Commit graph

44 commits

Author SHA1 Message Date
Wladimir J. van der Laan
feb162d500
Merge #14696: qa: Add explicit references to related CVE's in p2p_invalid_block test.
0c62e3aa73 New regression testing for CVE-2018-17144, CVE-2012-2459, and CVE-2010-5137. (lucash-dev)
38bfca6bb2 Added comments referencing multiple CVEs in tests and production code. (lucash-dev)

Pull request description:

  This functional test includes two scenarios that test for regressions of vulnerabilities, but they are only briefly described. There are freely available documents explaining in detail the issues, but without explicit mentions, the developer trying to maintain the code needs an additional step of digging in commit history and PR conversations to figure it out.
  Added comments to explicitly mention  CVE-2018-17144 and CVE-2012-2459, for more complete documentation.
  This improves developer experience by making understanding the tests easier.

ACKs for top commit:
  laanwj:
    ACK 0c62e3aa73, checked the CVE numbers, thanks for adding documentation

Tree-SHA512: 3ee05351745193b8b959e4a25d50f25a693b2d24b0732ed53cf7d5882df40b5dd0f1877bd5c69cffb921d4a7acf9deb3cc1160b96dc730d9b5984151ad06b7c9
2019-09-18 16:00:54 +02:00
MarcoFalke
fa502cb6f0
test: Bump timeouts in slow running tests 2019-09-16 13:32:13 -04:00
MarcoFalke
62117f9f36
Merge #16363: test: Add test for BIP30 duplicate tx
fa8489a155 test: Add test for BIP30 duplicate tx (MarcoFalke)
77770d95e2 test: Properly serialize BIP34 coinbase height (MarcoFalke)

Pull request description:

  This adds a test for BIP30 to check that duplicate txs can exist in the blockchain given the first one was completely spent when the second one is added. (Requested by ajtowns in https://github.com/bitcoin/bitcoin/pull/16333#issuecomment-508604071)

  We can not add a test that a later duplicate tx overwrites a previous one, because BIP30 is always enforced on regtest. If someone feels strongly about such a test, some Bitcoin Core code would have to be modified, which can be done in a follow up pull request.

  Also, add a commit to fix the BIP34 test failures reported in https://github.com/bitcoin/bitcoin/pull/14633#issue-227712540

ACKs for top commit:
  laanwj:
    Code review ACK fa8489a155

Tree-SHA512: c707d0bdc93937263876b603425b53322a2a9f9ec3f50716ae2fa9de8ddc644beb22b26c1bfde7f4aab102633e096b354ef380db919176bd2cb44a2828f884aa
2019-08-05 08:16:18 -04:00
Suhas Daftuar
bf3be5297a [qa] Ensure we don't generate a too-big block in p2sh sigops test 2019-07-25 14:43:30 -04:00
MarcoFalke
fa8489a155
test: Add test for BIP30 duplicate tx 2019-07-09 14:33:07 -04:00
MarcoFalke
fa89badf88
test: Require standard txs in regtest 2019-06-21 16:45:16 -04:00
lucash-dev
38bfca6bb2 Added comments referencing multiple CVEs in tests and production code.
This commit adds comments referencing multiple CVEs both in production and test code.
CVEs covered in this commit:

