Thanks for writing this! I frequently run into the issue of having to reconstruct composite types after they have changed, so this will be a nice addition to my toolkit.
I don’t mind having to write a reconstruction method, I think of this as a feature. I like the human-readable output.
If so, then I think we currently ask for disclosure in the Readme.md.
Some general notes:
Afaiu you don’t round-trip element types for arrays → you lose fidelity and performance.
You decide to serialize “difficult” objects like Function as nothing. With your intended use for long-time storage (i.e. allow a human to use the data, long after all code + docs + first hand experience handling it has been lost), I think some configurable warning would be appropriate whenever your serialization discards data. It would suck for future people to come in to pick up a long-discarded project or help a replication attempt, only to discover that all data is lost because it lived in a closure.
I have not seen an obvious way to pop a shell on deserialization of malicious data. However, the general architecture is a recipe for insecure deserialization – maybe explicitly document that people shouldn’t reconstruct / deserialize untrusted input?
The general architecture that invites shell-popping: Types for reconstruction use a global registry, namely the dispatch table for specializations of TypedJson.reconstruct(::Val{<:Symbol}, ::Any), where the symbol is attacker controlled. Hence, each loaded package that defines reconstructions gives new gadgets. This is similar to deserialization gadgets in java, where any unforeseen interaction between stuff in the classpath can make deserialization unsafe. The general consensus is that “control your classpath such that no gadget chain exists” is not viable (it breaks all modularity!), and java deserialization must be considered unsafe in any environment.
With this general architecture, you will never achieve safe / secure deserialization. Which is totally fine if it is not your design goal, just be very upfront about it in your Readme.md.
The package code is not AI-generated, while the test suite is mainly provided by Gemini.
In some case the types are not properly reconstructed, I added a note in the Caveats section.
Performance is not a goal here…
The only way to check for correct serialization and deserialization is to use the roundtrip function. I added a clear statement in the Caveats section.
This is a very interesting topic, thank you for raising it!
But it’s not clear to me how one can perform shell-popping here by just providing a malicious JSON file to deserialize. Can you provide an explicit example?
As long as I understand you need both the JSON file and a malicious package to do the job, hence the problem becomes to warn the user not to install untrusted packages… Or am I missing something?