Paper Reference
Unsafe Deserialization — arxiv:2601.17549, §5 (Implementation Analysis)
"Parsing untrusted serialized data leading to code execution"
Current State
IntentGuard uses Python's json module for JSON-RPC parsing, which is inherently safe against deserialization attacks (unlike pickle/yaml.load). However, there is no explicit validation of JSON-RPC message structure, no schema enforcement on incoming messages, and no protection against malformed payloads designed to exploit parser edge cases.
What Should Be Implemented
- Strict JSON-RPC message schema validation (reject malformed messages)
- Maximum message size limits to prevent memory exhaustion via oversized payloads
- Explicit rejection of non-JSON content types in HTTP transport mode
- Policy config:
transport_rules:
max_message_size_bytes: 1048576 # 1MB
strict_jsonrpc_validation: true
Why It Matters
While Python's json module is safe, enforcing strict message schemas catches malformed or adversarial payloads early, before they reach any processing logic.
Priority
Low — Python's json is safe by default, but defense-in-depth justifies this for production hardening.
Paper Reference
Unsafe Deserialization — arxiv:2601.17549, §5 (Implementation Analysis)
Current State
IntentGuard uses Python's
jsonmodule for JSON-RPC parsing, which is inherently safe against deserialization attacks (unlike pickle/yaml.load). However, there is no explicit validation of JSON-RPC message structure, no schema enforcement on incoming messages, and no protection against malformed payloads designed to exploit parser edge cases.What Should Be Implemented
Why It Matters
While Python's json module is safe, enforcing strict message schemas catches malformed or adversarial payloads early, before they reach any processing logic.
Priority
Low — Python's json is safe by default, but defense-in-depth justifies this for production hardening.