CVE-2010-5137
CVE-2010-5139
CVE-2010-5141
CVE-2012-1909
CVE-2012-2459
CVE-2012-3789
CVE-2018-17144
2019-06-02 10:25:03 -07:00
Wladimir J. van der Laan
d7d7d31506
Merge #15141: Rewrite DoS interface between validation and net_processing
0ff1c2a838 Separate reason for premature spends (coinbase/locktime) (Suhas Daftuar)
54470e767b Assert validation reasons are contextually correct (Suhas Daftuar)
2120c31521 [refactor] Update some comments in validation.cpp as we arent doing DoS there (Matt Corallo)
12dbdd7a41 [refactor] Drop unused state.DoS(), state.GetDoS(), state.CorruptionPossible() (Matt Corallo)
aa502b88d1 scripted-diff: Remove DoS calls to CValidationState (Matt Corallo)
7721ad64f4 [refactor] Prep for scripted-diff by removing some \ns which annoy sed. (Matt Corallo)
5e78c5734b Allow use of state.Invalid() for all reasons (Matt Corallo)
6b34bc6b6f Fix handling of invalid headers (Suhas Daftuar)
ef54b486d5 [refactor] Use Reasons directly instead of DoS codes (Matt Corallo)
9ab2a0412e CorruptionPossible -> BLOCK_MUTATED (Matt Corallo)
6e55b292b0 CorruptionPossible -> TX_WITNESS_MUTATED (Matt Corallo)
7df16e70e6 LookupBlockIndex -> CACHED_INVALID (Matt Corallo)
c8b0d22698 [refactor] Drop redundant nDoS, corruptionPossible, SetCorruptionPossible (Matt Corallo)
34477ccd39 [refactor] Add useful-for-dos "reason" field to CValidationState (Matt Corallo)
6a7f8777a0 Ban all peers for all block script failures (Suhas Daftuar)
7b999103e2 Clean up banning levels (Matt Corallo)
b8b4c80146 [refactor] drop IsInvalid(nDoSOut) (Matt Corallo)
8818729013 [refactor] Refactor misbehavior ban decisions to MaybePunishNode() (Matt Corallo)
00e11e61c0 [refactor] rename stateDummy -> orphan_state (Matt Corallo)
f34fa719cf Drop obsolete sigops comment (Matt Corallo)

Pull request description:

  This is a rebase of #11639 with some fixes for the last few comments which were not yet addressed.

  The original PR text, with some strikethroughs of text that is no longer correct:

  > This cleans up an old main-carryover - it made sense that main could decide what DoS scores to assign things because the DoS scores were handled in a different part of main, but now validation is telling net_processing what DoS scores to assign to different things, which is utter nonsense. Instead, we replace CValidationState's nDoS and CorruptionPossible with a general ValidationInvalidReason, which net_processing can handle as it sees fit. I keep the behavior changes here to a minimum, but in the future we can utilize these changes for other smarter behavior, such as disconnecting/preferring to rotate outbound peers based on them providing things which are invalid due to SOFT_FORK because we shouldn't ban for such cases.
  >
  > This is somewhat complementary with, though obviously conflicts heavily with #11523, which added enums in place of DoS scores, as well as a few other cleanups (which are still relevant).
  >
  > Compared with previous bans, the following changes are made:
  >
  > Txn with empty vin/vout or null prevouts move from 10 DoS
  > points to 100.
  > Loose transactions with a dependency loop now result in a ban
  > instead of 10 DoS points.
  > ~~BIP68-violation no longer results in a ban as it is SOFT_FORK.~~
  > ~~Non-SegWit SigOp violation no longer results in a ban as it
  > considers P2SH sigops and is thus SOFT_FORK.~~
  > ~~Any script violation in a block no longer results in a ban as
  > it may be the result of a SOFT_FORK. This should likely be
  > fixed in the future by differentiating between them.~~
  > Proof of work failure moves from 50 DoS points to a ban.
  > Blocks with timestamps under MTP now result in a ban, blocks
  > too far in the future continue to not result in a ban.
  > Inclusion of non-final transactions in a block now results in a
  > ban instead of 10 DoS points.

  Note: The change to ban all peers for consensus violations is actually NOT the change I'd like to make -- I'd prefer to only ban outbound peers in those situations.  The current behavior is a bit of a mess, however, and so in the interests of advancing this PR I tried to keep the changes to a minimum.  I plan to revisit the behavior in a followup PR.

  EDIT: One reviewer suggested I add some additional context for this PR:

  > The goal of this work was to make net_processing aware of the actual reasons for validation failures, rather than just deal with opaque numbers instructing it to do something.
  >
  > In the future, I'd like to make it so that we use more context to decide how to punish a peer. One example is to differentiate inbound and outbound peer misbehaviors. Another potential example is if we'd treat RECENT_CONSENSUS_CHANGE failures differently (ie after the next consensus change is implemented), and perhaps again we'd want to treat some peers differently than others.

ACKs for commit 0ff1c2:
  jnewbery:
    utACK 0ff1c2a838
  ryanofsky:
    utACK 0ff1c2a838. Only change is dropping the first commit (f3883a321bf4ab289edcd9754b12cae3a648b175), and dropping the temporary `assert(level == GetDoS())` that was in 35ee77f2832eaffce30042e00785c310c5540cdc (now c8b0d22698)

Tree-SHA512: e915a411100876398af5463d0a885920e44d473467bb6af991ef2e8f2681db6c1209bb60f848bd154be72d460f039b5653df20a6840352c5f7ea5486d9f777a3
2019-05-04 11:58:57 +02:00
Matt Corallo
34477ccd39 [refactor] Add useful-for-dos "reason" field to CValidationState
This is a first step towards cleaning up our DoS interface - make
validation return *why* something is invalid, and let net_processing
figure out what that implies in terms of banning/disconnection/etc.

Behavior change: peers will now be banned for providing blocks
with premature coinbase spends.

Co-authored-by: Anthony Towns <aj@erisian.com.au>
                Suhas Daftuar <sdaftuar@gmail.com>
2019-05-02 14:55:13 -04:00
Matt Corallo
7b999103e2 Clean up banning levels
Compared with previous bans, the following changes are made:
 * Txn with empty vin/vout or null prevouts move from 10 DoS
   points to 100.
 * Loose transactions with a dependency loop now result in a ban
   instead of 10 DoS points.
 * Many pre-segwit soft-fork errors now result in a ban.
   Note: Transactions that violate soft-fork script flags since P2SH do not generally
   result in a ban. Also, banning behavior for invalid blocks is dependent on
   whether the node is validating with multiple script check threads, due to a long-
   standing bug. That inconsistency is still present after this commit.
 * Proof of work failure moves from 50 DoS points to a ban.
 * Blocks with timestamps under MTP now result in a ban, blocks
   too far in the future continue to *not* result in a ban.
 * Inclusion of non-final transactions in a block now results in a
   ban instead of 10 DoS points.

Co-authored-by: Anthony Towns <aj@erisian.com.au>
2019-05-02 11:00:19 -04:00
Gregory Sanders
25b0786581 Fix missing input template by making minimal tx 2019-04-25 21:01:09 -04:00
Pieter Wuille
8c7b9324ca Pure python EC
This removes the dependency on OpenSSL for the interaction tests, by providing a pure-Python
toy implementation of secp256k1.
2019-04-18 11:58:32 -07:00
MarcoFalke
fa4680ed09
scripted-diff: Rename sync_blocks to send_blocks to avoid name collisions and confusion
-BEGIN VERIFY SCRIPT-
FILE_LIST=$(git grep -l 'def sync_blocks' ./test/functional/*.py)
sed -i -e 's/def sync_blocks/def send_blocks/g'   $FILE_LIST
sed -i -e 's/self.sync_blocks/self.send_blocks/g' $FILE_LIST
-END VERIFY SCRIPT-
2019-04-08 19:40:00 -04:00
MarcoFalke
fa0e65b772
scripted-diff: test: Remove brackets after assert
-BEGIN VERIFY SCRIPT-
sed -i --regexp-extended -e 's/assert ?\((.+)\)(( )*)?(#.*)?$/assert \1\3\3\4/g' $(git grep -l --extended-regexp 'assert ?\(' test)
-END VERIFY SCRIPT-
2019-03-02 10:51:35 -05:00
Wladimir J. van der Laan
c6806ee869
Merge #15059: test: Add basic test for BIP34
fab17e8272 test: Add basic test for BIP34 (MarcoFalke)

Pull request description:

  BIP34 was disabled for testing, which explains why it had no test.

  Fix that by enabling it and adding a test.

Tree-SHA512: 9cb5702d474117ce6420226eb93ee09d6fb5fc856fabc8b67abe56a088cd727674e0e5462000e1afa83b911374036f90abdbdde56a8c236a75572ed47e10a00f
2019-01-08 15:53:39 +01:00
MarcoFalke
fac4e731a8
test: Run invalid_txs.InputMissing test in feature_block 2019-01-05 14:51:25 +01:00
Wladimir J. van der Laan
df894fa69a
Merge #14457: test: add invalid tx templates for use in functional tests
59e387705c test: add invalid tx templates for use in functional tests (James O'Beirne)

Pull request description:

  This change adds a list of `CTransaction`-generating templates which each correspond to a specific type of invalid transaction. We then use this list to test for a wider variety of invalid tx types in `p2p_invalid_tx.py` and `feature_block.py`.

