Skip to content

security: enforce strict input validation and payload bounds#1706

Open
SurbhiAgarwal1 wants to merge 7 commits into
LFDT-Panurus:mainfrom
SurbhiAgarwal1:security/tokens-validation
Open

security: enforce strict input validation and payload bounds#1706
SurbhiAgarwal1 wants to merge 7 commits into
LFDT-Panurus:mainfrom
SurbhiAgarwal1:security/tokens-validation

Conversation

@SurbhiAgarwal1

Copy link
Copy Markdown
Contributor

Description

This PR implements strict input validation and payload bounds within the tokens.Service.Append method to protect the system against resource exhaustion and potential Denial of Service (DoS) attacks from malformed or oversized finality data.

Changes

  • ValidationConfig: Introduced a configurable validation layer with safe default limits:
    • MaxTokenPayloadSize: 1MB (covers TokenOnLedger and TokenOnLedgerMetadata)
    • MaxTokenOutputsPerTx: 1000 outputs
    • MaxBulkDeleteSize: 10,000 IDs
    • MaxWalletIDSize: 1024 bytes
    • MaxOwnerRawSize: 2048 bytes
    • MaxIssuerRawSize: 2048 bytes
  • AppendRequest: Refactored the internal data flow to use a request-based structure for validated processing.
  • Strict Validation Logic: Implemented validateAppendRequest which performs in-memory checks before any database transactions or storage operations are initiated.
  • Enhanced Testing: Added a comprehensive test suite in token/services/tokens/validation_test.go covering edge cases, limit violations, and structural validation.

Verification Results

  • Unit Tests: All tests in token/services/tokens passed successfully.
  • Linting: Code is clean according to golangci-lint (v2) standards, including nlreturn and testifylint compliance.

Fixes: #1608

Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
@SurbhiAgarwal1 SurbhiAgarwal1 force-pushed the security/tokens-validation branch from 5cae97f to 8c74cea Compare May 14, 2026 06:11
…k during initialization

Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
@adecaro adecaro added this to the Q3/26 milestone Jun 2, 2026
@AkramBitar AkramBitar requested a review from HayimShaul June 9, 2026 07:40
Signed-off-by: SurbhiAgarwal <agarwalsurbhi1807@gmail.com>
Comment thread token/services/tokens/tokens.go Outdated
Comment thread plan.md Outdated
Comment thread token/config.go
Comment thread token/services/tokens/tokens.go Outdated
Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
Comment thread token/services/tokens/tokens.go
Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>
@HayimShaul

Copy link
Copy Markdown
Contributor

Looks good to me.
@adecaro do you want to have another quick look?

@HayimShaul HayimShaul requested a review from adecaro June 23, 2026 11:01
@mergify

mergify Bot commented Jun 23, 2026

Copy link
Copy Markdown

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Enforce Strict Input Validation and Payload Bounds on Token Store Writes [MED]

4 participants