compiler: check for contract permissions
On many occassions we can determine at compile-time if contract config lacks some properties it needs. This includes all native contract invocations through stdlib, as both hashes and methods are known at compile-time there. Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
parent
16a8edaa17
commit
4249674ddc
7 changed files with 261 additions and 36 deletions
|
@ -154,6 +154,10 @@ func NewCommands() []cli.Command {
|
|||
Name: "no-events",
|
||||
Usage: "do not check emitted events with the manifest",
|
||||
},
|
||||
cli.BoolFlag{
|
||||
Name: "no-permissions",
|
||||
Usage: "do not check if invoked contracts are allowed in manifest",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -441,6 +445,7 @@ func contractCompile(ctx *cli.Context) error {
|
|||
|
||||
NoStandardCheck: ctx.Bool("no-standards"),
|
||||
NoEventsCheck: ctx.Bool("no-events"),
|
||||
NoPermissionsCheck: ctx.Bool("no-permissions"),
|
||||
}
|
||||
|
||||
if len(confFile) != 0 {
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/nspcc-dev/neo-go/pkg/encoding/address"
|
||||
"github.com/nspcc-dev/neo-go/pkg/io"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm/emit"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
|
||||
|
@ -108,6 +109,9 @@ type codegen struct {
|
|||
// emittedEvents contains all events emitted by contract.
|
||||
emittedEvents map[string][][]string
|
||||
|
||||
// invokedContracts contains invoked methods of other contracts.
|
||||
invokedContracts map[util.Uint160][]string
|
||||
|
||||
// Label table for recording jump destinations.
|
||||
l []int
|
||||
}
|
||||
|
@ -2059,6 +2063,7 @@ func newCodegen(info *buildInfo, pkg *loader.PackageInfo) *codegen {
|
|||
deployEndOffset: -1,
|
||||
|
||||
emittedEvents: make(map[string][][]string),
|
||||
invokedContracts: make(map[util.Uint160][]string),
|
||||
sequencePoints: make(map[string][]DebugSeqPoint),
|
||||
}
|
||||
}
|
||||
|
|
|
@ -43,6 +43,11 @@ type Options struct {
|
|||
// This setting has effect only if manifest is emitted.
|
||||
NoStandardCheck bool
|
||||
|
||||
// NoPermissionsCheck specifies if permissions in YAML config need to be checked
|
||||
// against invocations performed by the contract.
|
||||
// This setting has effect only if manifest is emitted.
|
||||
NoPermissionsCheck bool
|
||||
|
||||
// Name is contract's name to be written to manifest.
|
||||
Name string
|
||||
|
||||
|
@ -291,5 +296,31 @@ func CreateManifest(di *DebugInfo, o *Options) (*manifest.Manifest, error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !o.NoPermissionsCheck {
|
||||
// We can't perform full check for 2 reasons:
|
||||
// 1. Contract hash may not be available at compile time.
|
||||
// 2. Permission may be specified for a group of contracts by public key.
|
||||
// Thus only basic checks are performed.
|
||||
|
||||
for h, methods := range di.InvokedContracts {
|
||||
methodLoop:
|
||||
for _, m := range methods {
|
||||
for _, p := range o.Permissions {
|
||||
// Group or wildcard permission is ok to try.
|
||||
if p.Contract.Type == manifest.PermissionHash && !p.Contract.Hash().Equals(h) {
|
||||
continue
|
||||
}
|
||||
|
||||
if p.Methods.Contains(m) {
|
||||
continue methodLoop
|
||||
}
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("method '%s' of contract %s is invoked but"+
|
||||
" corresponding permission is missing", m, h.StringLE())
|
||||
}
|
||||
}
|
||||
}
|
||||
return m, nil
|
||||
}
|
||||
|
|
|
@ -10,8 +10,11 @@ import (
|
|||
|
||||
"github.com/nspcc-dev/neo-go/pkg/compiler"
|
||||
"github.com/nspcc-dev/neo-go/pkg/config"
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||
"github.com/nspcc-dev/neo-go/pkg/interop/native/neo"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
|
@ -197,3 +200,105 @@ func TestNotifyInVerify(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestInvokedContractsPermissons(t *testing.T) {
|
||||
testCompile := func(t *testing.T, di *compiler.DebugInfo, disable bool, ps ...manifest.Permission) error {
|
||||
o := &compiler.Options{
|
||||
NoPermissionsCheck: disable,
|
||||
Permissions: ps,
|
||||
}
|
||||
|
||||
