Malware sample policy
Last verified: 2026-05-02
Fission analyzes binaries, but this repository must not distribute real-world malware as part of normal development or CI corpora.
Allowed samples
- Synthetic or built-from-source fixtures under
benchmark/binary/ with documented build scripts.
- Benign licensed test objects (OS samples, demo apps) with explicit license headers where required.
- Hashes and metadata first: SHA256, format, size, and minimal textual reproducer before sharing bytes.
- Redistributable corpora referenced by URL/hash without checking in malicious payload bytes.
Disallowed
- Live offensive malware, stealer droppers, or unlicensed warez binaries committed to git.
- Passwordless archives of known-malicious payloads in issues/PRs (see
SECURITY.md).
- Drive-by uploads of sensitive binaries without maintainer acknowledgement—use coordinated channels described in
SECURITY.md.
Issues and pull requests
- Prefer descriptions plus hashes; attach benign fixtures only when necessary.
- External links or password-protected archives are acceptable after the maintainer agrees on the transfer path—not as unsolicited attachments.
CI, benchmarks, and automation corpus
Checked-in CI targets stay benign or synthetic. Parity cases that mimic packing/obfuscation patterns must use constructed or licensed inputs—not campaign malware redistribution.
Benchmark manifests should point to verified benign targets. If you need parity with malicious packer behavior, prefer hand-built synthetics that exhibit the packing pattern without distributing the original campaign binary.
Escalation
If you believe a checked-in artifact is malicious or non-redistributable, report via the coordinated channel in SECURITY.md.