  Consolidating all invalid tx types will allow us to more easily cover all tx reject cases from a variety of tests without repeating ourselves. Validation logic doesn't differ much between mempool and block acceptance, but there *is* a difference and we should be sure we're testing both comprehensively.

  Right now, I've only added templates covering the tx reject types listed below but if this approach seems worthwhile I will expand the list to be fully comprehensive.
  ```
  bad-txns-in-belowout
  bad-txns-inputs-duplicate
  bad-txns-too-many-sigops
  bad-txns-vin-empty
  bad-txns-vout-empty
  bad-txns-vout-negative
  ```

Tree-SHA512: 05407f4a953fbd7c44c08bb49bb989cefd39a2b05ea00f5b3c92197a3f05e1b302f789e33832445734220e1c333d133aba385740b77b84139b170c583471ce20
2019-01-02 14:44:14 +01:00
MarcoFalke
fab17e8272
test: Add basic test for BIP34 2018-12-29 19:39:37 +01:00
MarcoFalke
fa05d52af4
test: Bump timeout to run tests in travis thread sanitizer 2018-12-20 08:06:28 +13:00
James O'Beirne
59e387705c test: add invalid tx templates for use in functional tests
Add templates for easily constructing different kinds of invalid
transactions and use them in feature_block and p2p_invalid_tx.
2018-11-27 17:53:53 -05:00
MarcoFalke
fa7da0617c
qa: Check specific reject reasons in feature_block 2018-11-13 11:05:24 -05:00
MarcoFalke
6c787d340c tests: Make feature_block pass on centos 2018-11-09 15:46:32 -05:00
MarcoFalke
990fc0de1a
Merge #14007: tests: Run functional test on Windows and enable it on Appveyor
661ac15a4a appveyor: Run functional tests on appveyor (Chun Kuan Lee)
2148c36b6e tests: Make it possible to run functional tests on Windows (Chun Kuan Lee)

Pull request description:

  This PR do the following things:
  - Make functional tests compatible with Windows
  - Print color output in functional tests for Windows 10
  - Run util and functional tests on appveyor
  - Do not run symlink tests on Windows

  Note:
  - The wallet_multiwallet.py fail is unrelated to the test framework, it's a bug related to c++ code or maybe dependencies. `bitcoind` would exit with 0xC0000005(Access violation) during shutdown occasionally. Disable this for now.
  - Not using `--failfast` because this is still in experimental. We should track if there is any other error.
  - Disable ZMQ tests because the python zmq library could cause access violation sometimes.
  - Disable `feature_notifications` because Bitcoin Core handles the command in different thread, whicha can cause a race condition.

Tree-SHA512: b76db137d264e62a5c130e1cbca7a2ca002a7a0f4153fa0b92c1ea6c9c09ef0533e11c49bdbd566c472d8ff59f245758feb5e5a6ec6cb6bb66a1c67bab5fa48a
2018-09-24 16:13:17 -04:00
sanket1729
0ca4c8b3c6 Changed functional tests which do not require wallets to run without
skipping  .Addreses #14216. Changed get_deterministic_priv_key() to a

named tuple
2018-09-17 08:25:10 -05:00
Chun Kuan Lee
2148c36b6e tests: Make it possible to run functional tests on Windows 2018-09-17 09:56:49 +08:00
Wladimir J. van der Laan
288ddf4ff5
Merge #14180: qa: Run all tests even if wallet is not compiled
fac9539836 qa: Run all tests even if wallet is not compiled (MarcoFalke)
faa669cbcd qa: Premine to deterministic address with -disablewallet (MarcoFalke)

Pull request description:

  Currently the test_runner would exit if the wallet was not compiled into the Bitcoin Core executable. However, a lot of the tests run without the wallet just fine and there is no need to globally require the wallet to run the tests.

Tree-SHA512: 63177260aa29126fd20f0be217a82b10b62288ab846f96f1cbcc3bd2c52702437703475d91eae3f8d821a3149fc62b725a4c5b2a7b3657b67ffcbc81532a03bb
2018-09-13 13:06:07 +02:00
MarcoFalke
fac9539836
qa: Run all tests even if wallet is not compiled 2018-09-10 17:53:21 -04:00
Wladimir J. van der Laan
cb25cd6aa1
Merge #14119: qa: Read reject reasons from debug log, not p2p messages
fac3e22b18 qa: Read reject reasons from debug log, not p2p messages (MarcoFalke)

Pull request description:

  For local testing we don't need to rely on p2p messages just to assert a reject reason.

  Replace reading p2p messages with reading from the debug log file.

Tree-SHA512: fa59598ecf5e00cfb420ef1892d90aa415501fd882e1c608894dc577b0d00e93a442326d3a9167fef77d26aafbe345b730b49109982ccad68a5942384564a90b
2018-09-08 07:09:07 +02:00
practicalswift
ada356208e Fix typos reported by codespell 2018-09-04 13:11:26 +02:00
MarcoFalke
fac3e22b18
qa: Read reject reasons from debug log, not p2p messages 2018-08-31 10:27:19 -04:00
MarcoFalke
b4d3309673 scripted-diff: Use named arguments in feature_block
-BEGIN VERIFY SCRIPT-
sed -i --regexp-extended -e "s/sync_blocks\((.*?), (True|False), (1.?), /sync_blocks(\1, success=\2, reject_code=\3, reject_reason=/g" ./test/functional/feature_block.py
-END VERIFY SCRIPT-
2018-08-29 12:52:25 -04:00
Conor Scott
44bbceeef1 [Tests] Cleanup feature_block.py, remove unnecessary PreviousSpendableOutput object 2018-08-09 12:58:36 +02:00
Conor Scott
736f941424 [Tests] Cleanup extra instances of create_transaction 2018-08-09 12:58:36 +02:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
MarcoFalke
fa87da2f17
qa: Avoid start/stop of the network thread mid-test 2018-06-25 14:06:41 -04:00
MarcoFalke
364bae5f7a qa: Pad scriptPubKeys to get minimum sized txs 2018-05-05 04:59:55 +08:00
Wladimir J. van der Laan
8d045a0f66
Merge #13003: qa: Add test for orphan handling
fa02c5b qa: Clarify documentation for send_txs_and_test (MarcoFalke)
fadfbd3 qa: Add test for orphan handling (MarcoFalke)

Pull request description:

Tree-SHA512: e0932d6bd03c73e3113f5457a3ffa3bbfc7b6075dfca8de95224d9df875e60ca6eb15cd8baa226f13de965483006559556191630a83c3bb431e79c53a85ef73f
2018-04-26 19:48:05 +02:00
John Newbery
c1d742025c [tests] Fix feature_block flakiness
feature_block.py occasionally fails on Travis. I believe this is due to
a a race condition when reconnecting to bitcoind after a subtest that
expects disconnection. If the test runs ahead and sends the INV for the
subsequent test before we've received the initial sync getheaders, then
we may end up sending two headers messages - one as a response to the
initial sync getheaders and one in response to the INV getheaders. If
both of those headers fail validation with a DoS score of 50 or higher,
then we'll unexpectedly be disconnected.

There is only one validation failure that has a DoS score bewteen 50 and
100, which is high-hash. That's why the test is failing immediately
after the "Reject a block with invalid work" subtest.

Fix is to wait for the initial getheaders from the peer before we
start populating our blockstore. That way we won't have any invalid
headers to respond to it with.
2018-04-20 15:45:31 -04:00
MarcoFalke
fadfbd33ab
qa: Add test for orphan handling 2018-04-16 23:11:27 -04:00
John Newbery
ebf053ac61 [tests] Change feature_block.py to use BitcoinTestFramework 2018-03-19 14:26:09 -04:00
John Newbery
fc02c12ae9 [tests] Add logging to feature_block.py 2018-03-19 09:33:37 -04:00
John Newbery
3898c4f3d7 [tests] Tidy up feature_block.py
- move all helper methods to the end
- remove block, create_tx and create_and_sign_tx shortcuts
- remove --runbarelyexpensive option, since it defaults to True and it's
unlikely that anyone ever runs the test with this option set to false.
2018-03-19 09:33:37 -04:00
John Newbery
5cd01d235a [tests] Fix flake8 warnings in feature_block.py 2018-03-19 09:33:37 -04:00
Anthony Towns
ca6523d0c8 [tests] Rename feature_* functional tests. 2018-01-25 09:44:29 +10:00
Renamed from test/functional/p2p-fullblocktest.py (Browse further)