_, err := compiler.CreateManifest(di, o)
|
||||
return err
|
||||
}
|
||||
|
||||
t.Run("native", func(t *testing.T) {
|
||||
src := `package test
|
||||
import "github.com/nspcc-dev/neo-go/pkg/interop/native/neo"
|
||||
import "github.com/nspcc-dev/neo-go/pkg/interop/native/management"
|
||||
func Main() int {
|
||||
neo.Transfer(nil, nil, 10, nil)
|
||||
management.GetContract(nil) // skip read-only
|
||||
return 0
|
||||
}`
|
||||
|
||||
_, di, err := compiler.CompileWithOptions("permissionTest", strings.NewReader(src), &compiler.Options{})
|
||||
require.NoError(t, err)
|
||||
|
||||
var nh util.Uint160
|
||||
|
||||
p := manifest.NewPermission(manifest.PermissionHash, nh)
|
||||
require.Error(t, testCompile(t, di, false, *p))
|
||||
require.NoError(t, testCompile(t, di, true, *p))
|
||||
|
||||
copy(nh[:], neo.Hash)
|
||||
p.Contract.Value = nh
|
||||
require.NoError(t, testCompile(t, di, false, *p))
|
||||
|
||||
p.Methods.Restrict()
|
||||
require.Error(t, testCompile(t, di, false, *p))
|
||||
require.NoError(t, testCompile(t, di, true, *p))
|
||||
})
|
||||
|
||||
t.Run("custom", func(t *testing.T) {
|
||||
hashStr := "aaaaaaaaaaaaaaaaaaaa"
|
||||
src := fmt.Sprintf(`package test
|
||||
import "github.com/nspcc-dev/neo-go/pkg/interop/contract"
|
||||
import "github.com/nspcc-dev/neo-go/pkg/interop"
|
||||
import "github.com/nspcc-dev/neo-go/pkg/compiler/testdata/runh"
|
||||
|
||||
const hash = "%s"
|
||||
var runtimeHash interop.Hash160
|
||||
var runtimeMethod string
|
||||
func invoke(h string) interop.Hash160 { return nil }
|
||||
func Main() {
|
||||
contract.Call(interop.Hash160(hash), "method1", contract.All)
|
||||
contract.Call(interop.Hash160(hash), "method2", contract.All)
|
||||
contract.Call(interop.Hash160(hash), "method2", contract.All)
|
||||
|
||||
// skip read-only
|
||||
contract.Call(interop.Hash160(hash), "method3", contract.ReadStates)
|
||||
|
||||
// skip this
|
||||
contract.Call(interop.Hash160(hash), runtimeMethod, contract.All)
|
||||
contract.Call(runtimeHash, "someMethod", contract.All)
|
||||
contract.Call(interop.Hash160(runtimeHash), "someMethod", contract.All)
|
||||
contract.Call(runh.RuntimeHash(), "method3", contract.All)
|
||||
contract.Call(runh.RuntimeHashArgs(hash), "method3", contract.All)
|
||||
contract.Call(invoke(hash), "method3", contract.All)
|
||||
}`, hashStr)
|
||||
|
||||
_, di, err := compiler.CompileWithOptions("permissionTest", strings.NewReader(src), &compiler.Options{})
|
||||
require.NoError(t, err)
|
||||
|
||||
var h util.Uint160
|
||||
copy(h[:], hashStr)
|
||||
|
||||
p := manifest.NewPermission(manifest.PermissionHash, h)
|
||||
require.NoError(t, testCompile(t, di, false, *p))
|
||||
|
||||
p.Methods.Add("method1")
|
||||
require.Error(t, testCompile(t, di, false, *p))
|
||||
require.NoError(t, testCompile(t, di, true, *p))
|
||||
|
||||
t.Run("wildcard", func(t *testing.T) {
|
||||
pw := manifest.NewPermission(manifest.PermissionWildcard)
|
||||
require.NoError(t, testCompile(t, di, false, *p, *pw))
|
||||
|
||||
pw.Methods.Add("method2")
|
||||
require.NoError(t, testCompile(t, di, false, *p, *pw))
|
||||
})
|
||||
|
||||
t.Run("group", func(t *testing.T) {
|
||||
priv, _ := keys.NewPrivateKey()
|
||||
pw := manifest.NewPermission(manifest.PermissionGroup, priv.PublicKey())
|
||||
require.NoError(t, testCompile(t, di, false, *p, *pw))
|
||||
|
||||
pw.Methods.Add("invalid")
|
||||
require.Error(t, testCompile(t, di, false, *p, *pw))
|
||||
|
||||
pw.Methods.Add("method2")
|
||||
require.NoError(t, testCompile(t, di, false, *p, *pw))
|
||||
})
|
||||
})
|
||||
}
|
||||
|
|
|
@ -13,6 +13,7 @@ import (
|
|||
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract/manifest"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
|
||||
)
|
||||
|
||||
|
@ -24,6 +25,8 @@ type DebugInfo struct {
|
|||
Events []EventDebugInfo `json:"events"`
|
||||
// EmittedEvents contains events occurring in code.
|
||||
EmittedEvents map[string][][]string `json:"-"`
|
||||
// InvokedContracts contains foreign contract invocations.
|
||||
InvokedContracts map[util.Uint160][]string `json:"-"`
|
||||
// StaticVariables contains list of static variable names and types.
