search

fxamacker / cbor

CBOR codec (RFC 8949) with CBOR tags, Go struct tags (toarray, keyasint, omitempty), float64/32/16, big.Int, and fuzz tested billions of execs.
MIT License
748 stars 61 forks source link

feature: Options to disable bignum support #528

Closed benluddy closed 6 months ago

benluddy commented 7 months ago

Is your feature request related to a problem? Please describe.

For an application whose CBOR-based protocol does not include arbitrary-precision integers (https://www.rfc-editor.org/rfc/rfc8949.html#section-5-3), it should be possible to reject the bignum tags 2 and 3 on decode and math/big.Int on encode.

Describe the solution you'd like

  1. A new decode option specifying the decode behavior for the bignum tags, regardless of the Go type of the unmarshal destination object. Its default value would be backwards-compatible and would permit the bignum tag, but its second mode will cause Wellformed and Unmarshal to return an UnacceptableDataItemError if a bignum tag is encountered.
  2. A new mode for the encode option BigIntConvert, analogous to the InfConvert and NaNConvert options introduced by https://github.com/fxamacker/cbor/pull/513, that will return an UnsupportedTypeError if a math/big.Int is passed to Marshal.

Describe alternatives you've considered

The existing BigIntDec option is scoped to unmarshaling bignums into interface{}, which would not be suitable on its own for the purpose of rejecting all bignums. Bignums can also be decoded into uint, int, float, slice, array, and math/big.Int. I ended up adding the new option because I did not see a use case where the type of the destination Go value would affect whether or not a CBOR-based protocol accepts a particular input.

Additional context

fxamacker commented 6 months ago

Thanks Ben! :tada: Closed by #527.