Merge pull request #8789 from accumulator/bip21_req_params_validation

bip21: fail bip21 uri if unsupported req-* parameter is present.
spesmilo · Jan 4, 2024 · 926756c · 926756c
2 parents 313b79c + bd88b6b
commit 926756c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/electrum/bip21.py b/electrum/bip21.py
@@ -43,6 +43,9 @@ def parse_bip21_URI(uri: str) -> dict:
     for k, v in pq.items():
         if len(v) != 1:
             raise InvalidBitcoinURI(f'Duplicate Key: {repr(k)}')
+        if k.startswith('req-'):
+            # we have no support for any req-* query parameters
+            raise InvalidBitcoinURI(f'Unsupported Key: {repr(k)}')
 
     out = {k: v[0] for k, v in pq.items()}
     if address:

diff --git a/electrum/tests/test_util.py b/electrum/tests/test_util.py
@@ -149,6 +149,13 @@ def test_parse_URI_invalid(self):
     def test_parse_URI_parameter_pollution(self):
         self.assertRaises(InvalidBitcoinURI, parse_bip21_URI, 'bitcoin:15mKKb2eos1hWa6tisdPwwDC1a5J1y9nma?amount=0.0003&label=test&amount=30.0')
 
+    @as_testnet
+    def test_parse_URI_unsupported_req_key(self):
+        self._do_test_parse_URI('bitcoin:TB1QXJ6KVTE6URY2MX695METFTFT7LR5HYK4M3VT5F?amount=0.00100000&label=test&somethingyoudontunderstand=50',
+                                {'address': 'TB1QXJ6KVTE6URY2MX695METFTFT7LR5HYK4M3VT5F', 'amount': 100000, 'label': 'test', 'somethingyoudontunderstand': '50'})
+        # now test same URI but with "req-test=1" added
+        self.assertRaises(InvalidBitcoinURI, parse_bip21_URI, 'bitcoin:TB1QXJ6KVTE6URY2MX695METFTFT7LR5HYK4M3VT5F?amount=0.00100000&label=test&req-test=1&somethingyoudontunderstand=50')
+
     @as_testnet
     def test_parse_URI_lightning_consistency(self):
         # bip21 uri that *only* includes a "lightning" key. LN part does not have fallback address