- changed status to open
Add more JSON.Path seucurity considerations in PE
Issue #1846
resolved
Feedback received from Nikos.
I am concerned about what can be used as a "filter". For instance this example uses a regular expression for the filter pattern. Regular expressions are notorius for enabling DoS attacks (https://www.usenix.org/system/files/sec21-li-yeting.pdf) But it can get even worse. Speficiation says that the filer can be a "JSON Schema descriptor" I bet that supporting JSON schema as a filter option will create many security risks.
Comments (3)
-
-
reporter
-
reporter
- changed status to resolved
PR merged. might have to keep iterating
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Verifiable Presentation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
Valid concern. Had a discussion on March 6/7 call. Will put a summary later.