From 6cac874374bfb4658725eccba4f749bc0208f0b7 Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Tue, 25 Feb 2020 16:22:38 +0100 Subject: [PATCH] Better Validation on Sender, Source URL --- x/wasm/internal/types/msg.go | 8 ++- x/wasm/internal/types/msg_test.go | 87 +++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 1 deletion(-) diff --git a/x/wasm/internal/types/msg.go b/x/wasm/internal/types/msg.go index 1844c86..b5bc225 100644 --- a/x/wasm/internal/types/msg.go +++ b/x/wasm/internal/types/msg.go @@ -43,6 +43,10 @@ func (msg MsgStoreCode) Type() string { } func (msg MsgStoreCode) ValidateBasic() error { + if err := sdk.VerifyAddressFormat(msg.Sender); err != nil { + return err + } + if len(msg.WASMByteCode) == 0 { return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "empty wasm code") } @@ -56,10 +60,12 @@ func (msg MsgStoreCode) ValidateBasic() error { if err != nil { return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source should be a valid url") } - if !u.IsAbs() { return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source should be an absolute url") } + if u.Scheme != "https" { + return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source must use https") + } } if msg.Builder != "" { diff --git a/x/wasm/internal/types/msg_test.go b/x/wasm/internal/types/msg_test.go index 69a4d9f..515ac28 100644 --- a/x/wasm/internal/types/msg_test.go +++ b/x/wasm/internal/types/msg_test.go @@ -5,7 +5,9 @@ import ( "regexp" "testing" + sdk "github.com/cosmos/cosmos-sdk/types" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestBuilderRegexp(t *testing.T) { @@ -29,3 +31,88 @@ func TestBuilderRegexp(t *testing.T) { } } + +func TestStoreCodeValidation(t *testing.T) { + badAddress, err := sdk.AccAddressFromHex("012345") + require.NoError(t, err) + // proper address size + goodAddress := sdk.AccAddress(make([]byte, 20)) + + cases := map[string]struct { + msg MsgStoreCode + valid bool + }{ + "empty": { + msg: MsgStoreCode{}, + valid: false, + }, + "correct minimal": { + msg: MsgStoreCode{ + Sender: goodAddress, + WASMByteCode: []byte("foo"), + }, + valid: true, + }, + "missing code": { + msg: MsgStoreCode{ + Sender: goodAddress, + }, + valid: false, + }, + "bad sender minimal": { + msg: MsgStoreCode{ + Sender: badAddress, + WASMByteCode: []byte("foo"), + }, + valid: false, + }, + "correct maximal": { + msg: MsgStoreCode{ + Sender: goodAddress, + WASMByteCode: []byte("foo"), + Builder: "confio/cosmwasm-opt:0.6.2", + Source: "https://crates.io/api/v1/crates/cw-erc20/0.1.0/download", + }, + valid: true, + }, + "invalid builder": { + msg: MsgStoreCode{ + Sender: goodAddress, + WASMByteCode: []byte("foo"), + Builder: "-bad-opt:0.6.2", + Source: "https://crates.io/api/v1/crates/cw-erc20/0.1.0/download", + }, + valid: false, + }, + "invalid source scheme": { + msg: MsgStoreCode{ + Sender: goodAddress, + WASMByteCode: []byte("foo"), + Builder: "cosmwasm-opt:0.6.2", + Source: "ftp://crates.io/api/download.tar.gz", + }, + valid: false, + }, + "invalid source format": { + msg: MsgStoreCode{ + Sender: goodAddress, + WASMByteCode: []byte("foo"), + Builder: "cosmwasm-opt:0.6.2", + Source: "/api/download-ss", + }, + valid: false, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + err := tc.msg.ValidateBasic() + if tc.valid { + assert.NoError(t, err) + } else { + assert.Error(t, err) + } + }) + } + +}