Commit graph

4072 commits

Author SHA1 Message Date
Roman Khimov
9d5b8d606a server: quote method in logs, fix CodeQL warnings
CWE-117:
  Log entries created from user input

  If unsanitized user input is written to a log entry, a malicious user may be able to forge new log entries.
2022-03-22 16:05:06 +03:00
Roman Khimov
0a338ea94b rpc/server: register ws calls in Prometheus
They were completely missing.
2022-03-21 23:18:00 +03:00
Roman Khimov
d5a9af5860 Revert "Revert "interop: use All flags for management deploy and update calls""
This reverts commit 526c423a61, heading to 3.2.0.
2022-03-21 17:41:37 +03:00
Roman Khimov
526c423a61 Revert "interop: use All flags for management deploy and update calls"
This reverts commit 37ca96c20b and a part of
7945097543, we need 0.98.2 release to be
3.1.0-compatible and this one breaks the testnet.
2022-03-21 14:32:11 +03:00
Roman Khimov
ad1dd3ebb7
Merge pull request #2399 from nspcc-dev/fuzz-tests
vm: add some Fuzz tests
2022-03-21 12:00:55 +03:00
Evgeniy Stratonikov
3f65473f64 vm: add some Fuzz tests
Both `IsScriptCorrect` and `VM.Run` should never panic.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-18 16:13:39 +03:00
Roman Khimov
906d99571b
Merge pull request #2369 from nspcc-dev/goshechka
*: go 1.18 support 🎉😍🎊🍰🥂
2022-03-18 15:07:20 +03:00
Roman Khimov
4869049965
Merge pull request #2398 from nspcc-dev/trim-micro
block/dao: simplify trimming, avoid allocations
2022-03-18 12:39:53 +03:00
Roman Khimov
5616585697 block/dao: simplify trimming, avoid allocations
The only user of (*Block).Trim() is in DAO and it already has a nice buffer
usually, so creating another one makes no sense. It also simplifies error
handling a lot.
2022-03-18 10:49:25 +03:00
Roman Khimov
c2845852ae
Merge pull request #2397 from nspcc-dev/is-script-correct-panic
vm: avoid panic in `IsScriptCorrect`
2022-03-18 10:08:39 +03:00
Evgeniy Stratonikov
ef28308dbf vm: avoid panic in IsScriptCorrect
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-17 20:12:50 +03:00
AnnaShaleva
a4d402da86 compiler: revert a part of ad65d1fa1f
Close #2335.
2022-03-17 19:39:18 +03:00
Anna Shaleva
753d604784 network: use net.ErrClosed to check network connection was closed
Close #1765.
2022-03-17 19:39:18 +03:00
Anna Shaleva
2096ad6e81 *: remove io/ioutil uses
Close #1764.
2022-03-17 19:39:18 +03:00
Roman Khimov
df3eb76aa2
Merge pull request #2396 from nspcc-dev/fuzz-script-panic
Return error on negative instruction pointer in `Context.Next`
2022-03-17 19:13:20 +03:00
Evgeniy Stratonikov
492c91b4c5 vm: disallow negative offset in (*Context).Next()
Currently the only known reason this can happen is processing
ENDFINALLY opcode before the corresponding ENDTRY.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-17 18:52:48 +03:00
Roman Khimov
5cbf28a104
Merge pull request #2372 from nspcc-dev/jsonpath-oom
jsonpath: restrict amount of intermediate objects
2022-03-17 12:34:49 +03:00
Roman Khimov
5379ef75bb
Merge pull request #2391 from nspcc-dev/fix-reverse
vm: fix integer conversions
2022-03-10 12:27:10 +03:00
Evgeniy Stratonikov
32f4404954 vm: allow HASKEY on byte-arrays
Current neo-vm master has them https://github.com/neo-project/neo-vm/blob/master/src/neo-vm/ExecutionEngine.cs#L1157
Were silently added in
029466fa9d .

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-10 10:34:13 +03:00
Evgeniy Stratonikov
39866b8512 vm: fix integer conversions
As can be seen in https://dotnetfiddle.net/s7eg21 (int) conversions
result in an exception in C# code.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-10 10:21:34 +03:00
Evgeniy Stratonikov
a8d2df874f stackitem: limit JSON size in ToJSONWithTypes
Also do not limit depth. It was introduced in e34fa2e915 as a simple
solution to OOM problem. In this commit we do exactly the refactoring
described there. Maximum size is the same as stack item size and
can be changed if needed withouth significat refactoring.
`1 MiB` seems sufficient, though.

Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-09 10:29:23 +03:00
Roman Khimov
6ece74a7c7
Merge pull request #2383 from nspcc-dev/oracle-redirection
services: check Oracle response redirections
2022-03-04 22:19:22 +03:00
Anna Shaleva
5ace840cc7 services: improve Oracle redirection check
Move IP check to later stage and do not resolve URI manually.
2022-03-04 19:27:52 +03:00
Roman Khimov
96cd415384
Merge pull request #2382 from nspcc-dev/compiler-optimize
compiler: optimize tests
2022-03-04 18:55:40 +03:00
Evgeniy Stratonikov
0e86073a77 compiler: group small tests in a single file
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-03-04 17:55:33 +03:00
AnnaShaleva
537de18ac3 services: check Oracle response redirections
1. Move redirections check to the tcp level. Manually resolve request address
and create connection for the first suitable resolved address.
2. Remove URIValidator. Redirections checks are set in the custom http client,
so the user should take care of validation by himself when customizing the
client.
2022-03-04 13:10:22 +03:00
AnnaShaleva
3d5b1d8d17 rpc: add Rules signer scope to request parameters 2022-03-03 12:18:19 +03:00
Roman Khimov
ff60571869
Merge pull request #2378 from nspcc-dev/notary-adjustments
*: several Notary subsystem adjustments, part 1
2022-03-02 11:58:36 +03:00
AnnaShaleva
3996b3abb7 interop: extend native Notary interop API 2022-03-01 19:08:22 +03:00
AnnaShaleva
49e228ddf8 rpc: fix Client's GetOraclePrice 2022-03-01 19:08:22 +03:00
AnnaShaleva
92282c70cb *: support customisable NotaryServiceFeePerKey value
* Add corresponding methods to Notary contract.
* Extend RPC Client API.
* Adjust tests.
2022-03-01 19:08:16 +03:00
Roman Khimov
473d11d24e
Merge pull request #2370 from nspcc-dev/nonzero-blockchain-start
core: add tests for non-zero blockchain start
2022-03-01 16:39:17 +03:00
Anna Shaleva
49c995ec06 core: add tests for blockchain initialisation
Close #1577.
2022-02-28 19:00:43 +03:00
AnnaShaleva
8e3f2417f4 core: add check for native activations history
It should be consistent with storage states.
2022-02-28 18:49:18 +03:00
Anna Shaleva
032d9749c2 core: improve blockchain error messages 2022-02-28 18:49:18 +03:00
Anna Shaleva
a57c3f4842 core: fix InitWithIncompleteStateJump test 2022-02-28 18:49:18 +03:00
Anna Shaleva
9adcefc2ef core: gracefully wrap Seek error if failed to retrieve header hases 2022-02-28 18:49:18 +03:00
Anna Shaleva
8d6aa1782d core: fix StateRootInHeader error message for (*Blockchain).init() 2022-02-28 18:49:18 +03:00
Anna Shaleva
ad0c53c067 core: unify the format of error messages for (*Blockchain).init() 2022-02-28 18:49:12 +03:00
Evgeniy Stratonikov
a2cef15932 compiler: emit bindings configuration
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-02-28 15:36:14 +03:00
Evgeniy Stratonikov
422a80f483 jsonpath: restrict amount of intermediate objects
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
2022-02-28 13:18:34 +03:00
Anna Shaleva
21515e1835 core: refactor Level store creation for tests
We don't need to create the whole DB configuration structure.
2022-02-25 12:14:17 +03:00
Anna Shaleva
339bec1632 core: adjust TestDumpAndRestore test
`with state root` test should consider StateRootInHeader set to true.
2022-02-25 11:47:13 +03:00
Roman Khimov
870fd024c9
Merge pull request #2367 from nspcc-dev/rpc/thread-safe
rpc: take care of RPC clients
2022-02-24 20:11:15 +03:00
Anna Shaleva
1f255e756f rpc: add a note to RPC clients about thread-safeness 2022-02-24 19:01:21 +03:00
Anna Shaleva
2896c0a83a rpc: add test for concurrent WSClient access and request IDs generation 2022-02-24 19:01:21 +03:00
AnnaShaleva
0d8723527c rpc: refactor WSClient initialisation
Fix the following linter warning:
```
pkg/rpc/client/wsclient.go:99:18  govet  copylocks: literal copies lock value from *cl: github.com/nspcc-dev/neo-go/pkg/rpc/client.Client contains sync.RWMutex
```
2022-02-24 19:01:21 +03:00
AnnaShaleva
8991ee91cd rpc: make RPC WSClient thread-safe
Add ability to use unique request IDs for RPC requests.
2022-02-24 19:01:12 +03:00
Roman Khimov
b65ab011fe
Merge pull request #2349 from nspcc-dev/codegen-contract
cli/smartcontract: generate bindings to an existing contract
2022-02-24 15:51:33 +03:00
Anna Shaleva
0357d9f4f4 smartcontract: add hash check to paramcontext
Close #2344.
2022-02-24 10:21:08 +03:00