MagnetUri uri field invariant vulnerability #169
Description
Description
The MagnetUri struct has a potential invariant issue with its uri field that could lead to serialization problems.
Problem
The uri field is marked with #[serde(skip)], which means:
- It defaults to an empty string during direct struct/map deserialization
- The
Serializeimplementation returnsself.uridirectly - If
uriis empty, serializing produces an empty string
While the custom deserialize implementation (lines 93-101) properly sets uri via try_from(), this protection is bypassed if MagnetUri is deserialized directly outside the MetaInfo enum wrapper.
This could be a problem if we export the torrent twice back to back, as the second export might serialize an empty URI.
Suggested Solutions
-
Recommended: Make struct fields private, expose through accessors, and require all construction via
TryFrom/parse(). Add#[serde(deserialize_with = "Self::deserialize")]on the struct to prevent direct deserialization bypass. -
Alternative: Add fallback URI reconstruction in
serialize()whenuri.is_empty().
References
- PR: feat: Exportable engine state #166
- Comment: feat: Exportable engine state #166 (comment)
- Requester: @artrixdotdev