rpc/server: limit the maximum number of elements for get*transfers

This commit is contained in:
Roman Khimov 2020-09-14 17:48:17 +03:00
parent 970de84130
commit 6b7ca0ce3f
2 changed files with 13 additions and 0 deletions

View file

@ -77,6 +77,9 @@ const (
// treated like subscriber, so technically it's a limit on websocket // treated like subscriber, so technically it's a limit on websocket
// connections. // connections.
maxSubscribers = 64 maxSubscribers = 64
// Maximum number of elements for get*transfers requests.
maxTransfersLimit = 1000
) )
var rpcHandlers = map[string]func(*Server, request.Params) (interface{}, *response.Error){ var rpcHandlers = map[string]func(*Server, request.Params) (interface{}, *response.Error){
@ -548,6 +551,8 @@ func (s *Server) getNEP5Balances(ps request.Params) (interface{}, *response.Erro
func getTimestampsAndLimit(ps request.Params, index int) (uint64, uint64, int, int, error) { func getTimestampsAndLimit(ps request.Params, index int) (uint64, uint64, int, int, error) {
var start, end uint64 var start, end uint64
var limit, page int var limit, page int
limit = maxTransfersLimit
pStart, pEnd, pLimit, pPage := ps.Value(index), ps.Value(index+1), ps.Value(index+2), ps.Value(index+3) pStart, pEnd, pLimit, pPage := ps.Value(index), ps.Value(index+1), ps.Value(index+2), ps.Value(index+3)
if pPage != nil { if pPage != nil {
p, err := pPage.GetInt() p, err := pPage.GetInt()
@ -567,6 +572,9 @@ func getTimestampsAndLimit(ps request.Params, index int) (uint64, uint64, int, i
if l <= 0 { if l <= 0 {
return 0, 0, 0, 0, errors.New("can't use negative or zero limit") return 0, 0, 0, 0, errors.New("can't use negative or zero limit")
} }
if l > maxTransfersLimit {
return 0, 0, 0, 0, errors.New("too big limit requested")
}
limit = l limit = l
} }
if pEnd != nil { if pEnd != nil {

View file

@ -175,6 +175,11 @@ var rpcTestCases = map[string][]rpcTestCase{
params: `["` + testchain.PrivateKeyByID(0).Address() + `", "1", "2", "bleh"]`, params: `["` + testchain.PrivateKeyByID(0).Address() + `", "1", "2", "bleh"]`,
fail: true, fail: true,
}, },
{
name: "invalid limit 3",
params: `["` + testchain.PrivateKeyByID(0).Address() + `", "1", "2", "100500"]`,
fail: true,
},
{ {
name: "invalid page", name: "invalid page",
params: `["` + testchain.PrivateKeyByID(0).Address() + `", "1", "2", "3", "-1"]`, params: `["` + testchain.PrivateKeyByID(0).Address() + `", "1", "2", "3", "-1"]`,