all: use case-sensitive JSON unmarshaling (#807)

maciej-kisiel · maciej-kisiel · commit 6e8ca568e4f2 · 2026-02-18T16:02:15.000Z
As reported in #805, case insensitive unmarshaling can pose security issues. This change adjusts all non-test and non-example unmarshaling to use a case sensitive mode. This introduces a new external dependency `github.com/segmentio/encoding`.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,13 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/google/go-cmp v0.7.0
 	github.com/google/jsonschema-go v0.4.2
+	github.com/segmentio/encoding v0.5.3
 	github.com/yosida95/uritemplate/v3 v3.0.2
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/tools v0.34.0
 )
+
+require (
+	github.com/segmentio/asm v1.1.3 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -4,9 +4,15 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/jsonschema-go v0.4.2 h1:tmrUohrwoLZZS/P3x7ex0WAVknEkBZM46iALbcqoRA8=
 github.com/google/jsonschema-go v0.4.2/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
+github.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc=
+github.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg=
+github.com/segmentio/encoding v0.5.3 h1:OjMgICtcSFuNvQCdwqMCv9Tg7lEOXGwm1J5RPQccx6w=
+github.com/segmentio/encoding v0.5.3/go.mod h1:HS1ZKa3kSN32ZHVZ7ZLPLXWvOVIiZtyJnO1gPH1sKt0=
 github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
 github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
diff --git a/internal/json/json.go b/internal/json/json.go
@@ -0,0 +1,19 @@
+// Copyright 2025 The Go MCP SDK Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+// Package json provides internal JSON utilities.
+
+package json
+
+import (
+	"bytes"
+
+	"github.com/segmentio/encoding/json"
+)
+
+func Unmarshal(data []byte, v any) error {
+	dec := json.NewDecoder(bytes.NewReader(data))
+	dec.DontMatchCaseInsensitiveStructFields()
+	return dec.Decode(v)
+}
diff --git a/internal/json/json_test.go b/internal/json/json_test.go
@@ -0,0 +1,63 @@
+// Copyright 2025 The Go MCP SDK Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func TestUnmarshalCaseSensitivity(t *testing.T) {
+	type Nested struct {
+		Field string `json:"field"`
+	}
+	type Target struct {
+		Field       string
+		TaggedField string `json:"custom_tag"`
+		Nested      *Nested
+	}
+
+	tests := []struct {
+		name string
+		json string
+		want Target
+	}{
+		{
+			name: "exact match",
+			json: `{"Field": "value", "custom_tag": "tagged", "Nested": {"field": "nested"}}`,
+			want: Target{
+				Field:       "value",
+				TaggedField: "tagged",
+				Nested: &Nested{
+					Field: "nested",
+				},
+			},
+		},
+		{
+			name: "case mismatch",
+			json: `{"field": "value", "Custom_tag": "tagged", "Nested": {"Field": "nested"}}`,
+			want: Target{
+				Field:       "",
+				TaggedField: "",
+				Nested: &Nested{
+					Field: "",
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var got Target
+			if err := Unmarshal([]byte(tt.json), &got); err != nil {
+				t.Fatalf("Unmarshal failed: %v", err)
+			}
+			if diff := cmp.Diff(tt.want, got); diff != "" {
+				t.Errorf("Unmarshal mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
diff --git a/internal/jsonrpc2/conn.go b/internal/jsonrpc2/conn.go
@@ -6,13 +6,14 @@ package jsonrpc2
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 // Binder builds a connection configuration.
diff --git a/internal/jsonrpc2/messages.go b/internal/jsonrpc2/messages.go
@@ -8,6 +8,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 // ID is a Request identifier, which is defined by the spec to be a string, integer, or null.
@@ -167,7 +169,7 @@ func EncodeIndent(msg Message, prefix, indent string) ([]byte, error) {
 
 func DecodeMessage(data []byte) (Message, error) {
 	msg := wireCombined{}
-	if err := json.Unmarshal(data, &msg); err != nil {
+	if err := internaljson.Unmarshal(data, &msg); err != nil {
 		return nil, fmt.Errorf("unmarshaling jsonrpc message: %w", err)
 	}
 	if msg.VersionTag != wireVersion {
diff --git a/mcp/client.go b/mcp/client.go
@@ -6,7 +6,6 @@ package mcp
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"iter"
@@ -18,7 +17,7 @@ import (
 	"time"
 
