unknownproto

package
v0.47.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2023 License: Apache-2.0 Imports: 13 Imported by: 104

Documentation

Overview

unknownproto implements functionality to "type check" protobuf serialized byte sequences against an expected proto.Message to report:

a) Unknown fields in the stream -- this is indicative of mismatched services, perhaps a malicious actor

b) Mismatched wire types for a field -- this is indicative of mismatched services

Its API signature is similar to proto.Unmarshal([]byte, proto.Message) in the strict case

if err := RejectUnknownFieldsStrict(protoBlob, protoMessage, false); err != nil {
        // Handle the error.
}

and ideally should be added before invoking proto.Unmarshal, if you'd like to enforce the features mentioned above.

By default, for security we report every single field that's unknown, whether a non-critical field or not. To customize this behavior, please set the boolean parameter allowUnknownNonCriticals to true to RejectUnknownFields:

if err := RejectUnknownFields(protoBlob, protoMessage, true); err != nil {
        // Handle the error.
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RejectUnknownFields

func RejectUnknownFields(bz []byte, msg proto.Message, allowUnknownNonCriticals bool, resolver jsonpb.AnyResolver) (hasUnknownNonCriticals bool, err error)

RejectUnknownFields rejects any bytes bz with an error that has unknown fields for the provided proto.Message type with an option to allow non-critical fields (specified as those fields with bit 11) to pass through. In either case, the hasUnknownNonCriticals will be set to true if non-critical fields were encountered during traversal. This flag can be used to treat a message with non-critical field different in different security contexts (such as transaction signing). This function traverses inside of messages nested via google.protobuf.Any. It does not do any deserialization of the proto.Message. An AnyResolver must be provided for traversing inside google.protobuf.Any's.

func RejectUnknownFieldsStrict

func RejectUnknownFieldsStrict(bz []byte, msg proto.Message, resolver jsonpb.AnyResolver) error

RejectUnknownFieldsStrict rejects any bytes bz with an error that has unknown fields for the provided proto.Message type. This function traverses inside of messages nested via google.protobuf.Any. It does not do any deserialization of the proto.Message. An AnyResolver must be provided for traversing inside google.protobuf.Any's.

Types

type DefaultAnyResolver

type DefaultAnyResolver struct{}

DefaultAnyResolver is a default implementation of AnyResolver which uses the default encoding of type URLs as specified by the protobuf specification.

func (DefaultAnyResolver) Resolve

func (d DefaultAnyResolver) Resolve(typeURL string) (proto.Message, error)

Resolve is the AnyResolver.Resolve method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL