Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add dagcbor::validate() function. #159

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

raulk
Copy link
Member

@raulk raulk commented Nov 4, 2022

This utility function validates that a supplied input is syntatically valid DAG-CBOR, while attempting to deserialize as little as possible.

  • It has to deserialize numbers to validate they're minimally encoded.
  • It validates that map keys are strings, and map values are valid DAG-CBOR.
  • It validates that list elements are valid DAG-CBOR.
  • It does not validate UTF-8 encoding of strings.

Closes #158.

We may want to remove the recursion here to improve security against untrusted inputs.

This utility function validates that a supplied input is syntatically
valid DAG-CBOR, while attempting to deserialize as little as possible.
@vmx
Copy link
Member

vmx commented Nov 10, 2022

I haven't really looked at the code yet, just a general note: for FVM we don't use the DAG-CBOR implementation from this library, but we use https://github.com/ipld/serde_ipld_dagcbor. So if validation functionality would be added, it should be added there instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

dag-cbor: add ability to validate input without fully deserializing
2 participants