ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
513b1dd1940c35d9edb37b9f2706f172bc8846ab
xahaud/src/test/rpc/RPCOverload_test.cpp
Nik Bougalis 38c3a46a33 Deprecate commands that perform remote tx signing (RIPD-1649): 
In order to facilitate transaction signing, `rippled` offers the `sign` and
`sign_for` and `submit` commands, which, given a seed, can be used to sign or
sign-and-submit transactions. These commands are accessible from the command
line, as well as over the WebSocket and RPC interfaces that `rippled` can be
configured to provide.

These commands, unfortunately, have significant security implications:

  1. They require divulging an account's seed (commonly known as a "secret
     key") to the server.
  2. When executing these commands against remote servers, the seeds can be
     transported over clear-text links.
  3. When executing these commands over the command line, the account
     seed may be visible using common tools that show running processes
     and may potentially be inadvertently stored by system monitoring
     tools or facilities designed to maintain a history of previously
     typed commands.

While this commit cannot prevent users from issuing these commands to a
server, whether locally or remotely, it restricts the `sign` and `sign_for`
commands, as well as the `submit` command when used to sign-and-submit,
so that they require administrative privileges on the server.

Server operators that want to allow unrestricted signing can do so by
adding the following stanza to their configuration file:

    [signing_support]
    true

Ripple discourages server operators from doing so and advises against using
these commands, which will be removed in a future release. If you rely on
these commands for signing, please migrate to a standalone signing solution
as soon as possible. One option is to use `ripple-lib`; documentation is
available at https://developers.ripple.com/rippleapi-reference.html#sign.

If the commands are administratively enabled, the server includes a warning
on startup and adds a new field in the resulting JSON, informing the caller
that the commands are deprecated and may become unavailable at any time.

Acknowledgements:
Jesper Wallin for reporting this issue to Ripple.

Bug Bounties and Responsible Disclosures:
We welcome reviews of the rippled code and urge researchers to responsibly
disclose any issues that they may find. For more on Ripple's Bug Bounty
program, please visit: https://ripple.com/bug-bounty
2018-08-15 19:59:52 -07:00

92 lines
3.3 KiB
C++
Raw Blame History

//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2012, 2013 Ripple Labs Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#include <ripple/core/ConfigSections.h>
#include <ripple/protocol/JsonFields.h>
#include <test/jtx/WSClient.h>
#include <test/jtx/JSONRPCClient.h>
#include <test/jtx.h>
#include <ripple/beast/unit_test.h>
namespace ripple {
namespace test {
class RPCOverload_test : public beast::unit_test::suite
{
public:
void testOverload(bool useWS)
{
testcase << "Overload " << (useWS ? "WS" : "HTTP") << " RPC client";
using namespace jtx;
Env env {*this, envconfig([](std::unique_ptr<Config> cfg)
{
cfg->loadFromString ("[" SECTION_SIGNING_SUPPORT "]\ntrue");
return no_admin(std::move(cfg));
})};
Account const alice {"alice"};
Account const bob {"bob"};
env.fund (XRP (10000), alice, bob);
std::unique_ptr<AbstractClient> client = useWS ?
makeWSClient(env.app().config())
: makeJSONRPCClient(env.app().config());
Json::Value tx = Json::objectValue;
tx[jss::tx_json] = pay(alice, bob, XRP(1));
tx[jss::secret] = toBase58(generateSeed("alice"));
// Ask the server to repeatedly sign this transaction
// Signing is a resource heavy transaction, so we want the server
// to warn and eventually boot us.
bool warned = false, booted = false;
for(int i = 0 ; i < 500 && !booted; ++i)
{
auto jv = client->invoke("sign", tx);
if(!useWS)
jv = jv[jss::result];
// When booted, we just get a null json response
if(jv.isNull())
booted = true;
else if (!(jv.isMember(jss::status) &&
(jv[jss::status] == "success")))
{
// Don't use BEAST_EXPECT above b/c it will be called a non-deterministic number of times
// and the number of tests run should be deterministic
fail("", __FILE__, __LINE__);
}
if(jv.isMember(jss::warning))
warned = jv[jss::warning] == jss::load;
}
BEAST_EXPECT(warned && booted);
}
void run() override
{
testOverload(false /* http */);
testOverload(true /* ws */);
}
};
BEAST_DEFINE_TESTSUITE(RPCOverload,app,ripple);
} // test
} // ripple
Reference in New Issue View Git Blame Copy Permalink