fix(verify): reject null required signed fields (closes #54)#10
Open
akuraposo wants to merge 1 commit into
Open
fix(verify): reject null required signed fields (closes #54)#10akuraposo wants to merge 1 commit into
akuraposo wants to merge 1 commit into
Conversation
The reference verifier only checked required-field presence with `field in receipt`, while the canonicalizer omits any signed field whose value is `undefined` or `null`. A receipt with `requestJson: null` would satisfy the required-field check, then canonicalize the rest of the body without `requestJson`, and produce a `verified: true` result against a forged authorization scope that has no operation payload. This patch adds an explicit non-null check before the required-field loop, so any required signed field whose value is `null` or `undefined` produces `MALFORMED_RECEIPT` and exit code 3 instead of bypassing the missing-field gate. - Added `isNonEmptySignedField` helper in `src/verify.ts` - Required-field loop now uses the helper instead of `in` - Added regression test that forges `requestJson: null` on a valid receipt and expects `MALFORMED_RECEIPT` - All 6 tests pass - `npm run build` clean Closes #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #54: the
pp-clireference verifier only checked required-fieldpresence with
field in receipt, while the canonicalizer omits anysigned field whose value is
undefinedornull.A receipt with
requestJson: nullwould satisfy the required-fieldcheck, then canonicalize the rest of the body without
requestJson,and produce a
verified: trueresult against a forged authorizationscope that has no operation payload. The same shape applies to any
other required signed field.
Fix
Added an
isNonEmptySignedFieldhelper insrc/verify.tsandreplaced the
field in receiptcheck in the required-field loopwith
isNonEmptySignedField(receipt, field). Any required signedfield whose value is
nullorundefinednow producesMALFORMED_RECEIPTand exit code 3 instead of bypassing themissing-field gate.
Validation
npm test -- --run— all 6 tests pass (5 pre-existing + 1 newregression test that forges
requestJson: nullon a validreceipt and expects
MALFORMED_RECEIPT)npm run build— cleangit diff --check— cleanBounty
Submitted for assessment under #36 as a distinct Ed25519
verification-flow flaw. Payout details can be provided privately
after validation.