Skip to content

Reject non-canonical badge encodings in Verify#24

Merged
TeoSlayer merged 1 commit into
mainfrom
fix/badgeverify-canonical
Jun 21, 2026
Merged

Reject non-canonical badge encodings in Verify#24
TeoSlayer merged 1 commit into
mainfrom
fix/badgeverify-canonical

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Scrub hardening (defense-in-depth). Verify re-encodes the parsed badge via Canonical and rejects any input that doesn't round-trip (leading zeros, '+' signs) before checking the signature — forecloses byte-string-vs-parsed-fields malleability. Issuer always signs canonical form, so production badges unaffected (golden vectors pass). Test added.

@TeoSlayer TeoSlayer merged commit 6fe13d2 into main Jun 21, 2026
2 checks passed
@codecov

codecov Bot commented Jun 21, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants