Sanitize claimtrie RPC commands.
This commit is contained in:
parent
30c65694b9
commit
e381336281
2 changed files with 38 additions and 8 deletions
|
@ -7,6 +7,22 @@
|
||||||
// Maximum block decrement that is allowed from rpc calls
|
// Maximum block decrement that is allowed from rpc calls
|
||||||
const int MAX_RPC_BLOCK_DECREMENTS = 50;
|
const int MAX_RPC_BLOCK_DECREMENTS = 50;
|
||||||
|
|
||||||
|
uint160 ParseClaimtrieId(const UniValue& v, std::string strName)
|
||||||
|
{
|
||||||
|
std::string strHex;
|
||||||
|
if (v.isStr())
|
||||||
|
strHex = v.get_str();
|
||||||
|
if (!IsHex(strHex)) // Note: IsHex("") is false
|
||||||
|
throw JSONRPCError(RPC_INVALID_PARAMETER, strName + " must be a 20-character hexadecimal string (not '" + strHex + "')");
|
||||||
|
if (40 != strHex.length())
|
||||||
|
throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("%s must be of length %d (not %d)", strName, 40, strHex.length()));
|
||||||
|
|
||||||
|
uint160 result;
|
||||||
|
result.SetHex(strHex);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
UniValue getclaimsintrie(const UniValue& params, bool fHelp)
|
UniValue getclaimsintrie(const UniValue& params, bool fHelp)
|
||||||
{
|
{
|
||||||
if (fHelp || params.size() > 0)
|
if (fHelp || params.size() > 0)
|
||||||
|
@ -380,8 +396,7 @@ UniValue getclaimbyid(const UniValue& params, bool fHelp)
|
||||||
);
|
);
|
||||||
|
|
||||||
LOCK(cs_main);
|
LOCK(cs_main);
|
||||||
uint160 claimId;
|
uint160 claimId = ParseClaimtrieId(params[0], "Claim-id (parameter 1)");
|
||||||
claimId.SetHex(params[0].get_str());
|
|
||||||
UniValue claim(UniValue::VOBJ);
|
UniValue claim(UniValue::VOBJ);
|
||||||
std::string name;
|
std::string name;
|
||||||
CClaimValue claimValue;
|
CClaimValue claimValue;
|
||||||
|
@ -512,10 +527,7 @@ UniValue getclaimsfortx(const UniValue& params, bool fHelp)
|
||||||
);
|
);
|
||||||
|
|
||||||
LOCK(cs_main);
|
LOCK(cs_main);
|
||||||
|
uint256 hash = ParseHashV(params[0], "txid (parameter 1)");
|
||||||
uint256 hash;
|
|
||||||
hash.SetHex(params[0].get_str());
|
|
||||||
|
|
||||||
UniValue ret(UniValue::VARR);
|
UniValue ret(UniValue::VARR);
|
||||||
|
|
||||||
int op;
|
int op;
|
||||||
|
@ -741,8 +753,7 @@ UniValue getnameproof(const UniValue& params, bool fHelp)
|
||||||
uint256 blockHash;
|
uint256 blockHash;
|
||||||
if (params.size() == 2)
|
if (params.size() == 2)
|
||||||
{
|
{
|
||||||
std::string strBlockHash = params[1].get_str();
|
blockHash = ParseHashV(params[1], "blockhash (optional parameter 2)");
|
||||||
blockHash = uint256S(strBlockHash);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
@ -332,4 +332,23 @@ BOOST_AUTO_TEST_CASE(rpc_convert_values_generatetoaddress)
|
||||||
BOOST_CHECK_EQUAL(result[2].get_int(), 9);
|
BOOST_CHECK_EQUAL(result[2].get_int(), 9);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BOOST_AUTO_TEST_CASE(rpc_claimtrie_validation)
|
||||||
|
{
|
||||||
|
// std::runtime_error: parameter 2 must be hexadecimal string (not 'not_hex')
|
||||||
|
BOOST_CHECK_THROW(CallRPC("getnameproof test not_hex"), runtime_error);
|
||||||
|
// std::runtime_error: Block not found
|
||||||
|
BOOST_CHECK_THROW(CallRPC("getnameproof test aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), runtime_error);
|
||||||
|
// Generate a block to validate the NO_THROW case.
|
||||||
|
UniValue result = CallRPC("generate 1");
|
||||||
|
BOOST_CHECK_NO_THROW(CallRPC(string("getnameproof test ") + result[0].get_str()));
|
||||||
|
|
||||||
|
BOOST_CHECK_THROW(CallRPC("getclaimsfortx not_hex"), runtime_error);
|
||||||
|
BOOST_CHECK_NO_THROW(CallRPC("getclaimsfortx aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
|
||||||
|
|
||||||
|
BOOST_CHECK_THROW(CallRPC("getclaimbyid not_hex"), runtime_error);
|
||||||
|
// Wrong length.
|
||||||
|
BOOST_CHECK_THROW(CallRPC("getclaimbyid a"), runtime_error);
|
||||||
|
BOOST_CHECK_NO_THROW(CallRPC("getclaimbyid aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
|
||||||
|
}
|
||||||
|
|
||||||
BOOST_AUTO_TEST_SUITE_END()
|
BOOST_AUTO_TEST_SUITE_END()
|
||||||
|
|
Loading…
Reference in a new issue