TrueCloudLab/neo-go
8
0
Fork 0
mirror of https://github.com/nspcc-dev/neo-go.git synced 2024-11-21 23:29:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

neorpc: restrict maximum subitems number in SignerWithWitness

Browse source 
Restrict the number of Rules, Contracts and Groups. A part of #3131.

Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
This commit is contained in:
Anna Shaleva 2023-11-23 12:12:34 +03:00
parent 2f6ba1fded
commit 22c654b200
2 changed files with 61 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkg/neorpc/types.go
View file

@ -115,6 +115,15 @@ func (s *SignerWithWitness) UnmarshalJSON(data []byte) error {
if err != nil { if err != nil {
return fmt.Errorf("not a signer: %w", err) return fmt.Errorf("not a signer: %w", err)
} }
if len(aux.AllowedContracts) > transaction.MaxAttributes {
return fmt.Errorf("invalid number of AllowedContracts: got %d, allowed %d at max", len(aux.AllowedContracts), transaction.MaxAttributes)
}
if len(aux.AllowedGroups) > transaction.MaxAttributes {
return fmt.Errorf("invalid number of AllowedGroups: got %d, allowed %d at max", len(aux.AllowedGroups), transaction.MaxAttributes)
}
if len(aux.Rules) > transaction.MaxAttributes {
return fmt.Errorf("invalid number of Rules: got %d, allowed %d at max", len(aux.Rules), transaction.MaxAttributes)
}
acc, err := util.Uint160DecodeStringLE(strings.TrimPrefix(aux.Account, "0x")) acc, err := util.Uint160DecodeStringLE(strings.TrimPrefix(aux.Account, "0x"))
if err != nil { if err != nil {
acc, err = address.StringToUint160(aux.Account) acc, err = address.StringToUint160(aux.Account)

52
pkg/neorpc/types_test.go
View file

@ -2,10 +2,12 @@ package neorpc
import ( import (
"encoding/json" "encoding/json"
"fmt"
"testing" "testing"
"github.com/nspcc-dev/neo-go/internal/testserdes" "github.com/nspcc-dev/neo-go/internal/testserdes"
"github.com/nspcc-dev/neo-go/pkg/core/transaction" "github.com/nspcc-dev/neo-go/pkg/core/transaction"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -37,4 +39,54 @@ func TestSignerWithWitnessMarshalUnmarshalJSON(t *testing.T) {
actual, err := json.Marshal(s) actual, err := json.Marshal(s)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, expected, string(actual)) require.Equal(t, expected, string(actual))
t.Run("subitems overflow", func(t *testing.T) {
checkSubitems := func(t *testing.T, bad any) {
data, err := json.Marshal(bad)
require.NoError(t, err)
err = json.Unmarshal(data, &SignerWithWitness{})
require.Error(t, err)
require.Contains(t, err.Error(), fmt.Sprintf("got %d, allowed %d at max", transaction.MaxAttributes+1, transaction.MaxAttributes))
}
t.Run("groups", func(t *testing.T) {
pk, err := keys.NewPrivateKey()
require.NoError(t, err)
bad := &SignerWithWitness{
Signer: transaction.Signer{
AllowedGroups: make([]*keys.PublicKey, transaction.MaxAttributes+1),
},
}
for i := range bad.AllowedGroups {
bad.AllowedGroups[i] = pk.PublicKey()
}
checkSubitems(t, bad)
})
t.Run("contracts", func(t *testing.T) {
bad := &SignerWithWitness{
Signer: transaction.Signer{
AllowedContracts: make([]util.Uint160, transaction.MaxAttributes+1),
},
}
checkSubitems(t, bad)
})
t.Run("rules", func(t *testing.T) {
bad := &SignerWithWitness{
Signer: transaction.Signer{
Rules: make([]transaction.WitnessRule, transaction.MaxAttributes+1),
},
}
for i := range bad.Rules {
bad.Rules[i] = transaction.WitnessRule{
Action: transaction.WitnessAllow,
Condition: &transaction.ConditionScriptHash{},
}
}
checkSubitems(t, bad)
})
})
} }