fix: harden validation and error handling (audit #18-#34)#35
Open
LKSNDRTMLKV wants to merge 6 commits into
Open
fix: harden validation and error handling (audit #18-#34)#35LKSNDRTMLKV wants to merge 6 commits into
LKSNDRTMLKV wants to merge 6 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardening pass across
dpp-coreclosing the open audit findings (#18–#34). Every fix is defensive: malformed, adversarial, or out-of-bounds input that previously panicked, failed open, or silently mis-validated now fails closed with an explicit error. Each change ships with a regression test, and the fulljust checkgate is green.Fixes by crate
dpp-domain (#24) —
patch_fieldsno longer bypasses the passport state machine;redact()fails closed instead of leaking confidential fields when a field is unknown; schema validation and catalog registration reject malformed input; semver parsed viasemver::Version.dpp-crypto (#22) — keystore decrypt returns
Resulton a malformed/legacy on-disk nonce instead of panicking.dpp-rules (#21) — bundle verification returns an error on attacker-controlled non-finite JSON numbers instead of panicking; content hashing is now fallible.
dpp-digital-link (#23) — malformed/duplicate GS1 AI segments are rejected rather than silently mis-parsed; decoded values are length-capped.
dpp-registry (#27) — mandatory Article-13 identifier fields (operator name/country) can no longer be empty and still pass
validate().dpp-plugin-traits (#20) — the ABI result surfaces serialization errors instead of swallowing them; non-finite metrics become a hard serialization error; the version-range fallback no longer silently accepts non-semver strings.
dpp-plugin-sdk (#26) — raw ABI pointer math is guarded off
wasm32; an oversized allocation request returns an error instead of panicking the instance; addedoptional_range/optional_non_negativehelpers.dpp-calc (#19) — the CO2e ruleset gains an effective-date guard (
RulesetNotYetEffective), guards against silent overflow toInfinity, and corrects the contradictory expiry message.Sector plugins (#18, #28–#34) — furniture, aluminium, steel, electronics, detergent, tyre, textile, battery: each plugin now bounds-checks its metrics and validates its discriminating fields (
productionRoute,tyreClass, fibre-composition sum, repairability/CO2e bounds, biodegradable declaration, battery recycled-content scoping + chemistry-conflict) instead of falling through to the most permissive verdict.Testing
just checkgreen: fmt-check · clippy--workspace --all-targets -D warnings· debug-check · subjects-check · mod-rs-check ·cargo nextest --workspace· audit, plusRUSTDOCFLAGS="-D warnings" cargo doc.Note
Core issue #25 (dpp-evidence transfer/kid verification) is intentionally not closed here — its fix lives in the dpp-engine PR (
dpp-vaultverification module).Closes #18, #19, #20, #21, #22, #23, #24, #26, #27, #28, #29, #30, #31, #32, #33, #34