forked from TrueCloudLab/neoneo-go
neorpc: restrict maximum subitems number in SignerWithWitness
Restrict the number of Rules, Contracts and Groups. A part of #3131. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
This commit is contained in:
parent
2f6ba1fded
commit
22c654b200
2 changed files with 61 additions and 0 deletions
|
@ -115,6 +115,15 @@ func (s *SignerWithWitness) UnmarshalJSON(data []byte) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("not a signer: %w", err)
|
||||
}
|
||||
if len(aux.AllowedContracts) > transaction.MaxAttributes {
|
||||
return fmt.Errorf("invalid number of AllowedContracts: got %d, allowed %d at max", len(aux.AllowedContracts), transaction.MaxAttributes)
|
||||
}
|
||||
if len(aux.AllowedGroups) > transaction.MaxAttributes {
|
||||
return fmt.Errorf("invalid number of AllowedGroups: got %d, allowed %d at max", len(aux.AllowedGroups), transaction.MaxAttributes)
|
||||
}
|
||||
if len(aux.Rules) > transaction.MaxAttributes {
|
||||
return fmt.Errorf("invalid number of Rules: got %d, allowed %d at max", len(aux.Rules), transaction.MaxAttributes)
|
||||
}
|
||||
acc, err := util.Uint160DecodeStringLE(strings.TrimPrefix(aux.Account, "0x"))
|
||||
if err != nil {
|
||||
acc, err = address.StringToUint160(aux.Account)
|
||||
|
|
|
@ -2,10 +2,12 @@ package neorpc
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/nspcc-dev/neo-go/internal/testserdes"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/transaction"
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
@ -37,4 +39,54 @@ func TestSignerWithWitnessMarshalUnmarshalJSON(t *testing.T) {
|
|||
actual, err := json.Marshal(s)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, expected, string(actual))
|
||||
|
||||
t.Run("subitems overflow", func(t *testing.T) {
|
||||
checkSubitems := func(t *testing.T, bad any) {
|
||||
data, err := json.Marshal(bad)
|
||||
require.NoError(t, err)
|
||||
err = json.Unmarshal(data, &SignerWithWitness{})
|
||||
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), fmt.Sprintf("got %d, allowed %d at max", transaction.MaxAttributes+1, transaction.MaxAttributes))
|
||||
}
|
||||
|
||||
t.Run("groups", func(t *testing.T) {
|
||||
pk, err := keys.NewPrivateKey()
|
||||
require.NoError(t, err)
|
||||
bad := &SignerWithWitness{
|
||||
Signer: transaction.Signer{
|
||||
AllowedGroups: make([]*keys.PublicKey, transaction.MaxAttributes+1),
|
||||
},
|
||||
}
|
||||
for i := range bad.AllowedGroups {
|
||||
bad.AllowedGroups[i] = pk.PublicKey()
|
||||
}
|
||||
|
||||
checkSubitems(t, bad)
|
||||
})
|
||||
t.Run("contracts", func(t *testing.T) {
|
||||
bad := &SignerWithWitness{
|
||||
Signer: transaction.Signer{
|
||||
AllowedContracts: make([]util.Uint160, transaction.MaxAttributes+1),
|
||||
},
|
||||
}
|
||||
|
||||
checkSubitems(t, bad)
|
||||
})
|
||||
t.Run("rules", func(t *testing.T) {
|
||||
bad := &SignerWithWitness{
|
||||
Signer: transaction.Signer{
|
||||
Rules: make([]transaction.WitnessRule, transaction.MaxAttributes+1),
|
||||
},
|
||||
}
|
||||
for i := range bad.Rules {
|
||||
bad.Rules[i] = transaction.WitnessRule{
|
||||
Action: transaction.WitnessAllow,
|
||||
Condition: &transaction.ConditionScriptHash{},
|
||||
}
|
||||
}
|
||||
|
||||
checkSubitems(t, bad)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue