Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix to prevent accepting file name #690

Merged
merged 6 commits into from
Oct 12, 2022
Merged

fix: fix to prevent accepting file name #690

merged 6 commits into from
Oct 12, 2022

Conversation

da1suk8
Copy link
Member

@da1suk8 da1suk8 commented Oct 3, 2022
edited
Loading

Description

Fixed to prevent accepting file name.
The file name to be downloaded in the current directory is contract-[code id].wasm

For example, if the code id is 3, the file name is contract-3.wasm

Motivation and context

This may cause security issues.

How has this been tested?

Please test by setting the relative path to the lbm-sdk in lbm.

Checklist:

  • I followed the contributing guidelines and code of conduct.
  • I have added a relevant changelog to CHANGELOG.md
  • I have added tests to cover my changes.
  • I have updated the documentation accordingly.
  • I have updated API documentation client/docs/swagger-ui/swagger.yaml

@da1suk8 da1suk8 self-assigned this Oct 3, 2022
@codecov
Copy link

codecov bot commented Oct 3, 2022
edited
Loading

Codecov Report

Merging #690 (5a1c476) into main (580d404) will increase coverage by 0.40%.
The diff coverage is 100.00%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #690      +/-   ##
==========================================
+ Coverage   61.24%   61.64%   +0.40%     
==========================================
  Files         874      874              
  Lines       98546    98547       +1     
==========================================
+ Hits        60351    60747     +396     
+ Misses      34622    34234     -388     
+ Partials     3573     3566       -7
Impacted Files Coverage Δ
x/wasm/client/cli/query.go 93.84% <100.00%> (+93.84%) ⬆️
x/collection/msgs.go 34.25% <0.00%> (-7.23%) ⬇️
x/token/msgs.go 34.51% <0.00%> (-4.07%) ⬇️
x/collection/collection.go 78.57% <0.00%> (-1.79%) ⬇️
x/wasm/keeper/keeper.go 86.16% <0.00%> (+0.36%) ⬆️
crypto/keys/internal/ecdsa/privkey.go 84.21% <0.00%> (+1.75%) ⬆️

tnasu and others added 3 commits October 11, 2022 11:09
@da1suk8 da1suk8 marked this pull request as ready for review October 11, 2022 07:07
@da1suk8 da1suk8 merged commit 8b8c01b into Finschia:main Oct 12, 2022
@da1suk8 da1suk8 deleted the fix/fix_GetCmdQueryCode branch October 12, 2022 03:05
@0Tech 0Tech mentioned this pull request Oct 27, 2022
Merged
3 tasks
@zemyblue zemyblue mentioned this pull request Oct 27, 2022
Merged
5 tasks
@zemyblue zemyblue mentioned this pull request Nov 28, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnasu tnasu tnasu approved these changes

@zemyblue zemyblue zemyblue approved these changes

@0Tech 0Tech Awaiting requested review from 0Tech 0Tech is a code owner

@dudong2 dudong2 Awaiting requested review from dudong2

@loloicci loloicci Awaiting requested review from loloicci

@shiki-tak shiki-tak Awaiting requested review from shiki-tak

Assignees

@da1suk8 da1suk8

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@da1suk8 @tnasu @zemyblue