From f18c6dfea7870132490124e1942901a6a0cddc7e Mon Sep 17 00:00:00 2001
From: Peter Chen <34582813+PeterChen13579@users.noreply.github.com>
Date: Fri, 30 Jun 2023 02:05:21 -0400
Subject: [PATCH] APIv2(account_info): handle invalid "signer_lists" value
 (#4585)

When requesting `account_info` with an invalid `signer_lists` value, the
API should return an "invalidParams" error.

`signer_lists` should have a value of type boolean. If it is not a
boolean, then it is invalid input. The response now indicates that.

* This is an API breaking change, so the change is only reflected for
  requests containing `"api_version": 2`
* Fix #4539
---
 src/ripple/rpc/handlers/AccountInfo.cpp |  9 +++++++++
 src/test/rpc/AccountInfo_test.cpp       | 11 +++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/ripple/rpc/handlers/AccountInfo.cpp b/src/ripple/rpc/handlers/AccountInfo.cpp
index 3af70324bc..13487dd2da 100644
--- a/src/ripple/rpc/handlers/AccountInfo.cpp
+++ b/src/ripple/rpc/handlers/AccountInfo.cpp
@@ -125,6 +125,15 @@ doAccountInfo(RPC::JsonContext& context)
         }
         result[jss::account_flags] = std::move(acctFlags);
 
+        // The document states that signer_lists is a bool, however
+        // assigning any string value works. Do not allow this.
+        // This check is for api Version 2 onwards only
+        if (!params[jss::signer_lists].isBool() && context.apiVersion > 1)
+        {
+            RPC::inject_error(rpcINVALID_PARAMS, result);
+            return result;
+        }
+
         // Return SignerList(s) if that is requested.
         if (params.isMember(jss::signer_lists) &&
             params[jss::signer_lists].asBool())
diff --git a/src/test/rpc/AccountInfo_test.cpp b/src/test/rpc/AccountInfo_test.cpp
index b8e479225d..9108ac6360 100644
--- a/src/test/rpc/AccountInfo_test.cpp
+++ b/src/test/rpc/AccountInfo_test.cpp
@@ -217,6 +217,10 @@ public:
             "\"api_version\": 2, \"account\": \"" + alice.human() + "\", " +
             "\"signer_lists\": true }";
 
+        auto const withSignersAsString = std::string("{ ") +
+            "\"api_version\": 2, \"account\": \"" + alice.human() + "\", " +
+            "\"signer_lists\": asdfggh }";
+
         // Alice has no SignerList yet.
         {
             // account_info without the "signer_lists" argument.
@@ -263,6 +267,13 @@ public:
             auto const& entry0 = signerEntries[0u][sfSignerEntry.jsonName];
             BEAST_EXPECT(entry0[sfSignerWeight.jsonName] == 3);
         }
+        {
+            // account_info with "signer_lists" as not bool should error out
+            auto const info =
+                env.rpc("json", "account_info", withSignersAsString);
+            BEAST_EXPECT(info[jss::status] == "error");
+            BEAST_EXPECT(info[jss::error] == "invalidParams");
+        }
 
         // Give alice a big signer list
         Account const demon{"demon"};