Improve UnknownFieldError message

[tim-barry]

Description

Improves the error message for UnknownFieldError when a CBOR map does not match with the Go struct currently being decoded into. The message now includes struct and field names, allowing simpler debugging of issues that can occur due to mismatched struct types.

PR Was Proposed and Welcomed in Currently Open Issue

• This PR was proposed and welcomed by maintainer(s) in issue feature: improve error message for unknown struct field #668
• Closes or Updates Issue feature: improve error message for unknown struct field #668

Checklist (for code PR only, ignore for docs PR)

• Include unit tests that cover the new code
• Pass all unit tests
• Pass all lint checks in CI (goimports, gosec, staticcheck, etc.)
• Sign each commit with your real name and email.
  Last line of each commit message should be in this format:
  Signed-off-by: Firstname Lastname [email protected]
• Certify the Developer's Certificate of Origin 1.1
  (see next section).

Certify the Developer's Certificate of Origin 1.1

• By marking this item as completed, I certify
  the Developer Certificate of Origin 1.1.

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
660 York Street, Suite 102,
San Francisco, CA 94110 USA

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[fxamacker]

@tim-barry Thanks for opening this PR.

I left some suggestions, but the most important ones are:

• We shouldn't use %s in the error message to add the field name coming from untrusted input data.

• The changes made by this PR don't handle all the use cases in the parseMapToStruct() function. Specifically, it doesn't handle CBOR map key as integer for unknown field error.

BTW, I'm out of office for ~2 weeks starting tomorrow (Monday, June 9) but will take a look at this PR in case it is updated.

If this is urgent, please let me know (here on GitHub) so I can take a look sooner.

[fxamacker]

Please rename two fields:

Suggested change

	Struct string // name of the struct being decoded
	Field string // field of the CBOR map that was unexpected
	Index int // index of the field in the CBOR map
	StructName string // name of the struct being decoded
	FieldName string // unknown field name decoded from CBOR map key
	Index int // index of the field in the CBOR map

[fxamacker]

Using %s to add field name here to an error message requires security considerations.

In this PR, field name is decoded from untrusted data, so we need to consider the possibility it might contain non-printable characters.

We can use %q instead of %s to escape non-printable characters.

Please also reword the error message to be more consistent with the old message, like this:

Suggested change

	return fmt.Sprintf("cbor: found unknown field: struct '%s' has no field '%s', at map element index %d", e.Struct, e.Field, e.Index)
	return fmt.Sprintf("cbor: found unknown field %q at map element index %d in struct %q", e.Field, e.Index, e.Struct)

[fxamacker]

These changes don't cover all use cases in parseMapToStruct().

Valid map keys in this function can be byte string, text string, or integer (to support keyasint feature). Currently, keyBytes is only used when map key type is byte string or text string.

So we also need to handle unknown field when map key is integer.

Also, please add a test for unknown field of integer type.

[fxamacker]

Hey @tim-barry 👋 Do you have any updates planned for this PR?

This July 4 weekend, I need to begin preparing for v2.9.0 release by reviewing changes, updating docs, fuzz testing, etc. After fuzzing starts for v2.9.0, coding changes to codec (except regression fixes & docs) will likely be postponed until after v2.9.0 is release tagged.