Better Validation on Sender, Source URL

2020-02-25 16:22:38 +01:00 · 2020-02-25 16:22:38 +01:00 · 6cac874374
parent ea6346e87f
commit 6cac874374
2 changed files with 94 additions and 1 deletions
--- a/x/wasm/internal/types/msg.go
+++ b/x/wasm/internal/types/msg.go
@ -43,6 +43,10 @@ func (msg MsgStoreCode) Type() string {
 }

 func (msg MsgStoreCode) ValidateBasic() error {
+	if err := sdk.VerifyAddressFormat(msg.Sender); err != nil {
+		return err
+	}
+
 	if len(msg.WASMByteCode) == 0 {
 		return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "empty wasm code")
 	}
@ -56,10 +60,12 @@ func (msg MsgStoreCode) ValidateBasic() error {
 		if err != nil {
 			return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source should be a valid url")
 		}
-
 		if !u.IsAbs() {
 			return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source should be an absolute url")
 		}
+		if u.Scheme != "https" {
+			return sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "source must use https")
+		}
 	}

 	if msg.Builder != "" {
--- a/x/wasm/internal/types/msg_test.go
+++ b/x/wasm/internal/types/msg_test.go
@ -5,7 +5,9 @@ import (
 	"regexp"
 	"testing"

+	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestBuilderRegexp(t *testing.T) {
@ -29,3 +31,88 @@ func TestBuilderRegexp(t *testing.T) {

 	}
 }
+
+func TestStoreCodeValidation(t *testing.T) {
+	badAddress, err := sdk.AccAddressFromHex("012345")
+	require.NoError(t, err)
+	// proper address size
+	goodAddress := sdk.AccAddress(make([]byte, 20))
+
+	cases := map[string]struct {
+		msg   MsgStoreCode
+		valid bool
+	}{
+		"empty": {
+			msg:   MsgStoreCode{},
+			valid: false,
+		},
+		"correct minimal": {
+			msg: MsgStoreCode{
+				Sender:       goodAddress,
+				WASMByteCode: []byte("foo"),
+			},
+			valid: true,
+		},
+		"missing code": {
+			msg: MsgStoreCode{
+				Sender: goodAddress,
+			},
+			valid: false,
+		},
+		"bad sender minimal": {
+			msg: MsgStoreCode{
+				Sender:       badAddress,
+				WASMByteCode: []byte("foo"),
+			},
+			valid: false,
+		},
+		"correct maximal": {
+			msg: MsgStoreCode{
+				Sender:       goodAddress,
+				WASMByteCode: []byte("foo"),
+				Builder:      "confio/cosmwasm-opt:0.6.2",
+				Source:       "https://crates.io/api/v1/crates/cw-erc20/0.1.0/download",
+			},
+			valid: true,
+		},
+		"invalid builder": {
+			msg: MsgStoreCode{
+				Sender:       goodAddress,
+				WASMByteCode: []byte("foo"),
+				Builder:      "-bad-opt:0.6.2",
+				Source:       "https://crates.io/api/v1/crates/cw-erc20/0.1.0/download",
+			},
+			valid: false,
+		},
+		"invalid source scheme": {
+			msg: MsgStoreCode{
+				Sender:       goodAddress,
+				WASMByteCode: []byte("foo"),
+				Builder:      "cosmwasm-opt:0.6.2",
+				Source:       "ftp://crates.io/api/download.tar.gz",
+			},
+			valid: false,
+		},
+		"invalid source format": {
+			msg: MsgStoreCode{
+				Sender:       goodAddress,
+				WASMByteCode: []byte("foo"),
+				Builder:      "cosmwasm-opt:0.6.2",
+				Source:       "/api/download-ss",
+			},
+			valid: false,
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			err := tc.msg.ValidateBasic()
+			if tc.valid {
+				assert.NoError(t, err)
+			} else {
+				assert.Error(t, err)
+			}
+		})
+	}
+
+}