proto: Make marshal interface return error if interface not registered #12894
Comments
kocubinski
added a commit
that referenced
this issue
Aug 18, 2022
19 tasks
mergify bot
pushed a commit
that referenced
this issue
Aug 19, 2022
…fail (#12964) ## Description Closes: #12894 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/building-modules) - [x] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [x] included comments for [documenting Go code](https://blog.golang.org/godoc) - [x] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Right now you can always marshal any interface even if its not registered. You can only unmarshal registered interfaces though.
This can cause security problems, when composed with other bugs, and is a serious footgun in serialization that needs to be fixed. This can then lead to complex problems for one to verify.
Problem Definition
Its possible to serialize interfaces into state, that cannot get deserialized.
Proposal
Make
MarshalInterfacereturn an error if the interface is not registered.The text was updated successfully, but these errors were encountered: