toolchain; the timeout path is covered by the
existing error handling. needs the codec binaries to run end-to-end.
Adversarial review found that a non-numeric NDI_COMPRESS_TIMEOUT crashed import
(float() at module scope raised ValueError before any code ran). Parse it in a
helper that falls back to the 300s default with a RuntimeWarning on a bad value,
and document the env var in the README (it was added in code but not user-facing
docs).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants