fix(tool_def): bound aggregate JSON flag coercion#1598
Merged
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
bashkit | 12b0e69 | Commit Preview URL | May 08 2026, 09:08 AM |
chaliy
force-pushed
the
2026-05-08-propose-fix-for-json-flag-coercion-vulnerability
branch
from
b56e4b2 to
12b0e69
Compare
chaliy
deleted the
2026-05-08-propose-fix-for-json-flag-coercion-vulnerability
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
serde_json::from_strand could expand a small input token into a very largeserde_json::Valuetree, bypassing Bashkit memory accounting and allowing an availability attack.Description
MAX_AGGREGATE_FLAG_JSON_BYTES = 64 * 1024to cap eager aggregate JSON coercion incrates/bashkit/src/tool_def.rs.parse_aggregate_json_value(raw: &str) -> Option<serde_json::Value>which returnsNonewhen the raw byte length exceeds the cap and otherwise attemptsserde_json::from_str.coerce_value,consume_array_value, and object-consumption paths so oversized JSON falls back to the existing raw-string behavior instead of being eagerly materialized.test_parse_flags_large_json_array_stays_stringasserting oversized JSON arrays are preserved as strings (so downstream serde/schema validation still produces type errors without unbounded allocation).Testing
cargo test --lib tool_def, and thetool_deftest suite passed (tests covering array/object coercion and the new regression test all succeeded).Codex Task