ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-11-20 11:05:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate the tx_json field in sign_for (RIPD-1100)

Browse Source
This commit is contained in:
Nik Bougalis
2016-03-31 00:26:40 -07:00
parent 73e48e6595
commit 06bfcad671
2 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/ripple/rpc/impl/TransactionSign.cpp
View File

@@ -785,6 +785,9 @@ static Json::Value checkMultiSignFields (Json::Value const& jvRequest)
Json::Value const& tx_json (jvRequest [jss::tx_json]); Json::Value const& tx_json (jvRequest [jss::tx_json]);
if (!tx_json.isObject())
return RPC::invalid_field_message (jss::tx_json);
// There are a couple of additional fields we need to check before // There are a couple of additional fields we need to check before
// we serialize. If we serialize first then we generate less useful // we serialize. If we serialize first then we generate less useful
//error messages. //error messages.
@@ -878,13 +881,17 @@ Json::Value transactionSignFor (
RPC::invalid_field_message (accountField)); RPC::invalid_field_message (accountField));
} }
// If the tx_json.SigningPubKey field is missing, insert an empty one.
// RIPD-1036.
if (! jvRequest.isMember (jss::tx_json)) if (! jvRequest.isMember (jss::tx_json))
return RPC::missing_field_error (jss::tx_json); return RPC::missing_field_error (jss::tx_json);
{ {
Json::Value& tx_json (jvRequest [jss::tx_json]); Json::Value& tx_json (jvRequest [jss::tx_json]);
if (!tx_json.isObject())
return RPC::object_field_error (jss::tx_json);
// If the tx_json.SigningPubKey field is missing,
// insert an empty one.
if (!tx_json.isMember (sfSigningPubKey.getJsonName())) if (!tx_json.isMember (sfSigningPubKey.getJsonName()))
tx_json[sfSigningPubKey.getJsonName()] = ""; tx_json[sfSigningPubKey.getJsonName()] = "";
} }

39
src/ripple/rpc/tests/JSONRPC.test.cpp
View File

@@ -1112,6 +1112,45 @@ R"({
"Missing field 'tx_json.TransactionType'.", "Missing field 'tx_json.TransactionType'.",
"Missing field 'tx_json.TransactionType'."}}, "Missing field 'tx_json.TransactionType'."}},
{ "Invalid field 'tx_json': string instead of object",
R"({
"command": "doesnt_matter",
"account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"secret": "masterpassphrase",
"tx_json": ""
})",
{
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object."}},
{ "Invalid field 'tx_json': integer instead of object",
R"({
"command": "doesnt_matter",
"account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"secret": "masterpassphrase",
"tx_json": 20160331
})",
{
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object."}},
{ "Invalid field 'tx_json': array instead of object",
R"({
"command": "doesnt_matter",
"account": "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
"secret": "masterpassphrase",
"tx_json": [ "hello", "world" ]
})",
{
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object.",
"Invalid field 'tx_json', not object."}},
{ "Minimal submit_multisigned.", { "Minimal submit_multisigned.",
R"({ R"({
"command": "submit_multisigned", "command": "submit_multisigned",