libipld icon indicating copy to clipboard operation
libipld copied to clipboard
verified publisher icon ipld

add dagcbor::validate() function.

Open raulk opened this issue 3 years ago • 1 comments

This utility function validates that a supplied input is syntatically valid DAG-CBOR, while attempting to deserialize as little as possible.

  • It has to deserialize numbers to validate they're minimally encoded.
  • It validates that map keys are strings, and map values are valid DAG-CBOR.
  • It validates that list elements are valid DAG-CBOR.
  • It does not validate UTF-8 encoding of strings.

Closes https://github.com/ipld/libipld/issues/158.

We may want to remove the recursion here to improve security against untrusted inputs.

raulk avatar Nov 04 '22 20:11 raulk

I haven't really looked at the code yet, just a general note: for FVM we don't use the DAG-CBOR implementation from this library, but we use https://github.com/ipld/serde_ipld_dagcbor. So if validation functionality would be added, it should be added there instead.

vmx avatar Nov 10 '22 10:11 vmx