Skip to content

Commit 610ba2a

Browse files
smoeliussmoelius
committed
Prettier notes.md
1 parent d5ae5bd commit 610ba2a

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

lints/type_cosplay/notes.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,20 +20,20 @@ We cannot just detect whether two types are the same to flag the lint, as this d
2020
core issue. The core issue is whether two types deserialize the same or not. Thus we should hunt for
2121
any two types that deserialize the same. However, this is kinda impossible to do, since it is dependent
2222
on what data format is being used. Two types that deserialize the same in one data format might not
23-
in another.
23+
in another.
2424

2525
So the strategy we've come up with is first gather all the types that are being deserialized in the code.
2626
Say `n` types are collected. Then one of the following constraints must hold:
2727

2828
1. `n=1`, and the type is an enum.
2929
2. All types are structs AND
30-
each struct has a field that is the enum type found before AND
31-
the number of variants in the enum must be at least `n-1`.
30+
each struct has a field that is the enum type found before AND
31+
the number of variants in the enum must be at least `n-1`.
3232

3333
These two constraints encode two scenarios where the code will be safe from the type-cosplay issue:
3434

3535
1. If there is only 1 enum being deserialized, then all types will be unique.
36-
2.
36+
2.
3737

3838
Two circumstances avoid the type cosplay attack.
3939
// 1. All structs are variants of a single enum type--an enum effectively has a
@@ -42,12 +42,14 @@ Two circumstances avoid the type cosplay attack.
4242
// can be distinguished.
4343

4444
# Test Cases
45+
4546
Whenever we refer to a type, we refer to whether it was deserialized in the program, not
4647
to the type definition.
48+
4749
- single deserialized type; is enum => SECURE
4850
- single deserialized type; is not enum; has discriminant => SECURE
4951
- single deserialized type; is not enum; no discriminant => INSECURE (insecure)
50-
NOTE: do we really need to check if one is an enum?
52+
NOTE: do we really need to check if one is an enum?
5153
- multiple deserialized types; one is enum; all structs have discriminant => SECURE
5254
- multiple deserialized types; one is enum; some struct doesn't have discriminant => INSECURE
5355
- multiple deserialized types; multiple enums => INSECURE (insecure-2)

0 commit comments

Comments
 (0)