diff --git a/pkg/services/oracle/filter.go b/pkg/services/oracle/filter.go index 560320e0c..87d762626 100644 --- a/pkg/services/oracle/filter.go +++ b/pkg/services/oracle/filter.go @@ -6,6 +6,8 @@ import ( "unicode/utf8" "github.com/PaesslerAG/jsonpath" + "github.com/nspcc-dev/neo-go/pkg/core/state" + "github.com/nspcc-dev/neo-go/pkg/core/transaction" ) func filter(value []byte, path string) ([]byte, error) { @@ -22,3 +24,14 @@ func filter(value []byte, path string) ([]byte, error) { } return json.Marshal([]interface{}{result}) } + +func filterRequest(result []byte, req *state.OracleRequest) (transaction.OracleResponseCode, []byte) { + if req.Filter != nil { + var err error + result, err = filter(result, *req.Filter) + if err != nil { + return transaction.Error, nil + } + } + return transaction.Success, result +} diff --git a/pkg/services/oracle/neofs/neofs.go b/pkg/services/oracle/neofs/neofs.go index 326853590..a767e5467 100644 --- a/pkg/services/oracle/neofs/neofs.go +++ b/pkg/services/oracle/neofs/neofs.go @@ -9,9 +9,11 @@ import ( "net/url" "strconv" "strings" + "unicode/utf8" "github.com/gogo/protobuf/jsonpb" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" + "github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neofs-api-go/pkg/client" "github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/object" @@ -104,7 +106,7 @@ func getPayload(ctx context.Context, c *client.Client, addr *object.Address) ([] if err != nil { return nil, err } - return obj.Payload(), nil + return checkUTF8(obj.Payload()) } func getRange(ctx context.Context, c *client.Client, addr *object.Address, ps ...string) ([]byte, error) { @@ -115,7 +117,11 @@ func getRange(ctx context.Context, c *client.Client, addr *object.Address, ps .. if err != nil { return nil, err } - return c.ObjectPayloadRangeData(ctx, new(client.RangeDataParams).WithAddress(addr).WithRange(r)) + data, err := c.ObjectPayloadRangeData(ctx, new(client.RangeDataParams).WithAddress(addr).WithRange(r)) + if err != nil { + return nil, err + } + return checkUTF8(data) } func getHeader(ctx context.Context, c *client.Client, addr *object.Address) ([]byte, error) { @@ -149,7 +155,7 @@ func getHash(ctx context.Context, c *client.Client, addr *object.Address, ps ... if len(hashes) == 0 { return nil, fmt.Errorf("%w: empty response", ErrInvalidRange) } - return hashes[0][:], nil + return util.Uint256(hashes[0]).MarshalJSON() } func parseRange(s string) (*object.Range, error) { @@ -171,3 +177,10 @@ func parseRange(s string) (*object.Range, error) { r.SetLength(length) return r, nil } + +func checkUTF8(v []byte) ([]byte, error) { + if !utf8.Valid(v) { + return nil, errors.New("invalid UTF-8") + } + return v, nil +} diff --git a/pkg/services/oracle/neofs/neofs_test.go b/pkg/services/oracle/neofs/neofs_test.go index 7685bec27..8f13cead5 100644 --- a/pkg/services/oracle/neofs/neofs_test.go +++ b/pkg/services/oracle/neofs/neofs_test.go @@ -81,3 +81,13 @@ func TestParseNeoFSURL(t *testing.T) { } } + +func Test_checkUTF8(t *testing.T) { + _, err := checkUTF8([]byte{0xFF}) + require.Error(t, err) + + a := []byte{1, 2, 3} + b, err := checkUTF8(a) + require.NoError(t, err) + require.Equal(t, a, b) +} diff --git a/pkg/services/oracle/request.go b/pkg/services/oracle/request.go index 323423a1c..11546b338 100644 --- a/pkg/services/oracle/request.go +++ b/pkg/services/oracle/request.go @@ -117,16 +117,7 @@ func (o *Oracle) processRequest(priv *keys.PrivateKey, req request) error { } break } - if req.Req.Filter != nil { - res, err := filter(result, *req.Req.Filter) - if err != nil { - resp.Code = transaction.Error - break - } - result = res - } - resp.Code = transaction.Success - resp.Result = result + resp.Code, resp.Result = filterRequest(result, req.Req) case r.StatusCode == http.StatusForbidden: resp.Code = transaction.Forbidden case r.StatusCode == http.StatusNotFound: @@ -144,8 +135,7 @@ func (o *Oracle) processRequest(priv *keys.PrivateKey, req request) error { if err != nil { resp.Code = transaction.Error } else { - resp.Code = transaction.Success - resp.Result = res + resp.Code, resp.Result = filterRequest(res, req.Req) } }