 	"github.com/google/jsonschema-go/jsonschema"
-
+	"github.com/modelcontextprotocol/go-sdk/internal/json"
 	"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"
 	"github.com/modelcontextprotocol/go-sdk/jsonrpc"
 )
diff --git a/mcp/protocol.go b/mcp/protocol.go
@@ -13,6 +13,8 @@ package mcp
 import (
 	"encoding/json"
 	"fmt"
+
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 // Optional annotations for the client. The client can use annotations to inform
@@ -140,7 +142,7 @@ func (x *CallToolResult) UnmarshalJSON(data []byte) error {
 		res
 		Content []*wireContent `json:"content"`
 	}
-	if err := json.Unmarshal(data, &wire); err != nil {
+	if err := internaljson.Unmarshal(data, &wire); err != nil {
 		return err
 	}
 	var err error
@@ -286,7 +288,7 @@ type CompleteReference struct {
 func (r *CompleteReference) UnmarshalJSON(data []byte) error {
 	type wireCompleteReference CompleteReference // for naive unmarshaling
 	var r2 wireCompleteReference
-	if err := json.Unmarshal(data, &r2); err != nil {
+	if err := internaljson.Unmarshal(data, &r2); err != nil {
 		return err
 	}
 	switch r2.Type {
@@ -402,7 +404,7 @@ func (r *CreateMessageResult) UnmarshalJSON(data []byte) error {
 		result
 		Content *wireContent `json:"content"`
 	}
-	if err := json.Unmarshal(data, &wire); err != nil {
+	if err := internaljson.Unmarshal(data, &wire); err != nil {
 		return err
 	}
 	var err error
@@ -838,7 +840,7 @@ func (m *PromptMessage) UnmarshalJSON(data []byte) error {
 		msg
 		Content *wireContent `json:"content"`
 	}
-	if err := json.Unmarshal(data, &wire); err != nil {
+	if err := internaljson.Unmarshal(data, &wire); err != nil {
 		return err
 	}
 	var err error
@@ -1014,7 +1016,7 @@ func (m *SamplingMessage) UnmarshalJSON(data []byte) error {
 		msg
 		Content *wireContent `json:"content"`
 	}
-	if err := json.Unmarshal(data, &wire); err != nil {
+	if err := internaljson.Unmarshal(data, &wire); err != nil {
 		return err
 	}
 	var err error
diff --git a/mcp/server.go b/mcp/server.go
@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"github.com/google/jsonschema-go/jsonschema"
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 	"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"
 	"github.com/modelcontextprotocol/go-sdk/internal/util"
 	"github.com/modelcontextprotocol/go-sdk/jsonrpc"
@@ -326,7 +327,7 @@ func toolForErr[In, Out any](t *Tool, h ToolHandlerFor[In, Out], cache *SchemaCa
 		// Unmarshal and validate args.
 		var in In
 		if input != nil {
-			if err := json.Unmarshal(input, &in); err != nil {
+			if err := internaljson.Unmarshal(input, &in); err != nil {
 				return nil, fmt.Errorf("%w: %v", jsonrpc2.ErrInvalidParams, err)
 			}
 		}
@@ -1325,7 +1326,7 @@ func initializeMethodInfo() methodInfo {
 	info.unmarshalParams = func(m json.RawMessage) (Params, error) {
 		var params *initializeParamsV2
 		if m != nil {
-			if err := json.Unmarshal(m, &params); err != nil {
+			if err := internaljson.Unmarshal(m, &params); err != nil {
 				return nil, fmt.Errorf("unmarshaling %q into a %T: %w", m, params, err)
 			}
 		}
diff --git a/mcp/shared.go b/mcp/shared.go
@@ -23,6 +23,7 @@ import (
 	"time"
 
 	"github.com/modelcontextprotocol/go-sdk/auth"
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 	"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"
 	"github.com/modelcontextprotocol/go-sdk/jsonrpc"
 )
@@ -283,7 +284,7 @@ func newMethodInfo[P paramsPtr[T], R Result, T any](flags methodFlags) methodInf
 		unmarshalParams: func(m json.RawMessage) (Params, error) {
 			var p P
 			if m != nil {
-				if err := json.Unmarshal(m, &p); err != nil {
+				if err := internaljson.Unmarshal(m, &p); err != nil {
 					return nil, fmt.Errorf("unmarshaling %q into a %T: %w", m, p, err)
 				}
 			}
diff --git a/mcp/streamable.go b/mcp/streamable.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/modelcontextprotocol/go-sdk/auth"
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 	"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"
 	"github.com/modelcontextprotocol/go-sdk/internal/xcontext"
 	"github.com/modelcontextprotocol/go-sdk/jsonrpc"
@@ -1074,7 +1075,7 @@ func (c *streamableServerConn) servePOST(w http.ResponseWriter, req *http.Reques
 				isInitialize = true
 				// Extract the protocol version from InitializeParams.
 				var params InitializeParams
-				if err := json.Unmarshal(jreq.Params, &params); err == nil {
+				if err := internaljson.Unmarshal(jreq.Params, &params); err == nil {
 					initializeProtocolVersion = params.ProtocolVersion
 				}
 			}
diff --git a/mcp/tool.go b/mcp/tool.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/google/jsonschema-go/jsonschema"
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 // A ToolHandler handles a call to tools/call.
@@ -83,7 +84,7 @@ func applySchema(data json.RawMessage, resolved *jsonschema.Resolved) (json.RawM
 	if resolved != nil {
 		v := make(map[string]any)
 		if len(data) > 0 {
-			if err := json.Unmarshal(data, &v); err != nil {
+			if err := internaljson.Unmarshal(data, &v); err != nil {
 				return nil, fmt.Errorf("unmarshaling arguments: %w", err)
 			}
 		}
diff --git a/mcp/transport.go b/mcp/transport.go
@@ -15,6 +15,7 @@ import (
 	"os"
 	"sync"
 
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 	"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"
 	"github.com/modelcontextprotocol/go-sdk/internal/xcontext"
 	"github.com/modelcontextprotocol/go-sdk/jsonrpc"
@@ -189,7 +190,7 @@ type canceller struct {
 func (c *canceller) Preempt(ctx context.Context, req *jsonrpc.Request) (result any, err error) {
 	if req.Method == notificationCancelled {
 		var params CancelledParams
-		if err := json.Unmarshal(req.Params, &params); err != nil {
+		if err := internaljson.Unmarshal(req.Params, &params); err != nil {
 			return nil, err
 		}
 		id, err := jsonrpc2.MakeID(params.RequestID)
@@ -565,7 +566,7 @@ func (t *ioConn) Read(ctx context.Context) (jsonrpc.Message, error) {
 func readBatch(data []byte) (msgs []jsonrpc.Message, isBatch bool, _ error) {
 	// Try to read an array of messages first.
 	var rawBatch []json.RawMessage
-	if err := json.Unmarshal(data, &rawBatch); err == nil {
+	if err := internaljson.Unmarshal(data, &rawBatch); err == nil {
 		if len(rawBatch) == 0 {
 			return nil, true, fmt.Errorf("empty batch")
 		}
diff --git a/mcp/util.go b/mcp/util.go
@@ -7,6 +7,8 @@ package mcp
 import (
 	"crypto/rand"
 	"encoding/json"
+
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 func assert(cond bool, msg string) {
@@ -36,7 +38,7 @@ func remarshal(from, to any) error {
 	if err != nil {
 		return err
 	}
-	if err := json.Unmarshal(data, to); err != nil {
+	if err := internaljson.Unmarshal(data, to); err != nil {
 		return err
 	}
 	return nil
diff --git a/oauthex/dcr.go b/oauthex/dcr.go
@@ -17,6 +17,8 @@ import (
 	"io"
 	"net/http"
 	"time"
+
+	internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"
 )
 
