From 4283e1003f7120e4555cf481d5b0467b573aa116 Mon Sep 17 00:00:00 2001 From: Evgeniy Stratonikov Date: Wed, 30 Jun 2021 10:50:26 +0300 Subject: [PATCH 1/2] manifest: fix wildcard permission handling Wildcard contract can coexist with restricted set of methods. Signed-off-by: Evgeniy Stratonikov --- pkg/smartcontract/manifest/manifest_test.go | 11 ++++++++++- pkg/smartcontract/manifest/permission.go | 1 - 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/smartcontract/manifest/manifest_test.go b/pkg/smartcontract/manifest/manifest_test.go index 1af90a05f..b30e0aff2 100644 --- a/pkg/smartcontract/manifest/manifest_test.go +++ b/pkg/smartcontract/manifest/manifest_test.go @@ -5,6 +5,7 @@ import ( "math/big" "testing" + "github.com/nspcc-dev/neo-go/internal/random" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/util" @@ -69,8 +70,16 @@ func TestPermission_IsAllowed(t *testing.T) { manifest := DefaultManifest("Test") t.Run("wildcard", func(t *testing.T) { + h := random.Uint160() + perm := NewPermission(PermissionWildcard) - require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA")) + require.True(t, perm.IsAllowed(h, manifest, "AAA")) + + perm.Methods.Restrict() + require.False(t, perm.IsAllowed(h, manifest, "AAA")) + + perm.Methods.Add("AAA") + require.True(t, perm.IsAllowed(h, manifest, "AAA")) }) t.Run("hash", func(t *testing.T) { diff --git a/pkg/smartcontract/manifest/permission.go b/pkg/smartcontract/manifest/permission.go index 2fa91cb69..cce3e0342 100644 --- a/pkg/smartcontract/manifest/permission.go +++ b/pkg/smartcontract/manifest/permission.go @@ -162,7 +162,6 @@ func (ps Permissions) AreValid() error { func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bool { switch p.Contract.Type { case PermissionWildcard: - return true case PermissionHash: if !p.Contract.Hash().Equals(hash) { return false From c9e6350915545d4fbefec6840bf551fddda6926a Mon Sep 17 00:00:00 2001 From: Evgeniy Stratonikov Date: Wed, 30 Jun 2021 10:55:14 +0300 Subject: [PATCH 2/2] manifest: fix group permission handling We need to have at least one matching group in the manifest. Signed-off-by: Evgeniy Stratonikov --- pkg/smartcontract/manifest/manifest_test.go | 9 ++++++--- pkg/smartcontract/manifest/permission.go | 9 +++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/pkg/smartcontract/manifest/manifest_test.go b/pkg/smartcontract/manifest/manifest_test.go index b30e0aff2..4ac0589b7 100644 --- a/pkg/smartcontract/manifest/manifest_test.go +++ b/pkg/smartcontract/manifest/manifest_test.go @@ -106,13 +106,16 @@ func TestPermission_IsAllowed(t *testing.T) { t.Run("group", func(t *testing.T) { perm := NewPermission(PermissionGroup, priv.PublicKey()) require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA")) - }) - t.Run("invalid group", func(t *testing.T) { priv2, err := keys.NewPrivateKey() require.NoError(t, err) - perm := NewPermission(PermissionGroup, priv2.PublicKey()) + + perm = NewPermission(PermissionGroup, priv2.PublicKey()) require.False(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA")) + + manifest.Groups = append(manifest.Groups, Group{PublicKey: priv2.PublicKey()}) + perm = NewPermission(PermissionGroup, priv2.PublicKey()) + require.True(t, perm.IsAllowed(util.Uint160{}, manifest, "AAA")) }) } diff --git a/pkg/smartcontract/manifest/permission.go b/pkg/smartcontract/manifest/permission.go index cce3e0342..bbbb7d084 100644 --- a/pkg/smartcontract/manifest/permission.go +++ b/pkg/smartcontract/manifest/permission.go @@ -167,12 +167,17 @@ func (p *Permission) IsAllowed(hash util.Uint160, m *Manifest, method string) bo return false } case PermissionGroup: + has := false g := p.Contract.Group() for i := range m.Groups { - if !g.Equal(m.Groups[i].PublicKey) { - return false + if g.Equal(m.Groups[i].PublicKey) { + has = true + break } } + if !has { + return false + } default: panic(fmt.Sprintf("unexpected permission: %d", p.Contract.Type)) }