Switch ActiveSupport::MessageVerifier's default serialization to JSON
#42843
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Looks like there's some additional places that we weren't aware of that make use of |
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
from
c9557a9 to
0973b90
Compare
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
5 times, most recently
from
1079a43 to
16c9a89
Compare
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
5 times, most recently
from
eee4686 to
684fa1b
Compare
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
from
684fa1b to
4c66b02
Compare
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
2 times, most recently
from
7b5cb20 to
4c0df8a
Compare
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
4 times, most recently
from
345f789 to
c7dc723
Compare
sabulikia
force-pushed
the
message-verifier-default-serializer
branch
from
c7dc723 to
5256c90
Compare
|
I've changed this PR to target Rails 7.1, rebased, fixed the merge conflicts, have a passing CI, and updated the docs. |
|
Great, thank you. This looks good to me so I'll merge it! |
tenderlove
added a commit
that referenced
this pull request
Mar 1, 2022
…e-verifier-default-serializer"" This reverts commit fd4e63c.
sampatbadhe
added a commit
to sampatbadhe/rails
that referenced
this pull request
Oct 27, 2022
- Rails.application.config.active_support.default_message_encryptor_serializer introduced in rails#42846 - Rails.application.config.active_support.default_message_verifier_serializer introduced in rails#42843
jonathanhefner
added a commit
to jonathanhefner/rails
that referenced
this pull request
Apr 17, 2023
In rails#42843 and rails#42846, several config settings were added to control the default serializer for `MessageEncryptor` and `MessageVerifier`, and to provide a migration path from a default `Marshal` serializer to a default `JSON` serializer: * `config.active_support.default_message_encryptor_serializer` * Supports `:marshal`, `:hybrid`, or `:json`. * `config.active_support.default_message_verifier_serializer` * Supports `:marshal`, `:hybrid`, or `:json`. * `config.active_support.fallback_to_marshal_deserialization` * Affects `:hybrid` for both `MessageEncryptor` and `MessageVerifier`. * `config.active_support.use_marshal_serialization` * Affects `:hybrid` for both `MessageEncryptor` and `MessageVerifier`. This commit unifies those config settings into a single setting, `config.active_support.message_serializer`, which supports `:marshal`, `:json_allow_marshal`, and `:json` values. So, for example, ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = true config.active_support.use_marshal_serialization = false ``` becomes ```ruby config.active_support.message_serializer = :json_allow_marshal ``` and ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = false config.active_support.use_marshal_serialization = false ``` becomes ```ruby config.active_support.message_serializer = :json ``` This commit also replaces `ActiveSupport::JsonWithMarshalFallback` with `ActiveSupport::Messages::SerializerWithFallback`, which implements a generic mechanism for serializer fallback. The `:marshal` serializer uses this mechanism too, so ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = false config.active_support.use_marshal_serialization = true ``` becomes ```ruby config.active_support.message_serializer = :marshal ``` Additionally, the logging behavior of `JsonWithMarshalFallback` has been replaced with notifications which include the names of the intended and actual serializers, as well as the serialized and deserialized message data. This provides a more targeted means of tracking serializer fallback events. It also allows the user to "silence" such events, if desired, without an additional config setting. All of these changes make it easier to add migration paths for new serializers such as `ActiveSupport::MessagePack`.
jonathanhefner
added a commit
to jonathanhefner/rails
that referenced
this pull request
May 8, 2023
In rails#42843 and rails#42846, several config settings were added to control the default serializer for `MessageEncryptor` and `MessageVerifier`, and to provide a migration path from a default `Marshal` serializer to a default `JSON` serializer: * `config.active_support.default_message_encryptor_serializer` * Supports `:marshal`, `:hybrid`, or `:json`. * `config.active_support.default_message_verifier_serializer` * Supports `:marshal`, `:hybrid`, or `:json`. * `config.active_support.fallback_to_marshal_deserialization` * Affects `:hybrid` for both `MessageEncryptor` and `MessageVerifier`. * `config.active_support.use_marshal_serialization` * Affects `:hybrid` for both `MessageEncryptor` and `MessageVerifier`. This commit unifies those config settings into a single setting, `config.active_support.message_serializer`, which supports `:marshal`, `:json_allow_marshal`, and `:json` values. So, for example, ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = true config.active_support.use_marshal_serialization = false ``` becomes ```ruby config.active_support.message_serializer = :json_allow_marshal ``` and ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = false config.active_support.use_marshal_serialization = false ``` becomes ```ruby config.active_support.message_serializer = :json ``` This commit also replaces `ActiveSupport::JsonWithMarshalFallback` with `ActiveSupport::Messages::SerializerWithFallback`, which implements a generic mechanism for serializer fallback. The `:marshal` serializer uses this mechanism too, so ```ruby config.active_support.default_message_encryptor_serializer = :hybrid config.active_support.default_message_verifier_serializer = :hybrid config.active_support.fallback_to_marshal_deserialization = false config.active_support.use_marshal_serialization = true ``` becomes ```ruby config.active_support.message_serializer = :marshal ``` Additionally, the logging behavior of `JsonWithMarshalFallback` has been replaced with notifications which include the names of the intended and actual serializers, as well as the serialized and deserialized message data. This provides a more targeted means of tracking serializer fallback events. It also allows the user to "silence" such events, if desired, without an additional config setting. All of these changes make it easier to add migration paths for new serializers such as `ActiveSupport::MessagePack`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Co-authored-by: David Buckley david.buckley@shopify.com
Co-authored-by: Saba Kiaei saba.kiaei@shopify.com
Summary
This PR introduces
JSONas the default serializer forActiveSupport::MessageVerifierreplacingMarshal.Given that a serializer of choice can be provided to
ActiveSupport::MessageVerifier, the goal with this PR is to ensure a safe default serialization method.This will help ensure that future signing secret leaks do not end up becoming a vector for deserialization attacks.