-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit JSON unmarshaller schemes for max allowed nested depth #3131
Labels
Milestone
Comments
AnnaShaleva
added
rpc
RPC server and client
enhancement
Improving existing functionality
labels
Sep 18, 2023
And port neo-project/neo#2951 if needed (we already have some of these constraints event in JSON). |
See also neo-project/neo@bfe6d13 and neo-project/neo#2912. It doesn't affect the core protocol (although we should check native Management's deploy/update), but some RPC service may be affected. |
AnnaShaleva
changed the title
Audit
Audit JSON unmarshaller schemes for max allowed nested depth
Nov 9, 2023
neorpc.SignerWithWitness
unmarshalling scheme
See also neo-project/neo-modules#827. |
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
Restrict the number of Rules, Contracts and Groups. A part of #3131. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the neo-project/neo-modules#827. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the notion of neo-project/neo-modules#827, but don't restrict request line size due to golang/go#15494. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the neo-project/neo-modules#827. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the notion of neo-project/neo-modules#827, but don't restrict request line size due to golang/go#15494. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the neo-project/neo-modules#827. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
added a commit
that referenced
this issue
Nov 23, 2023
A part of #3131, follow the notion of neo-project/neo-modules#827, but don't restrict request line size due to golang/go#15494. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pay special attention to
neorpc.SignerWithWitness
. Some constraints are not checked duringtransaction.Transaction
unmashalling (comparing with the binary transaction deserialisation).One of the known problem is related to neo-project/neo#2950: we don't have the problem with maximum depth, but we have a problem with unlimited number of Rules items in slice. Signers may also be checked, not sure whether they are restricted now.
The text was updated successfully, but these errors were encountered: