Commit graph

5874 commits

Author SHA1 Message Date
Roman Khimov
9d5b8d606a server: quote method in logs, fix CodeQL warnings
CWE-117:
  Log entries created from user input

  If unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.
2022-03-22 16:05:06 +03:00
Roman Khimov
0a338ea94b rpc/server: register ws calls in Prometheus
They were completely missing.
2022-03-21 23:18:00 +03:00
Roman Khimov
13999252c6
Merge pull request #2403 from nspcc-dev/extend-publish
github: add ability to manually trigger publishing workflow with `latest` tag
2022-03-21 18:41:43 +03:00
Roman Khimov
7b7c2a2fbd
Merge pull request #2402 from nspcc-dev/revert-revert
Revert callflags revert
2022-03-21 18:38:00 +03:00
AnnaShaleva
f2b160444e github: add ability to manually trigger publishing workflow with latest tag
In case if something goes wrong during release version publishing.
2022-03-21 18:31:38 +03:00
Roman Khimov
0da34967f6 examples: update go.sum/go.mod in nft-nd-nns 2022-03-21 18:22:48 +03:00
Roman Khimov
3b639f518e *: update go.* for the previous change 2022-03-21 17:44:33 +03:00
Roman Khimov
d5a9af5860 Revert "Revert "interop: use All flags for management deploy and update calls""
This reverts commit 526c423a61, heading to 3.2.0.
2022-03-21 17:41:37 +03:00
Roman Khimov
694152098f
Merge pull request #2401 from nspcc-dev/fix-workflows
github: adjust Docker image publishing workflows
2022-03-21 16:51:29 +03:00
AnnaShaleva
d416ae336f github: adjust Docker image publishing workflows 2022-03-21 16:39:27 +03:00
Roman Khimov
abb19014e1 CHANGELOG: mention Windows! 2022-03-21 16:20:19 +03:00
Roman Khimov
66f5ae8fd9 CHANGELOG: release 0.98.2 2022-03-21 16:07:28 +03:00
Roman Khimov
3e3402e3ea
Merge pull request #2400 from nspcc-dev/revert-callflags
Revert callflags change
2022-03-21 15:25:01 +03:00
Roman Khimov
e312e2640b examples: bump neo-go version for nft-nd-nns 2022-03-21 15:09:57 +03:00
Roman Khimov
25d72db8b0 *: update go.sum/go.mod wrt previous change 2022-03-21 14:39:05 +03:00
Roman Khimov
526c423a61 Revert "interop: use All flags for management deploy and update calls"
This reverts commit 37ca96c20b and a part of
7945097543, we need 0.98.2 release to be
3.1.0-compatible and this one breaks the testnet.
2022-03-21 14:32:11 +03:00
Roman Khimov
ad1dd3ebb7
Merge pull request #2399 from nspcc-dev/fuzz-tests
vm: add some Fuzz tests
2022-03-21 12:00:55 +03:00
Evgeniy Stratonikov
3f65473f64 vm: add some Fuzz tests
Both `IsScriptCorrect` and `VM.Run` should never panic.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-18 16:13:39 +03:00
Roman Khimov
906d99571b
Merge pull request #2369 from nspcc-dev/goshechka
*: go 1.18 support 🎉😍🎊🍰🥂
2022-03-18 15:07:20 +03:00
AnnaShaleva
f6ac8daae6 examples: update neo-go dependency of nft-nd-nns 2022-03-18 13:46:47 +03:00
AnnaShaleva
7a8dc11791 examples: update dependencies version 2022-03-18 13:44:33 +03:00
Roman Khimov
4869049965
Merge pull request #2398 from nspcc-dev/trim-micro
block/dao: simplify trimming, avoid allocations
2022-03-18 12:39:53 +03:00
AnnaShaleva
d2bc4473ce circleci: upgrade golangci linter version
The old one isn't able to properly work with go > 1.15. However, the updated
version doesn't work with go 1.18, see https://github.com/golangci/golangci-lint/issues/2649.
So let's keep go1_17 runner with the latest golangci by now.
2022-03-18 11:09:30 +03:00
Anna Shaleva
e8d15b1b7e workflows: upgrade supported go version 2022-03-18 11:09:30 +03:00
AnnaShaleva
f50815d9b9 circleci: migrate from unsupported base images to the recommended ones
See also https://github.com/CircleCI-Public/cimg-go/issues/158#issuecomment-1060586504 solution.
2022-03-18 11:09:30 +03:00
Anna Shaleva
a137552b16 gomod: upgrade minimum required go version up to 1.16 2022-03-18 11:09:23 +03:00
Roman Khimov
5616585697 block/dao: simplify trimming, avoid allocations
The only user of (*Block).Trim() is in DAO and it already has a nice buffer
usually, so creating another one makes no sense. It also simplifies error
handling a lot.
2022-03-18 10:49:25 +03:00
Roman Khimov
c2845852ae
Merge pull request #2397 from nspcc-dev/is-script-correct-panic
vm: avoid panic in `IsScriptCorrect`
2022-03-18 10:08:39 +03:00
Evgeniy Stratonikov
ef28308dbf vm: avoid panic in IsScriptCorrect
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-17 20:12:50 +03:00
AnnaShaleva
a4d402da86 compiler: revert a part of ad65d1fa1f
Close #2335.
2022-03-17 19:39:18 +03:00
Anna Shaleva
753d604784 network: use net.ErrClosed to check network connection was closed
Close #1765.
2022-03-17 19:39:18 +03:00
Anna Shaleva
2096ad6e81 *: remove io/ioutil uses
Close #1764.
2022-03-17 19:39:18 +03:00
Roman Khimov
df3eb76aa2
Merge pull request #2396 from nspcc-dev/fuzz-script-panic
Return error on negative instruction pointer in `Context.Next`
2022-03-17 19:13:20 +03:00
Evgeniy Stratonikov
492c91b4c5 vm: disallow negative offset in (*Context).Next()
Currently the only known reason this can happen is processing
ENDFINALLY opcode before the corresponding ENDTRY.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-17 18:52:48 +03:00
Roman Khimov
5cbf28a104
Merge pull request #2372 from nspcc-dev/jsonpath-oom
jsonpath: restrict amount of intermediate objects
2022-03-17 12:34:49 +03:00
Roman Khimov
f056c9aea8
Merge pull request #2394 from nspcc-dev/fix-modules
Fix `pkg/interop` commits in `go.mod`
2022-03-16 10:10:56 +03:00
Evgeniy Stratonikov
4960766019 go.mod: update pkg/interop dependency
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-15 17:15:40 +03:00
Evgeniy Stratonikov
44de29bcf0 scripts: add script for updating pkg/interop dependencies
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-15 17:15:40 +03:00
Evgeniy Stratonikov
dfedae3f84 examples/nft-nd-nns: update tests dependency
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-15 17:15:40 +03:00
Evgeniy Stratonikov
6787db8a62 .github: extend interop deps check
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-15 17:15:40 +03:00
Roman Khimov
5379ef75bb
Merge pull request #2391 from nspcc-dev/fix-reverse
vm: fix integer conversions
2022-03-10 12:27:10 +03:00
Evgeniy Stratonikov
32f4404954 vm: allow HASKEY on byte-arrays
Current neo-vm master has them https://github.com/neo-project/neo-vm/blob/master/src/neo-vm/ExecutionEngine.cs#L1157
Were silently added in
029466fa9d .

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-10 10:34:13 +03:00
Evgeniy Stratonikov
39866b8512 vm: fix integer conversions
As can be seen in https://dotnetfiddle.net/s7eg21 (int) conversions
result in an exception in C# code.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-10 10:21:34 +03:00
Roman Khimov
623fdee97c
Merge pull request #2390 from nspcc-dev/support-windows
Revert "Makefile: add `unsupported` to docker windows image tag and b…
2022-03-09 18:57:24 +03:00
Roman Khimov
8a94cf7acb Revert "Makefile: add unsupported to docker windows image tag and bin version"
This reverts commit 6d28e7534c. It's no longer
relevant after #2353 and #2365.
2022-03-09 17:13:09 +03:00
Roman Khimov
036111d95c
Merge pull request #2386 from nspcc-dev/json-types-limit
stackitem: limit JSON size in `ToJSONWithTypes`
2022-03-09 11:22:44 +03:00
Evgeniy Stratonikov
a8d2df874f stackitem: limit JSON size in ToJSONWithTypes
Also do not limit depth. It was introduced in e34fa2e915 as a simple
solution to OOM problem. In this commit we do exactly the refactoring
described there. Maximum size is the same as stack item size and
can be changed if needed withouth significat refactoring.
`1 MiB` seems sufficient, though.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-09 10:29:23 +03:00
Roman Khimov
6ece74a7c7
Merge pull request #2383 from nspcc-dev/oracle-redirection
services: check Oracle response redirections
2022-03-04 22:19:22 +03:00
Anna Shaleva
5ace840cc7 services: improve Oracle redirection check
Move IP check to later stage and do not resolve URI manually.
2022-03-04 19:27:52 +03:00
Roman Khimov
96cd415384
Merge pull request #2382 from nspcc-dev/compiler-optimize
compiler: optimize tests
2022-03-04 18:55:40 +03:00