ayush00git opened a new pull request, #3475: URL: https://github.com/apache/fory/pull/3475
## Why? go deserialization didn't have any configured guardrails for untrusted paylaods which leads to high memory pressure while allocation and Out of memory attacks. ## What does this PR do? Added two configurable guardrails `MaxCollectionSize` and `MaxBinarySize`, and implement size guardrails across the fory codegen. ## Related issues Closes #3419 ## AI Contribution Checklist <!-- Full requirements and disclosure template: https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs --> - [x] Substantial AI assistance was used in this PR: `yes` - [x] If `yes`, I included a completed [AI Contribution Checklist](https://github.com/apache/fory/blob/main/AI_POLICY.md#9-contributor-checklist-for-ai-assisted-prs) in this PR description and the required `AI Usage Disclosure`. - [x] If `yes`, I included the standardized `AI Usage Disclosure` block below. - [x] If `yes`, I can explain and defend all important changes without AI help. - [x] If `yes`, I reviewed AI-assisted code changes line by line before submission. - [x] If `yes`, I ran adequate human verification and recorded evidence (checks run locally or in CI, pass/fail summary, and confirmation I reviewed results). - [x] If `yes`, I added/updated tests and specs where required. - [x] If `yes`, I validated protocol/performance impacts with evidence when applicable. - [x] If `yes`, I verified licensing and provenance compliance. ```text AI Usage Disclosure I used AI to find and replace the multiple iterations of `ReadLength` by the specific `ReadCollectionSize` / `ReadBinarySize` across the go runtime. Also I used it to fix some errors during running tests. I can still explain all of my work, as everything is tested by me. ``` <!-- If substantial AI assistance = `yes`, paste the completed checklist and disclosure block here. --> ## Does this PR introduce any user-facing change? <!-- If any user-facing interface changes, please [open an issue](https://github.com/apache/fory/issues/new/choose) describing the need to do so and update the document if necessary. Delete section if not applicable. --> - [ ] Does this PR introduce any public API change? - [ ] Does this PR introduce any binary protocol compatibility change? ## Benchmark <!-- When the PR has an impact on performance (if you don't know whether the PR will have an impact on performance, you can submit the PR first, and if it will have impact on performance, the code reviewer will explain it), be sure to attach a benchmark data here. Delete section if not applicable. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
