From b2c7d0decfc24843e888dcb5b0e02c0423b02b03 Mon Sep 17 00:00:00 2001
From: Shivam Purohit <shivampurohit900@gmail.com>
Date: Tue, 7 Nov 2023 12:02:06 +0530
Subject: [PATCH] feat(cactus-plugin-ledger-connector-quorum):additional type
 checking

Signed-off-by: Shivam Purohit <shivampurohit900@gmail.com>
---
 ...invoke-raw-web3eth-contract-v1-endpoint.ts | 39 ++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/packages/cactus-plugin-ledger-connector-quorum/src/main/typescript/web-services/invoke-raw-web3eth-contract-v1-endpoint.ts b/packages/cactus-plugin-ledger-connector-quorum/src/main/typescript/web-services/invoke-raw-web3eth-contract-v1-endpoint.ts
index 790bf9e628a..1952c8541b1 100644
--- a/packages/cactus-plugin-ledger-connector-quorum/src/main/typescript/web-services/invoke-raw-web3eth-contract-v1-endpoint.ts
+++ b/packages/cactus-plugin-ledger-connector-quorum/src/main/typescript/web-services/invoke-raw-web3eth-contract-v1-endpoint.ts
@@ -16,6 +16,7 @@ import { PluginLedgerConnectorQuorum } from "../plugin-ledger-connector-quorum";
 import OAS from "../../json/openapi.json";
 import sanitizeHtml from "sanitize-html";
 import { InvokeRawWeb3EthContractV1Response } from "../generated/openapi/typescript-axios";
+import type { FunctionFragment } from "ethers";
 
 export interface IInvokeRawWeb3EthContractEndpointOptions {
   logLevel?: LogLevelDesc;
@@ -86,9 +87,45 @@ export class InvokeRawWeb3EthContractEndpoint implements IWebServiceEndpoint {
     const reqTag = `${this.getVerbLowerCase()} - ${this.getPath()}`;
     this.log.debug(reqTag);
 
+    const userInput = req.body;
+    const abi = userInput.abi;
+
+    if (!Array.isArray(abi) || abi.length == 0) {
+      throw new Error("Invalid or missing ABI in the request");
+    }
+
+    const methodName = userInput.contractMethod;
+    const method = abi.find(
+      (item: FunctionFragment) => item.name === methodName,
+    );
+
+    //getting methodparams from request
+    const contractMethodArgs = userInput.contractMethodArgs || [];
+
+    if (!method) {
+      throw new Error("Method not found in the provided ABI");
+    }
+
+    //getting methodparams from abi
+    const functionInputs = method.inputs || [];
+
+    for (const input of functionInputs) {
+      if (
+        !Object.prototype.hasOwnProperty.call(contractMethodArgs, input.name)
+      ) {
+        throw new Error(`Missing input parameter: ${input.name}`);
+      }
+
+      // Check if the input type matches the expected type
+      const isValidType = typeof userInput[input.name] === input.type;
+      if (!isValidType) {
+        throw new Error(`Invalid data type for parameter ${input.name}`);
+      }
+    }
+
     try {
       const methodResponse =
-        await this.options.connector.invokeRawWeb3EthContract(req.body);
+        await this.options.connector.invokeRawWeb3EthContract(userInput);
       const response: InvokeRawWeb3EthContractV1Response = {
         status: 200,
         data: methodResponse,