Closed lgarron closed 4 years ago
For future reference, related comment => https://github.com/cedarcode/cose-ruby/issues/39#issuecomment-504232656.
It feels like most of these would be responsibility of the CBOR decoder... I mean, most of the possible random exceptions you would get are coming from CBOR.decode
.
Seems like the responsibility could lie on cbor to respond to the question if the cbor bytes are actually something that would decode without throwing...?
Staring discussion in https://github.com/cabo/cbor-ruby/issues/14.
FWIW https://github.com/cedarcode/cose-ruby/pull/50 released in v0.10.0
.
See https://github.com/cedarcode/webauthn-ruby/issues/222 and https://github.com/cedarcode/cose-ruby/issues/39
To check if a COSE key is valid, it seems we have to do:
This is not quite enough, because a
NoMemoryError
is also possible (#39). It would be nice to have a safe way to check whether an untrusted byte string is a valid key, e.g.:COSE::Key.valid?(public_key_bytes)