Related to #195
Taken from the standard :
The canonicalization algorithm examines every difference in the information connected to blank nodes in order to ensure that each will properly receive its own canonical identifier. This process can be exploited by attackers to construct datasets which are known to take large amounts of computing time to canonicalize, but that do not express useful information or express it using unnecessary complexity. Implementers of the algorithm are expected to add mitigations that will, by default, abort canonicalizing problematic inputs.
Suggested mitigations include, but are not limited to:
- providing a configurable timeout with a default value applicable to an implementation's common use
- providing a configurable limit on the number of iterations of steps performed in the algorithm, particularly recursive steps and permutations of long lists
Additionally, software that uses implementations of the algorithm can employ best-practice schema validation to reject data that does not meet application requirements, thereby preventing useless poison datasets from being processed. However, such mitigations are application specific and not directly applicable to implementers of the canonicalization algorithm itself.
Suggested actions:
Add option to RDF canon serializer to set up a timeout or a limit to the number of steps in the algorithm
Related to #195
Taken from the standard :
Suggested actions:
Add option to RDF canon serializer to set up a timeout or a limit to the number of steps in the algorithm