You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
go deserialization didn't have any configured guardrails for untrusted paylaods which leads to high memory pressure while allocation and Out of memory attacks.
What does this PR do?
Added two configurable guardrails MaxCollectionSize and MaxBinarySize, and implement size guardrails across the fory codegen.
Configuration: Added MaxCollectionSize and MaxBinarySize to Config struct with corresponding options WithMaxCollectionSize and WithMaxBinarySize.
Added ReadCollectionLength and ReadBinaryLength to ByteBuffer and ReadContext.
These methods enforce configured limits and return specialized errors: ErrKindMaxCollectionSizeExceeded and ErrKindMaxBinarySizeExceeded.
Updated the Go code generator (codegen/decoder.go) to use these guarded length methods in generated serializers.
Removed the generic ReadLength method to ensure all length-reading paths in the codebase are subject to guardrails.
Substantial AI assistance was used in this PR: yes
If yes, I included a completed AI Contribution Checklist in this PR description and the required AI Usage Disclosure.
If yes, I included the standardized AI Usage Disclosure block below.
If yes, I can explain and defend all important changes without AI help.
If yes, I reviewed AI-assisted code changes line by line before submission.
If yes, I ran adequate human verification and recorded evidence (checks run locally or in CI, pass/fail summary, and confirmation I reviewed results).
If yes, I added/updated tests and specs where required.
If yes, I validated protocol/performance impacts with evidence when applicable.
If yes, I verified licensing and provenance compliance.
AI Usage Disclosure
I used AI to find and replace the multiple iterations of `ReadLength` by the specific `ReadCollectionSize` / `ReadBinarySize` across the go runtime.
Also I used it to fix some errors during running tests.
I can still explain all of my work, as everything is tested by me.
Does this PR introduce any user-facing change?
Does this PR introduce any public API change?
Does this PR introduce any binary protocol compatibility change?
hi @chaokunyang
I want to clear myself, that config calls was just my confusion, because i thought they needed to be set during deserialization, I didn't noticed that it was immutable with NewFory and we didn't needed to set it again. I have fixed it.
Hii @chaokunyang
I had sent you a draft for a review a week ago following our slack conversation, could you let me know the status of review pls. you can check your slack and mail.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ayush00git
changed the title
Why?
go deserialization didn't have any configured guardrails for untrusted paylaods which leads to high memory pressure while allocation and Out of memory attacks.
What does this PR do?
Added two configurable guardrails
MaxCollectionSizeandMaxBinarySize, and implement size guardrails across the fory codegen.MaxCollectionSizeandMaxBinarySizetoConfigstruct with corresponding optionsWithMaxCollectionSizeandWithMaxBinarySize.ReadCollectionLengthandReadBinaryLengthtoByteBufferandReadContext.ErrKindMaxCollectionSizeExceededandErrKindMaxBinarySizeExceeded.codegen/decoder.go) to use these guarded length methods in generated serializers.ReadLengthmethod to ensure all length-reading paths in the codebase are subject to guardrails.Related issues
Closes #3419
AI Contribution Checklist
Substantial AI assistance was used in this PR:
yesIf
yes, I included a completed AI Contribution Checklist in this PR description and the requiredAI Usage Disclosure.If
yes, I included the standardizedAI Usage Disclosureblock below.If
yes, I can explain and defend all important changes without AI help.If
yes, I reviewed AI-assisted code changes line by line before submission.If
yes, I ran adequate human verification and recorded evidence (checks run locally or in CI, pass/fail summary, and confirmation I reviewed results).If
yes, I added/updated tests and specs where required.If
yes, I validated protocol/performance impacts with evidence when applicable.If
yes, I verified licensing and provenance compliance.Does this PR introduce any user-facing change?
Benchmark