mirror of https://github.com/poanetwork/gecko.git
added sanity checks on user/pass string length when creating user via RPC API
This commit is contained in:
parent
bdfabe96cb
commit
1aef6e1cb3
|
@ -23,8 +23,14 @@ import (
|
|||
jsoncodec "github.com/ava-labs/gecko/utils/json"
|
||||
)
|
||||
|
||||
const (
|
||||
// maxUserPassLen is the maximum length of the username or password allowed
|
||||
maxUserPassLen = 1024
|
||||
)
|
||||
|
||||
var (
|
||||
errEmptyUsername = errors.New("username can't be the empty string")
|
||||
errEmptyUsername = errors.New("username can't be the empty string")
|
||||
errUserPassMaxLength = errors.New(fmt.Sprintf("CreateUser call rejected due to username or password exceeding maximum length of %d chars", maxUserPassLen))
|
||||
)
|
||||
|
||||
// KeyValuePair ...
|
||||
|
@ -114,6 +120,10 @@ func (ks *Keystore) CreateUser(_ *http.Request, args *CreateUserArgs, reply *Cre
|
|||
ks.lock.Lock()
|
||||
defer ks.lock.Unlock()
|
||||
|
||||
if len(args.Username) > maxUserPassLen || len(args.Password) > maxUserPassLen {
|
||||
return errUserPassMaxLength
|
||||
}
|
||||
|
||||
ks.log.Verbo("CreateUser called with %s", args.Username)
|
||||
|
||||
if args.Username == "" {
|
||||
|
|
|
@ -5,6 +5,8 @@ package keystore
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"math/rand"
|
||||
"testing"
|
||||
|
||||
"github.com/ava-labs/gecko/database/memdb"
|
||||
|
@ -56,6 +58,56 @@ func TestServiceCreateUser(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// genStr returns a string of given length
|
||||
func genStr(n int) string {
|
||||
b := make([]byte, n)
|
||||
rand.Read(b)
|
||||
return fmt.Sprintf("%x", b)[:n]
|
||||
}
|
||||
|
||||
// TestServiceCreateUserArgsChecks generates excessively long usernames or
|
||||
// passwords to assure the santity checks on string length are not exceeded
|
||||
func TestServiceCreateUserArgsCheck(t *testing.T) {
|
||||
ks := Keystore{}
|
||||
ks.Initialize(logging.NoLog{}, memdb.New())
|
||||
|
||||
{
|
||||
reply := CreateUserReply{}
|
||||
err := ks.CreateUser(nil, &CreateUserArgs{
|
||||
Username: genStr(maxUserPassLen + 1),
|
||||
Password: "shortpass",
|
||||
}, &reply)
|
||||
|
||||
if reply.Success || err != errUserPassMaxLength {
|
||||
t.Fatal("User was created when it should have been rejected due to too long a Username, err =", err)
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
reply := CreateUserReply{}
|
||||
err := ks.CreateUser(nil, &CreateUserArgs{
|
||||
Username: "shortuser",
|
||||
Password: genStr(maxUserPassLen + 1),
|
||||
}, &reply)
|
||||
|
||||
if reply.Success || err != errUserPassMaxLength {
|
||||
t.Fatal("User was created when it should have been rejected due to too long a Password, err =", err)
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
reply := ListUsersReply{}
|
||||
if err := ks.ListUsers(nil, &ListUsersArgs{}, &reply); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if len(reply.Users) > 0 {
|
||||
t.Fatalf("A user exists when there should be none")
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func TestServiceCreateDuplicate(t *testing.T) {
|
||||
ks := Keystore{}
|
||||
ks.Initialize(logging.NoLog{}, memdb.New())
|
||||
|
|
Loading…
Reference in New Issue