nippy

History

Peter Taoussanis db2c22eed8 Serializable: NB freeze default is now always to ALLOW ALL We have 2 options: A: Default to Serializable whitelist checks on both freeze and thaw B: Default to Serializable whitelist checks only on thaw Before this commit, Nippy was taking option A. As of this commit, Nippy is taking option B. Both are equally safe re: the risk of Remote Code Execution in #130: - Freezing a malicious payload is not a security risk - Thawing a frozen malicious payload is a security risk. But option B has the benefit of not throwing exceptions by default against a whitelist that has not [yet] been properly configured. This is especially helpful for other libraries or applications that may be using Nippy as an underlying dependency. Behaviour under our two options against a whitelist that has not [yet] been properly configured: A: Throw exception on freeze B: Freeze successfully, and thaw successully as {:nippy/unthawable {:class-name <> :content <quarantined-ba> :cause :quarantined}} I think this is probably less of a nuissance, and so a better default.	2020-09-10 22:56:45 +02:00
..
taoensso/nippy/tests	Serializable: NB freeze default is now always to ALLOW ALL	2020-09-10 22:56:45 +02:00

Peter Taoussanis db2c22eed8 Serializable: NB freeze default is now always to ALLOW ALL

We have 2 options:

  A: Default to Serializable whitelist checks on both freeze and thaw
  B: Default to Serializable whitelist checks only on thaw

Before this commit, Nippy was taking option A.
As of  this commit, Nippy is  taking option B.

Both are equally safe re: the risk of Remote Code Execution in #130:

  - Freezing a        malicious payload  is  *not* a security risk
  - Thawing  a frozen malicious payload *is*       a security risk.

But option B has the benefit of not throwing exceptions by default
against a whitelist that has not [yet] been properly configured.

This is especially helpful for other libraries or applications that
may be using Nippy as an underlying dependency.

Behaviour under our two options against a whitelist that has not
[yet] been properly configured:

  A: Throw exception on freeze
  B: Freeze successfully, and thaw successully as
     {:nippy/unthawable {:class-name <> :content <quarantined-ba> :cause :quarantined}}

I think this is probably less of a nuissance, and so a better default.

2020-09-10 22:56:45 +02:00

taoensso/nippy/tests

Serializable: NB freeze default is now always to ALLOW ALL

2020-09-10 22:56:45 +02:00