 // ClientRegistrationMetadata represents the client metadata fields for the DCR POST request (RFC 7591).
@@ -144,7 +146,7 @@ func (r *ClientRegistrationResponse) UnmarshalJSON(data []byte) error {
 	}{
 		alias: (*alias)(r),
 	}
-	if err := json.Unmarshal(data, &aux); err != nil {
+	if err := internaljson.Unmarshal(data, &aux); err != nil {
 		return err
 	}
 	if aux.ClientIDIssuedAt != 0 {
@@ -206,7 +208,7 @@ func RegisterClient(ctx context.Context, registrationEndpoint string, clientMeta
 
 	if resp.StatusCode == http.StatusCreated {
 		var regResponse ClientRegistrationResponse
-		if err := json.Unmarshal(body, &regResponse); err != nil {
+		if err := internaljson.Unmarshal(body, &regResponse); err != nil {
 			return nil, fmt.Errorf("failed to decode successful registration response: %w (%s)", err, string(body))
 		}
 		if regResponse.ClientID == "" {
@@ -221,7 +223,7 @@ func RegisterClient(ctx context.Context, registrationEndpoint string, clientMeta
 
 	if resp.StatusCode == http.StatusBadRequest {
 		var regError ClientRegistrationError
-		if err := json.Unmarshal(body, &regError); err != nil {
+		if err := internaljson.Unmarshal(body, &regError); err != nil {
 			return nil, fmt.Errorf("failed to decode registration error response: %w (%s)", err, string(body))
 		}
 		return nil, &regError

