You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The unit tests in that diff don't actually cover the fix. The tests pass even with these lines commented out.
Proposal
Add a test case that actually covers the fix. For example:
{
// See https://github.com/cosmos/ibc-go/security/advisories/GHSA-jg6f-48ff-5xrw"non-deterministic JSON ack serialization should return an error",
func() {
// Create a valid acknowledgement using deterministic serialization.ack=channeltypes.NewResultAcknowledgement([]byte{byte(1)}).Acknowledgement()
// Introduce non-determinism: insert an extra space after the first character '{'// This will deserialize correctly but fail to re-serialize to the expected bytes.iflen(ack) >0&&ack[0] =='{' {
ack= []byte("{ "+string(ack[1:]))
}
},
errors.New("acknowledgement did not marshal to expected bytes"),
false,
},
Context
GHSA-jg6f-48ff-5xrw
v7.8.0...v7.9.2#diff-8ddf47fbc8c8f270342c829d2e405b29d6b4732afeac6dd7ae1c22d5447abd4fR243-R246
Problem
The unit tests in that diff don't actually cover the fix. The tests pass even with these lines commented out.
Proposal
Add a test case that actually covers the fix. For example:
{ // See https://github.com/cosmos/ibc-go/security/advisories/GHSA-jg6f-48ff-5xrw "non-deterministic JSON ack serialization should return an error", func() { // Create a valid acknowledgement using deterministic serialization. ack = channeltypes.NewResultAcknowledgement([]byte{byte(1)}).Acknowledgement() // Introduce non-determinism: insert an extra space after the first character '{' // This will deserialize correctly but fail to re-serialize to the expected bytes. if len(ack) > 0 && ack[0] == '{' { ack = []byte("{ " + string(ack[1:])) } }, errors.New("acknowledgement did not marshal to expected bytes"), false, },See celestiaorg#1
The text was updated successfully, but these errors were encountered: