Sanitize claimtrie RPC commands.

This commit is contained in:
winder 2018-06-30 17:39:51 -04:00 committed by kay kurokawa
parent 30c65694b9
commit e381336281
No known key found for this signature in database
GPG key ID: AA15748C1D2B529F
2 changed files with 38 additions and 8 deletions

View file

@ -7,6 +7,22 @@
// Maximum block decrement that is allowed from rpc calls // Maximum block decrement that is allowed from rpc calls
const int MAX_RPC_BLOCK_DECREMENTS = 50; const int MAX_RPC_BLOCK_DECREMENTS = 50;
uint160 ParseClaimtrieId(const UniValue& v, std::string strName)
{
std::string strHex;
if (v.isStr())
strHex = v.get_str();
if (!IsHex(strHex)) // Note: IsHex("") is false
throw JSONRPCError(RPC_INVALID_PARAMETER, strName + " must be a 20-character hexadecimal string (not '" + strHex + "')");
if (40 != strHex.length())
throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("%s must be of length %d (not %d)", strName, 40, strHex.length()));
uint160 result;
result.SetHex(strHex);
return result;
}
UniValue getclaimsintrie(const UniValue& params, bool fHelp) UniValue getclaimsintrie(const UniValue& params, bool fHelp)
{ {
if (fHelp || params.size() > 0) if (fHelp || params.size() > 0)
@ -380,8 +396,7 @@ UniValue getclaimbyid(const UniValue& params, bool fHelp)
); );
LOCK(cs_main); LOCK(cs_main);
uint160 claimId; uint160 claimId = ParseClaimtrieId(params[0], "Claim-id (parameter 1)");
claimId.SetHex(params[0].get_str());
UniValue claim(UniValue::VOBJ); UniValue claim(UniValue::VOBJ);
std::string name; std::string name;
CClaimValue claimValue; CClaimValue claimValue;
@ -512,10 +527,7 @@ UniValue getclaimsfortx(const UniValue& params, bool fHelp)
); );
LOCK(cs_main); LOCK(cs_main);
uint256 hash = ParseHashV(params[0], "txid (parameter 1)");
uint256 hash;
hash.SetHex(params[0].get_str());
UniValue ret(UniValue::VARR); UniValue ret(UniValue::VARR);
int op; int op;
@ -741,8 +753,7 @@ UniValue getnameproof(const UniValue& params, bool fHelp)
uint256 blockHash; uint256 blockHash;
if (params.size() == 2) if (params.size() == 2)
{ {
std::string strBlockHash = params[1].get_str(); blockHash = ParseHashV(params[1], "blockhash (optional parameter 2)");
blockHash = uint256S(strBlockHash);
} }
else else
{ {

View file

@ -332,4 +332,23 @@ BOOST_AUTO_TEST_CASE(rpc_convert_values_generatetoaddress)
BOOST_CHECK_EQUAL(result[2].get_int(), 9); BOOST_CHECK_EQUAL(result[2].get_int(), 9);
} }
BOOST_AUTO_TEST_CASE(rpc_claimtrie_validation)
{
// std::runtime_error: parameter 2 must be hexadecimal string (not 'not_hex')
BOOST_CHECK_THROW(CallRPC("getnameproof test not_hex"), runtime_error);
// std::runtime_error: Block not found
BOOST_CHECK_THROW(CallRPC("getnameproof test aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), runtime_error);
// Generate a block to validate the NO_THROW case.
UniValue result = CallRPC("generate 1");
BOOST_CHECK_NO_THROW(CallRPC(string("getnameproof test ") + result[0].get_str()));
BOOST_CHECK_THROW(CallRPC("getclaimsfortx not_hex"), runtime_error);
BOOST_CHECK_NO_THROW(CallRPC("getclaimsfortx aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
BOOST_CHECK_THROW(CallRPC("getclaimbyid not_hex"), runtime_error);
// Wrong length.
BOOST_CHECK_THROW(CallRPC("getclaimbyid a"), runtime_error);
BOOST_CHECK_NO_THROW(CallRPC("getclaimbyid aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"));
}
BOOST_AUTO_TEST_SUITE_END() BOOST_AUTO_TEST_SUITE_END()