Core Framework Encryption Service + Proxy server - with a Cryptonote twist
f51ef1b52e
This commit introduces a fuzz test for the `Decode` function in the `trix` package. This test immediately uncovered a critical out-of-memory (OOM) vulnerability. - Adds a new fuzz test, `FuzzDecode`, to `pkg/trix/fuzz_test.go` to continuously test the `Decode` function with a wide range of malformed inputs. - Fixes a denial-of-service vulnerability where a malicious input could specify an extremely large header length, causing the application to crash due to an out-of-memory error. - Introduces a `MaxHeaderSize` constant (16MB) and a check in the `Decode` function to ensure that the header length does not exceed this limit. - Adds a new error, `ErrHeaderTooLarge`, to provide clear feedback when the header size limit is exceeded. |
||
|---|---|---|
| .dataset | ||
| .github | ||
| .run | ||
| docs | ||
| examples | ||
| pkg | ||
| vault | ||
| .gitignore | ||
| DISCLAIMER.md | ||
| go.mod | ||
| go.sum | ||
| go.work | ||
| LICENCE | ||
| README.md | ||
| Taskfile.yml | ||
Enchantrix
Enchantrix is a Go-based encryption library for the Core framework, designed to provide a secure and easy-to-use framework for handling sensitive data in Web3 applications. It will feature Poly-ChaCha stream proxying and a custom .trix file format for encrypted data.
Test-Driven Development
This project follows a strict Test-Driven Development (TDD) methodology. All new functionality must be accompanied by a comprehensive suite of tests.
Getting Started
To get started with Enchantrix, you'll need to have Go installed. You can then run the tests using the following command:
go test ./...