>What would help here is if Alice generated a clean copy of what she thinks she received, and serialized that.
I think you just suggested the same thing the OP did.
Rereading it, you may be right. I read “what was parsed” as “as parsed by the json parser”, but chances are the OP meant “by the application layer”.
I didnkt read it that way because I don’t see that often in my job. Programs there typically know just enough about the format to do their job, and that job doesn’t include “watch out for external threats” (and they don’t all just use some common library that _does_ know the ins and outs of the format because they’re written in different languages. Also, we don’t generate libraries for each language (as would be common if the format were XML) because the json culture doesn’t think json schema is a good idea)
Alice next checks the “command” value against a whitelist. Her json library reads the first value, returning the benign “feed”.
Alice next serializes the parsed structure and sends it to Bob. The serializer she uses returns the exact string Eve sent.
Bob, using a different json parser, parses the json. That parser drops the first “command”, so he gets the equivalent of
Since Bob trusts Alice, he executes that command.What would help here is if Alice generated a clean copy of what she thinks she received, and serialized that. For more complex APIs, that would mean she has to know the exact API that Bob expects, though. That may mean extra work keeping Alice’s knowledge of the ins and outs of the API up to date als Bob’s API evolves.