Closed HenningHolmDE closed 2 weeks ago
Thank you very much, Henning! As a short explainer: The serde
support happened "by accident" because we needed it quickly for another project :-) I never saw it as part of the misuse resistancy contract. But: This is inconsequent (and not documented).
Now, with the Python bindings, we have a good reason to finally rectify that. Consequently, we should extend the fuzz targets to capture serde
s (de)serialization, too. (Let's think about how to do it later.)
Good news: I believe we only need a few tweaks here and there. Deserialization is guaranteed to be misuse resistant for tightly modelled types, i.e., types that enforce all invariants by definition.
This is not true for "string types", such as Atom
, etc. Thus, I expect most of the validated deserialization will need to happen in the core
module. It should really only be a handful of types.
(Maybe CommandContinuationRequest
will be tricky. But we should get quite far.)
Currently, types created through
deserialize
are not validated. Thus, it is possible to create incorrect values, e.g.:At least for
core::Text
, it is possible to fix the issue using#[serde(try_from = "String")]
.I will try to provide a corresponding PR in the next days.