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,8 @@ package mcp`
`13`	`13`	`import (`
`14`	`14`	`"encoding/json"`
`15`	`15`	`"fmt"`
	`16`	`+`
	`17`	`+ internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"`
`16`	`18`	`)`
`17`	`19`
`18`	`20`	`// Optional annotations for the client. The client can use annotations to inform`
`@@ -140,7 +142,7 @@ func (x *CallToolResult) UnmarshalJSON(data []byte) error {`
`140`	`142`	`res`
`141`	`143`	Content []*wireContent `json:"content"`
`142`	`144`	`}`
`143`		`- if err := json.Unmarshal(data, &wire); err != nil {`
	`145`	`+ if err := internaljson.Unmarshal(data, &wire); err != nil {`
`144`	`146`	`return err`
`145`	`147`	`}`
`146`	`148`	`var err error`
`@@ -286,7 +288,7 @@ type CompleteReference struct {`
`286`	`288`	`func (r *CompleteReference) UnmarshalJSON(data []byte) error {`
`287`	`289`	`type wireCompleteReference CompleteReference // for naive unmarshaling`
`288`	`290`	`var r2 wireCompleteReference`
`289`		`- if err := json.Unmarshal(data, &r2); err != nil {`
	`291`	`+ if err := internaljson.Unmarshal(data, &r2); err != nil {`
`290`	`292`	`return err`
`291`	`293`	`}`
`292`	`294`	`switch r2.Type {`
`@@ -402,7 +404,7 @@ func (r *CreateMessageResult) UnmarshalJSON(data []byte) error {`
`402`	`404`	`result`
`403`	`405`	Content *wireContent `json:"content"`
`404`	`406`	`}`
`405`		`- if err := json.Unmarshal(data, &wire); err != nil {`
	`407`	`+ if err := internaljson.Unmarshal(data, &wire); err != nil {`
`406`	`408`	`return err`
`407`	`409`	`}`
`408`	`410`	`var err error`
`@@ -838,7 +840,7 @@ func (m *PromptMessage) UnmarshalJSON(data []byte) error {`
`838`	`840`	`msg`
`839`	`841`	Content *wireContent `json:"content"`
`840`	`842`	`}`
`841`		`- if err := json.Unmarshal(data, &wire); err != nil {`
	`843`	`+ if err := internaljson.Unmarshal(data, &wire); err != nil {`
`842`	`844`	`return err`
`843`	`845`	`}`
`844`	`846`	`var err error`
`@@ -1014,7 +1016,7 @@ func (m *SamplingMessage) UnmarshalJSON(data []byte) error {`
`1014`	`1016`	`msg`
`1015`	`1017`	Content *wireContent `json:"content"`
`1016`	`1018`	`}`
`1017`		`- if err := json.Unmarshal(data, &wire); err != nil {`
	`1019`	`+ if err := internaljson.Unmarshal(data, &wire); err != nil {`
`1018`	`1020`	`return err`
`1019`	`1021`	`}`
`1020`	`1022`	`var err error`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ import (`
`24`	`24`	`"time"`
`25`	`25`
`26`	`26`	`"github.com/google/jsonschema-go/jsonschema"`
	`27`	`+ internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"`
`27`	`28`	`"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"`
`28`	`29`	`"github.com/modelcontextprotocol/go-sdk/internal/util"`
`29`	`30`	`"github.com/modelcontextprotocol/go-sdk/jsonrpc"`
`@@ -326,7 +327,7 @@ func toolForErr[In, Out any](t Tool, h ToolHandlerFor[In, Out], cache SchemaCa`
`326`	`327`	`// Unmarshal and validate args.`
`327`	`328`	`var in In`
`328`	`329`	`if input != nil {`
`329`		`- if err := json.Unmarshal(input, &in); err != nil {`
	`330`	`+ if err := internaljson.Unmarshal(input, &in); err != nil {`
`330`	`331`	`return nil, fmt.Errorf("%w: %v", jsonrpc2.ErrInvalidParams, err)`
`331`	`332`	`}`
`332`	`333`	`}`
`@@ -1325,7 +1326,7 @@ func initializeMethodInfo() methodInfo {`
`1325`	`1326`	`info.unmarshalParams = func(m json.RawMessage) (Params, error) {`
`1326`	`1327`	`var params *initializeParamsV2`
`1327`	`1328`	`if m != nil {`
`1328`		`- if err := json.Unmarshal(m, &params); err != nil {`
	`1329`	`+ if err := internaljson.Unmarshal(m, &params); err != nil {`
`1329`	`1330`	`return nil, fmt.Errorf("unmarshaling %q into a %T: %w", m, params, err)`
`1330`	`1331`	`}`
`1331`	`1332`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ import (`
`23`	`23`	`"time"`
`24`	`24`
`25`	`25`	`"github.com/modelcontextprotocol/go-sdk/auth"`
	`26`	`+ internaljson "github.com/modelcontextprotocol/go-sdk/internal/json"`
`26`	`27`	`"github.com/modelcontextprotocol/go-sdk/internal/jsonrpc2"`
`27`	`28`	`"github.com/modelcontextprotocol/go-sdk/jsonrpc"`
`28`	`29`	`)`
`@@ -283,7 +284,7 @@ func newMethodInfo[P paramsPtr[T], R Result, T any](flags methodFlags) methodInf`
`283`	`284`	`unmarshalParams: func(m json.RawMessage) (Params, error) {`
`284`	`285`	`var p P`
`285`	`286`	`if m != nil {`
`286`		`- if err := json.Unmarshal(m, &p); err != nil {`
	`287`	`+ if err := internaljson.Unmarshal(m, &p); err != nil {`
`287`	`288`	`return nil, fmt.Errorf("unmarshaling %q into a %T: %w", m, p, err)`
`288`	`289`	`}`
`289`	`290`	`}`