ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

APIv2(account_tx, noripple_check): return error on invalid input (#4620)

Browse Source 
For the `account_tx` and `noripple_check` methods, perform input
validation for optional parameters such as "binary", "forward",
"strict", "transactions". Previously, when these parameters had invalid
values (e.g. not a bool), no error would be returned. Now, it returns an
`invalidParams` error.

* This updates the behavior to match Clio
  (https://github.com/XRPLF/clio).
* Since this is potentially a breaking change, it only applies to
  requests specifying api_version: 2.
* Fix #4543.
This commit is contained in:
Peter Chen
2023-09-13 18:01:37 -04:00
committed by GitHub
parent f259cc1ab6
commit 7fae1c1262
5 changed files with 233 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ripple/rpc/handlers/AccountInfo.cpp
View File

@@ -134,10 +134,12 @@ doAccountInfo(RPC::JsonContext& context)
result[jss::account_flags] = std::move(acctFlags);
// The document states that signer_lists is a bool, however
// assigning any string value works. Do not allow this.
// This check is for api Version 2 onwards only
if (!params[jss::signer_lists].isBool() && context.apiVersion > 1)
// The document[https://xrpl.org/account_info.html#account_info] states
// that signer_lists is a bool, however assigning any string value
// works. Do not allow this. This check is for api Version 2 onwards
// only
if (context.apiVersion > 1u && params.isMember(jss::signer_lists) &&
!params[jss::signer_lists].isBool())
{
RPC::inject_error(rpcINVALID_PARAMS, result);
return result;

19
src/ripple/rpc/handlers/AccountTx.cpp
View File

@@ -58,7 +58,7 @@ parseLedgerArgs(RPC::Context& context, Json::Value const& params)
Json::Value response;
// if ledger_index_min or max is specified, then ledger_hash or ledger_index
// should not be specified. Error out if it is
if (context.apiVersion > 1)
if (context.apiVersion > 1u)
{
if ((params.isMember(jss::ledger_index_min) ||
params.isMember(jss::ledger_index_max)) &&
@@ -162,7 +162,7 @@ getLedgerRange(
// if ledger_index_min or ledger_index_max is out of
// valid ledger range, error out. exclude -1 as
// it is a valid input
if (context.apiVersion > 1)
if (context.apiVersion > 1u)
{
if ((ls.max > uValidatedMax && ls.max != -1) ||
(ls.min < uValidatedMin && ls.min != 0))
@@ -389,6 +389,21 @@ doAccountTxJson(RPC::JsonContext& context)
AccountTxArgs args;
Json::Value response;
// The document[https://xrpl.org/account_tx.html#account_tx] states that
// binary and forward params are both boolean values, however, assigning any
// string value works. Do not allow this. This check is for api Version 2
// onwards only
if (context.apiVersion > 1u && params.isMember(jss::binary) &&
!params[jss::binary].isBool())
{
return rpcError(rpcINVALID_PARAMS);
}
if (context.apiVersion > 1u && params.isMember(jss::forward) &&
!params[jss::forward].isBool())
{
return rpcError(rpcINVALID_PARAMS);
}
args.limit = params.isMember(jss::limit) ? params[jss::limit].asUInt() : 0;
args.binary = params.isMember(jss::binary) && params[jss::binary].asBool();
args.forward =

10
src/ripple/rpc/handlers/NoRippleCheck.cpp
View File

@@ -83,6 +83,16 @@ doNoRippleCheck(RPC::JsonContext& context)
if (params.isMember(jss::transactions))
transactions = params["transactions"].asBool();
// The document[https://xrpl.org/noripple_check.html#noripple_check] states
// that transactions params is a boolean value, however, assigning any
// string value works. Do not allow this. This check is for api Version 2
// onwards only
if (context.apiVersion > 1u && params.isMember(jss::transactions) &&
!params[jss::transactions].isBool())
{
return rpcError(rpcINVALID_PARAMS);
}
std::shared_ptr<ReadView const> ledger;
auto result = RPC::lookupLedger(ledger, context);
if (!ledger)