Validate json msg payload

This commit is contained in:
Alex Peters 2020-07-17 15:14:54 +02:00
parent 882d8177b8
commit 1c4d4d8f0e
No known key found for this signature in database
GPG Key ID: BD28388D49EE708D
4 changed files with 71 additions and 10 deletions

View File

@ -232,8 +232,8 @@ func GetCmdGetContractStateSmart(cdc *codec.Codec) *cobra.Command {
cmd := &cobra.Command{
Use: "smart [bech32_address] [query]",
Short: "Calls contract with given address with query data and prints the returned result",
Long: "Calls contract with given address with query data and prints the returned result",
Short: "Calls contract with given address with query data and prints the returned result",
Long: "Calls contract with given address with query data and prints the returned result",
Args: cobra.ExactArgs(2),
RunE: func(_ *cobra.Command, args []string) error {
cliCtx := context.NewCLIContext().WithCodec(cdc)
@ -252,6 +252,9 @@ func GetCmdGetContractStateSmart(cdc *codec.Codec) *cobra.Command {
if err != nil {
return fmt.Errorf("decode query: %s", err)
}
if !json.Valid(queryData) {
return errors.New("query data must be json")
}
res, _, err := cliCtx.QueryWithData(route, queryData)
if err != nil {
return err

View File

@ -93,6 +93,11 @@ func TestQueryContractState(t *testing.T) {
srcReq: abci.RequestQuery{Data: []byte(`{"raw":{"key":"config"}}`)},
expErr: types.ErrQueryFailed,
},
"query smart with invalid json": {
srcPath: []string{QueryGetContractState, addr.String(), QueryMethodContractStateSmart},
srcReq: abci.RequestQuery{Data: []byte(`not a json string`)},
expErr: types.ErrQueryFailed,
},
"query unknown raw key": {
srcPath: []string{QueryGetContractState, addr.String(), QueryMethodContractStateRaw},
srcReq: abci.RequestQuery{Data: []byte("unknown")},

View File

@ -99,6 +99,9 @@ func (msg MsgInstantiateContract) ValidateBasic() error {
return err
}
}
if !json.Valid(msg.InitMsg) {
return sdkerrors.Wrap(ErrInvalid, "init msg json")
}
return nil
}
@ -136,6 +139,9 @@ func (msg MsgExecuteContract) ValidateBasic() error {
if !msg.SentFunds.IsValid() {
return sdkerrors.Wrap(sdkerrors.ErrInvalidCoins, "sentFunds")
}
if !json.Valid(msg.Msg) {
return sdkerrors.Wrap(ErrInvalid, "msg json")
}
return nil
}
@ -172,6 +178,10 @@ func (msg MsgMigrateContract) ValidateBasic() error {
if err := sdk.VerifyAddressFormat(msg.Contract); err != nil {
return sdkerrors.Wrap(err, "contract")
}
if !json.Valid(msg.MigrateMsg) {
return sdkerrors.Wrap(ErrInvalid, "migrate msg json")
}
return nil
}

View File

@ -204,6 +204,23 @@ func TestInstantiateContractValidation(t *testing.T) {
},
valid: false,
},
"non json init msg": {
msg: MsgInstantiateContract{
Sender: goodAddress,
CodeID: 1,
Label: "foo",
InitMsg: []byte("invalid-json"),
},
valid: false,
},
"empty init msg": {
msg: MsgInstantiateContract{
Sender: goodAddress,
CodeID: 1,
Label: "foo",
},
valid: false,
},
}
for name, tc := range cases {
@ -236,6 +253,7 @@ func TestExecuteContractValidation(t *testing.T) {
msg: MsgExecuteContract{
Sender: goodAddress,
Contract: goodAddress,
Msg: []byte("{}"),
},
valid: true,
},
@ -296,6 +314,21 @@ func TestExecuteContractValidation(t *testing.T) {
},
valid: false,
},
"non json msg": {
msg: MsgExecuteContract{
Sender: goodAddress,
Contract: goodAddress,
Msg: []byte("invalid-json"),
},
valid: false,
},
"empty msg": {
msg: MsgExecuteContract{
Sender: goodAddress,
Contract: goodAddress,
},
valid: false,
},
}
for name, tc := range cases {
@ -447,14 +480,7 @@ func TestMsgMigrateContract(t *testing.T) {
Sender: goodAddress,
Contract: anotherGoodAddress,
CodeID: 1,
MigrateMsg: []byte{1},
},
},
"MigrateMsg optional": {
src: MsgMigrateContract{
Sender: goodAddress,
Contract: anotherGoodAddress,
CodeID: 1,
MigrateMsg: []byte("{}"),
},
},
"bad sender": {
@ -494,6 +520,23 @@ func TestMsgMigrateContract(t *testing.T) {
},
expErr: true,
},
"non json migrateMsg": {
src: MsgMigrateContract{
Sender: goodAddress,
Contract: anotherGoodAddress,
CodeID: 1,
MigrateMsg: []byte("invalid json"),
},
expErr: true,
},
"empty migrateMsg": {
src: MsgMigrateContract{
Sender: goodAddress,
Contract: anotherGoodAddress,
CodeID: 1,
},
expErr: true,
},
}
for msg, spec := range specs {
t.Run(msg, func(t *testing.T) {