Find a replacement for JSON library #3226
Labels
dependencies
Dealing with project dependencies
enhancement
Improving existing functionality
go
Go language related
help wanted
Extra attention is needed
I4
No visible changes
S2
Regular significance
U4
Nothing urgent
Comments
AnnaShaleva
added
help wanted
|
The other way to handle it is just to try what amount of badness can we fit into 5M and how bad is it for the node. Maybe it's not that bad. But 5M is not a small number either, a lot of braces of various kinds can be put into this volume. |
roman-khimov
added
U4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently it's possible to perform DOS to RPC server using RPC requests with high depth. NeoC# doesn't have such problem since neo-project/neo#2912 and neo-project/neo-modules#827. However, for us it's not that easy because neither standard JSON nor ordered JSON supports nested JSON depth restriction. But this limit is restricted by default by 10000, see golang/go#31789 and golang/go@84afaa9.
Describe the solution you'd like
We need to find some other JSON library that allows to restrict maximum allowed JSON depth. Ref. #3221 (comment).
The text was updated successfully, but these errors were encountered: