forked from TrueCloudLab/neoneo-go
core: allow to restrict creating callbacks from syscalls
Specify DisallowCallback flag if syscall is not allowed to be used in a callback. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov
parent
99b0397a61
commit
23a1430395
4 changed files with 53 additions and 32 deletions
|
|
@ -34,6 +34,9 @@ func CreateFromSyscall(ic *interop.Context, v *vm.VM) error {
|
||||||
if f == nil {
|
if f == nil {
|
||||||
return errors.New("syscall not found")
|
return errors.New("syscall not found")
|
||||||
}
|
}
|
||||||
|
if f.DisallowCallback {
|
||||||
|
return errors.New("syscall is not allowed to be used in a callback")
|
||||||
|
}
|
||||||
v.Estack().PushVal(stackitem.NewInterop(&SyscallCallback{f}))
|
v.Estack().PushVal(stackitem.NewInterop(&SyscallCallback{f}))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -65,6 +65,8 @@ type Function struct {
|
||||||
ID uint32
|
ID uint32
|
||||||
Name string
|
Name string
|
||||||
Func func(*Context, *vm.VM) error
|
Func func(*Context, *vm.VM) error
|
||||||
|
// DisallowCallback is true iff syscall can't be used in a callback.
|
||||||
|
DisallowCallback bool
|
||||||
// ParamCount is a number of function parameters.
|
// ParamCount is a number of function parameters.
|
||||||
ParamCount int
|
ParamCount int
|
||||||
Price int64
|
Price int64
|
||||||
|
|
|
||||||
|
|
@ -853,6 +853,11 @@ func TestSyscallCallback(t *testing.T) {
|
||||||
},
|
},
|
||||||
ParamCount: 2,
|
ParamCount: 2,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
ID: 0x53,
|
||||||
|
Func: func(_ *interop.Context, _ *vm.VM) error { return nil },
|
||||||
|
DisallowCallback: true,
|
||||||
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("Good", func(t *testing.T) {
|
t.Run("Good", func(t *testing.T) {
|
||||||
|
|
@ -875,5 +880,9 @@ func TestSyscallCallback(t *testing.T) {
|
||||||
v := loadScript([]byte{byte(opcode.RET)}, stackitem.NewArray(nil), 0x43)
|
v := loadScript([]byte{byte(opcode.RET)}, stackitem.NewArray(nil), 0x43)
|
||||||
require.Error(t, callback.CreateFromSyscall(ic, v))
|
require.Error(t, callback.CreateFromSyscall(ic, v))
|
||||||
})
|
})
|
||||||
|
t.Run("Disallowed", func(t *testing.T) {
|
||||||
|
v := loadScript([]byte{byte(opcode.RET)}, stackitem.NewArray(nil), 0x53)
|
||||||
|
require.Error(t, callback.CreateFromSyscall(ic, v))
|
||||||
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -47,31 +47,31 @@ var systemInterops = []interop.Function{
|
||||||
RequiredFlags: smartcontract.AllowStates, ParamCount: 2},
|
RequiredFlags: smartcontract.AllowStates, ParamCount: 2},
|
||||||
{Name: "System.Blockchain.GetTransactionHeight", Func: bcGetTransactionHeight, Price: 1000000,
|
{Name: "System.Blockchain.GetTransactionHeight", Func: bcGetTransactionHeight, Price: 1000000,
|
||||||
RequiredFlags: smartcontract.AllowStates, ParamCount: 1},
|
RequiredFlags: smartcontract.AllowStates, ParamCount: 1},
|
||||||
{Name: "System.Callback.Create", Func: callback.Create, Price: 400, ParamCount: 3},
|
{Name: "System.Callback.Create", Func: callback.Create, Price: 400, ParamCount: 3, DisallowCallback: true},
|
||||||
{Name: "System.Callback.CreateFromMethod", Func: callback.CreateFromMethod, Price: 1000000, ParamCount: 2},
|
{Name: "System.Callback.CreateFromMethod", Func: callback.CreateFromMethod, Price: 1000000, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Callback.CreateFromSyscall", Func: callback.CreateFromSyscall, Price: 400, ParamCount: 1},
|
{Name: "System.Callback.CreateFromSyscall", Func: callback.CreateFromSyscall, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Callback.Invoke", Func: callback.Invoke, Price: 1000000, ParamCount: 2},
|
{Name: "System.Callback.Invoke", Func: callback.Invoke, Price: 1000000, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Contract.Call", Func: contractCall, Price: 1000000,
|
{Name: "System.Contract.Call", Func: contractCall, Price: 1000000,
|
||||||
RequiredFlags: smartcontract.AllowCall, ParamCount: 3},
|
RequiredFlags: smartcontract.AllowCall, ParamCount: 3, DisallowCallback: true},
|
||||||
{Name: "System.Contract.CallEx", Func: contractCallEx, Price: 1000000,
|
{Name: "System.Contract.CallEx", Func: contractCallEx, Price: 1000000,
|
||||||
RequiredFlags: smartcontract.AllowCall, ParamCount: 4},
|
RequiredFlags: smartcontract.AllowCall, ParamCount: 4, DisallowCallback: true},
|
||||||
{Name: "System.Contract.Create", Func: contractCreate, Price: 0,
|
{Name: "System.Contract.Create", Func: contractCreate, Price: 0,
|
||||||
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2},
|
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000, ParamCount: 1},
|
{Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, RequiredFlags: smartcontract.AllowModifyStates},
|
{Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, RequiredFlags: smartcontract.AllowModifyStates, DisallowCallback: true},
|
||||||
{Name: "System.Contract.IsStandard", Func: contractIsStandard, Price: 30000, ParamCount: 1},
|
{Name: "System.Contract.IsStandard", Func: contractIsStandard, Price: 30000, ParamCount: 1},
|
||||||
{Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000},
|
{Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000, DisallowCallback: true},
|
||||||
{Name: "System.Contract.Update", Func: contractUpdate, Price: 0,
|
{Name: "System.Contract.Update", Func: contractUpdate, Price: 0,
|
||||||
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2},
|
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400, ParamCount: 2},
|
{Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400, ParamCount: 1},
|
{Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000, ParamCount: 1},
|
{Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Enumerator.Value", Func: enumerator.Value, Price: 400, ParamCount: 1},
|
{Name: "System.Enumerator.Value", Func: enumerator.Value, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Iterator.Concat", Func: iterator.Concat, Price: 400, ParamCount: 2},
|
{Name: "System.Iterator.Concat", Func: iterator.Concat, Price: 400, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Iterator.Create", Func: iterator.Create, Price: 400, ParamCount: 1},
|
{Name: "System.Iterator.Create", Func: iterator.Create, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Iterator.Key", Func: iterator.Key, Price: 400, ParamCount: 1},
|
{Name: "System.Iterator.Key", Func: iterator.Key, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Iterator.Keys", Func: iterator.Keys, Price: 400, ParamCount: 1},
|
{Name: "System.Iterator.Keys", Func: iterator.Keys, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Iterator.Values", Func: iterator.Values, Price: 400, ParamCount: 1},
|
{Name: "System.Iterator.Values", Func: iterator.Values, Price: 400, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "System.Json.Deserialize", Func: json.Deserialize, Price: 500000, ParamCount: 1},
|
{Name: "System.Json.Deserialize", Func: json.Deserialize, Price: 500000, ParamCount: 1},
|
||||||
{Name: "System.Json.Serialize", Func: json.Serialize, Price: 100000, ParamCount: 1},
|
{Name: "System.Json.Serialize", Func: json.Serialize, Price: 100000, ParamCount: 1},
|
||||||
{Name: "System.Runtime.CheckWitness", Func: runtime.CheckWitness, Price: 30000,
|
{Name: "System.Runtime.CheckWitness", Func: runtime.CheckWitness, Price: 30000,
|
||||||
|
|
@ -85,20 +85,27 @@ var systemInterops = []interop.Function{
|
||||||
{Name: "System.Runtime.GetScriptContainer", Func: engineGetScriptContainer, Price: 250},
|
{Name: "System.Runtime.GetScriptContainer", Func: engineGetScriptContainer, Price: 250},
|
||||||
{Name: "System.Runtime.GetTime", Func: runtimeGetTime, Price: 250, RequiredFlags: smartcontract.AllowStates},
|
{Name: "System.Runtime.GetTime", Func: runtimeGetTime, Price: 250, RequiredFlags: smartcontract.AllowStates},
|
||||||
{Name: "System.Runtime.GetTrigger", Func: runtimeGetTrigger, Price: 250},
|
{Name: "System.Runtime.GetTrigger", Func: runtimeGetTrigger, Price: 250},
|
||||||
{Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, ParamCount: 1},
|
{Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify,
|
||||||
{Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, ParamCount: 2},
|
ParamCount: 1, DisallowCallback: true},
|
||||||
|
{Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify,
|
||||||
|
ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Runtime.Platform", Func: runtimePlatform, Price: 250},
|
{Name: "System.Runtime.Platform", Func: runtimePlatform, Price: 250},
|
||||||
{Name: "System.Storage.Delete", Func: storageDelete, Price: StoragePrice,
|
{Name: "System.Storage.Delete", Func: storageDelete, Price: StoragePrice,
|
||||||
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2},
|
RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Storage.Find", Func: storageFind, Price: 1000000, RequiredFlags: smartcontract.AllowStates, ParamCount: 2},
|
{Name: "System.Storage.Find", Func: storageFind, Price: 1000000, RequiredFlags: smartcontract.AllowStates,
|
||||||
{Name: "System.Storage.Get", Func: storageGet, Price: 1000000, RequiredFlags: smartcontract.AllowStates, ParamCount: 2},
|
ParamCount: 2, DisallowCallback: true},
|
||||||
{Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400, RequiredFlags: smartcontract.AllowStates},
|
{Name: "System.Storage.Get", Func: storageGet, Price: 1000000, RequiredFlags: smartcontract.AllowStates,
|
||||||
{Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400, RequiredFlags: smartcontract.AllowStates},
|
ParamCount: 2, DisallowCallback: true},
|
||||||
|
{Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400,
|
||||||
|
RequiredFlags: smartcontract.AllowStates, DisallowCallback: true},
|
||||||
|
{Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400,
|
||||||
|
RequiredFlags: smartcontract.AllowStates, DisallowCallback: true},
|
||||||
{Name: "System.Storage.Put", Func: storagePut, Price: 0, RequiredFlags: smartcontract.AllowModifyStates,
|
{Name: "System.Storage.Put", Func: storagePut, Price: 0, RequiredFlags: smartcontract.AllowModifyStates,
|
||||||
ParamCount: 3}, // These don't have static price in C# code.
|
ParamCount: 3, DisallowCallback: true}, // These don't have static price in C# code.
|
||||||
{Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 4},
|
{Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0, RequiredFlags: smartcontract.AllowModifyStates,
|
||||||
|
ParamCount: 4, DisallowCallback: true},
|
||||||
{Name: "System.Storage.AsReadOnly", Func: storageContextAsReadOnly, Price: 400,
|
{Name: "System.Storage.AsReadOnly", Func: storageContextAsReadOnly, Price: 400,
|
||||||
RequiredFlags: smartcontract.AllowStates, ParamCount: 1},
|
RequiredFlags: smartcontract.AllowStates, ParamCount: 1, DisallowCallback: true},
|
||||||
}
|
}
|
||||||
|
|
||||||
var neoInterops = []interop.Function{
|
var neoInterops = []interop.Function{
|
||||||
|
|
@ -110,8 +117,8 @@ var neoInterops = []interop.Function{
|
||||||
{Name: "Neo.Crypto.CheckMultisigWithECDsaSecp256k1", Func: crypto.ECDSASecp256k1CheckMultisig, Price: 0, ParamCount: 3},
|
{Name: "Neo.Crypto.CheckMultisigWithECDsaSecp256k1", Func: crypto.ECDSASecp256k1CheckMultisig, Price: 0, ParamCount: 3},
|
||||||
{Name: "Neo.Crypto.SHA256", Func: crypto.Sha256, Price: 1000000, ParamCount: 1},
|
{Name: "Neo.Crypto.SHA256", Func: crypto.Sha256, Price: 1000000, ParamCount: 1},
|
||||||
{Name: "Neo.Crypto.RIPEMD160", Func: crypto.RipeMD160, Price: 1000000, ParamCount: 1},
|
{Name: "Neo.Crypto.RIPEMD160", Func: crypto.RipeMD160, Price: 1000000, ParamCount: 1},
|
||||||
{Name: "Neo.Native.Call", Func: native.Call, Price: 0, ParamCount: 1},
|
{Name: "Neo.Native.Call", Func: native.Call, Price: 0, ParamCount: 1, DisallowCallback: true},
|
||||||
{Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, RequiredFlags: smartcontract.AllowModifyStates},
|
{Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, DisallowCallback: true},
|
||||||
}
|
}
|
||||||
|
|
||||||
// initIDinInteropsSlice initializes IDs from names in one given
|
// initIDinInteropsSlice initializes IDs from names in one given
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue