Documentation ¶
Overview ¶
unknownproto implements functionality to "type check" protobuf serialized byte sequences against an expected proto.Message to report:
a) Unknown fields in the stream -- this is indicative of mismatched services, perhaps a malicious actor
b) Mismatched wire types for a field -- this is indicative of mismatched services
Its API signature is similar to proto.UnmarshalObject([]byte, proto.Message) in the strict case
if err := RejectUnknownFieldsStrict(protoBlob, protoMessage, false); err != nil { // Handle the error. }
and ideally should be added before invoking proto.UnmarshalObject, if you'd like to enforce the features mentioned above.
By default, for security we report every single field that's unknown, whether a non-critical field or not. To customize this behavior, please set the boolean parameter allowUnknownNonCriticals to true to RejectUnknownFields:
if err := RejectUnknownFields(protoBlob, protoMessage, true); err != nil { // Handle the error. }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RejectUnknownFields ¶
func RejectUnknownFields(bz []byte, msg proto.Message, allowUnknownNonCriticals bool) (hasUnknownNonCriticals bool, err error)
RejectUnknownFields rejects any bytes bz with an error that has unknown fields for the provided proto.Message type with an option to allow non-critical fields (specified as those fields with bit 11) to pass through. In either case, the hasUnknownNonCriticals will be set to true if non-critical fields were encountered during traversal. This flag can be used to treat a message with non-critical field different in different security contexts (such as transaction signing). This function traverses inside of messages nested via google.protobuf.Any. It does not do any deserialization of the proto.Message.
func RejectUnknownFieldsStrict ¶
RejectUnknownFieldsStrict rejects any bytes bz with an error that has unknown fields for the provided proto.Message type. This function traverses inside of messages nested via google.protobuf.Any. It does not do any deserialization of the proto.Message.
Types ¶
This section is empty.