|
||||
StaticVariables []string `json:"static-variables"`
|
||||
}
|
||||
|
@ -180,6 +183,7 @@ func (c *codegen) emitDebugInfo(contract []byte) *DebugInfo {
|
|||
d.Methods = append(d.Methods, *m)
|
||||
}
|
||||
d.EmittedEvents = c.emittedEvents
|
||||
d.InvokedContracts = c.invokedContracts
|
||||
return d
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,8 @@ import (
|
|||
"go/types"
|
||||
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/interop/runtime"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract/callflag"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm/emit"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
|
||||
)
|
||||
|
@ -30,7 +32,7 @@ func (c *codegen) inlineCall(f *funcScope, n *ast.CallExpr) {
|
|||
pkg := c.buildInfo.program.Package(f.pkg.Path())
|
||||
sig := c.typeOf(n.Fun).(*types.Signature)
|
||||
|
||||
c.processNotify(f, n.Args)
|
||||
c.processStdlibCall(f, n.Args)
|
||||
|
||||
// When inlined call is used during global initialization
|
||||
// there is no func scope, thus this if.
|
||||
|
@ -109,12 +111,21 @@ func (c *codegen) inlineCall(f *funcScope, n *ast.CallExpr) {
|
|||
c.pkgInfoInline = c.pkgInfoInline[:len(c.pkgInfoInline)-1]
|
||||
}
|
||||
|
||||
func (c *codegen) processNotify(f *funcScope, args []ast.Expr) {
|
||||
if f != nil && f.pkg.Path() == interopPrefix+"/runtime" {
|
||||
if f.name != "Notify" && f.name != "Log" {
|
||||
func (c *codegen) processStdlibCall(f *funcScope, args []ast.Expr) {
|
||||
if f == nil {
|
||||
return
|
||||
}
|
||||
|
||||
if f.pkg.Path() == interopPrefix+"/runtime" && (f.name == "Notify" || f.name == "Log") {
|
||||
c.processNotify(f, args)
|
||||
}
|
||||
|
||||
if f.pkg.Path() == interopPrefix+"/contract" && f.name == "Call" {
|
||||
c.processContractCall(f, args)
|
||||
}
|
||||
}
|
||||
|
||||
func (c *codegen) processNotify(f *funcScope, args []ast.Expr) {
|
||||
if c.scope != nil && c.isVerifyFunc(c.scope.decl) &&
|
||||
c.scope.pkg == c.mainPkg.Pkg && !c.buildInfo.options.NoEventsCheck {
|
||||
c.prog.Err = fmt.Errorf("runtime.%s is not allowed in `Verify`", f.name)
|
||||
|
@ -145,6 +156,57 @@ func (c *codegen) processNotify(f *funcScope, args []ast.Expr) {
|
|||
return
|
||||
}
|
||||
c.emittedEvents[name] = append(c.emittedEvents[name], params)
|
||||
}
|
||||
|
||||
func (c *codegen) processContractCall(f *funcScope, args []ast.Expr) {
|
||||
// For stdlib calls it is `interop.Hash160(constHash)`
|
||||
// so we can determine hash at compile-time.
|
||||
ce, ok := args[0].(*ast.CallExpr)
|
||||
if !ok || len(ce.Args) != 1 {
|
||||
return
|
||||
}
|
||||
|
||||
// Ensure this is a type conversion, not a simple invoke.
|
||||
se, ok := ce.Fun.(*ast.SelectorExpr)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
name, _ := c.getFuncNameFromSelector(se)
|
||||
if _, ok := c.funcs[name]; ok {
|
||||
return
|
||||
}
|
||||
|
||||
value := c.typeAndValueOf(ce.Args[0]).Value
|
||||
if value == nil {
|
||||
return
|
||||
}
|
||||
|
||||
s := constant.StringVal(value)
|
||||
var u util.Uint160
|
||||
copy(u[:], s) // constant must be big-endian
|
||||
|
||||
value = c.typeAndValueOf(args[1]).Value
|
||||
if value == nil {
|
||||
return
|
||||
}
|
||||
|
||||
method := constant.StringVal(value)
|
||||
currLst := c.invokedContracts[u]
|
||||
for _, m := range currLst {
|
||||
if m == method {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
value = c.typeAndValueOf(args[2]).Value
|
||||
if value == nil {
|
||||
return
|
||||
}
|
||||
|
||||
flag, _ := constant.Uint64Val(value)
|
||||
if flag&uint64(callflag.WriteStates|callflag.AllowNotify) != 0 {
|
||||
c.invokedContracts[u] = append(currLst, method)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
13
pkg/compiler/testdata/runh/hash.go
vendored
Normal file
13
pkg/compiler/testdata/runh/hash.go
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
package runh
|
||||
|
||||
import "github.com/nspcc-dev/neo-go/pkg/interop"
|
||||
|
||||
// RuntimeHash possibly returns some hash at runtime.
|
||||
func RuntimeHash() interop.Hash160 {
|
||||
return nil
|
||||
}
|
||||
|
||||
// RuntimeHashArgs possibly returns some hash at runtime.
|
||||
func RuntimeHashArgs(s string) interop.Hash160 {
|
||||
return nil
|
||||
}
|
Loading…
Reference in a new issue