-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Json RPC method parameter validation #2097
Conversation
… blockHash, Tx Hash and Hex Index parameters and deserializers
import static org.mockito.Mockito.mock; | ||
import static org.mockito.Mockito.when; | ||
|
||
class JsonRPCParamValidationTest { |
Check notice
Code scanning / CodeQL
Unused classes and interfaces Note test
….. related methods having parameter validation
pipeline:run |
public BlockRefParam deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException { | ||
BlockRef blockRef = mapper.readValue(jp, BlockRef.class); | ||
return new BlockRefParam(blockRef); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here we'd need to support two cases and validate them:
- value is a blockId, eg. number "0x123" or tag "latest" (
String
) - value is an JSON object with all supported fields, eg. blockNumber or requireCanonical (
Map<String, String>
)
…nd eth_getFilterLogs. Fixing failing test from previous commit
Adding new FilterResquest Parameter class for JsonPRC
public interface EthModuleWallet { | ||
|
||
String[] accounts(); | ||
|
||
String sign(String addr, String data); | ||
String sign(HexAddressParam addr, HexDataParam data); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
About this change, I think we shouldn't add the specific JsonRPC parameters here, we could keep the string or directly update to the address and data classes.
The Json PRC parameter classes should be used only under the jsonRPC domain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand, I will revert the changes for this one.
…ccount_method Check null value in newAccount method
try { | ||
this.rawDataBytes = HexUtils.stringHexToByteArray(rawData); | ||
} catch (Exception e) { | ||
throw RskJsonRpcRequestException.invalidParamError("Invalid data format. " + e.getMessage()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we should not expose an Exception's message to a user, I'd rather do it this way:
throw RskJsonRpcRequestException.invalidParamError("Invalid data format", e);
Messages are returned in JSON-RPC responses
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also check other param classes, eg HashParam32, HexAddressParam etc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Vovchyk @asoto-iov I overlooked that using the e
object will still expose the exception message, so I updated these errors to "Invalid data format: invalid hex value"
. I think this also will keep it consistent with the rest of the code since we don't use the exception message for any of the other validation errors. Let me know what you think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rmoreliovlabs, you can still pass exception as the last parameter in the list, so it'd be printed in logs later - like in the example above
@@ -0,0 +1,51 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,102 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,127 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,48 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,49 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,41 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,45 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,50 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
@@ -0,0 +1,16 @@ | |||
package org.ethereum.rpc.parameters; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(C) header is missing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added the (C) header to all new files that were missing it, thanks for catching that.
pipeline:run |
…equest_parameter Adding support for null topics
" \"topics\":[\"0x000000000000000000000000000000006d696e696e675f6665655f746f706963\", null, [\"0x000000000000000000000000000000006d696e696e675f6665655f746f706963\",null]]}"; | ||
JsonNode jsonNode = objectMapper.readTree(filterRequestInput); | ||
FilterRequestParam filterRequestParam = objectMapper.convertValue(jsonNode, FilterRequestParam.class); | ||
FilterRequest fr = objectMapper.convertValue(jsonNode, FilterRequest.class); |
Check notice
Code scanning / CodeQL
Unread local variable Note test
2ad2c49
to
55b42e8
Compare
Added proper handling of number parsing
pipeline:run |
Kudos, SonarCloud Quality Gate passed! |
Description
Motivation and Context
How Has This Been Tested?
Types of changes
Checklist: