Skip to content

Commit

Permalink
blacklist even more strict
Browse files Browse the repository at this point in the history
  • Loading branch information
@bchamagne
bchamagne committed Jan 27, 2023
1 parent 88cadf3 commit 0bc7f64
Show file tree
Hide file tree
Showing 2 changed files with 109 additions and 10 deletions.
86 changes: 79 additions & 7 deletions lib/archethic/contracts/interpreter/action.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,29 +148,101 @@ defmodule Archethic.Contracts.ActionInterpreter do

# Blacklist the add_uco_transfer argument list
defp prewalk(
node = {{:atom, key}, _args},
node = {{:atom, "to"}, address},
_acc = {:ok, %{scope: {:function, "add_uco_transfer", {:actions, _}}}}
)
when key != "to" and key != "amount" do
when not is_binary(address) do
throw({:error, "invalid add_uco_transfer arguments", node})
end

defp prewalk(
node = {{:atom, "amount"}, amount},
_acc = {:ok, %{scope: {:function, "add_uco_transfer", {:actions, _}}}}
)
when not is_integer(amount) or amount <= 0 do
throw({:error, "invalid add_uco_transfer arguments", node})
end

defp prewalk(
node = {{:atom, atom}, _},
_acc = {:ok, %{scope: {:function, "add_uco_transfer", {:actions, _}}}}
)
when atom != "to" and atom != "amount" do
throw({:error, "invalid add_uco_transfer arguments", node})
end

# Blacklist the add_token_transfer argument list
defp prewalk(
node = {{:atom, key}, _args},
node = {{:atom, "to"}, address},
_acc = {:ok, %{scope: {:function, "add_token_transfer", {:actions, _}}}}
)
when not is_binary(address) do
throw({:error, "invalid add_token_transfer arguments", node})
end

defp prewalk(
node = {{:atom, "amount"}, amount},
_acc = {:ok, %{scope: {:function, "add_token_transfer", {:actions, _}}}}
)
when not is_integer(amount) or amount <= 0 do
throw({:error, "invalid add_token_transfer arguments", node})
end

defp prewalk(
node = {{:atom, "token_address"}, address},
_acc = {:ok, %{scope: {:function, "add_token_transfer", {:actions, _}}}}
)
when not is_binary(address) do
throw({:error, "invalid add_token_transfer arguments", node})
end

defp prewalk(
node = {{:atom, "token_id"}, id},
_acc = {:ok, %{scope: {:function, "add_token_transfer", {:actions, _}}}}
)
when key != "to" and key != "amount" and key != "token_address" and key != "token_id" do
when not is_integer(id) or id < 0 do
throw({:error, "invalid add_token_transfer arguments", node})
end

defp prewalk(
node = {{:atom, atom}, _},
_acc = {:ok, %{scope: {:function, "add_token_transfer", {:actions, _}}}}
)
when atom != "to" and atom != "amount" and atom != "token_address" and atom != "token_id" do
throw({:error, "invalid add_token_transfer arguments", node})
end

# Blacklist the add_ownership argument list
defp prewalk(
node = {{:atom, key}, _args},
node = {{:atom, "secret"}, secret},
_acc = {:ok, %{scope: {:function, "add_ownership", {:actions, _}}}}
)
when key != "secret" and key != "secret_key" and key != "authorized_public_keys" do
throw({:error, "invalid add_token_transfer arguments", node})
when not is_binary(secret) do
throw({:error, "invalid add_ownership arguments", node})
end

defp prewalk(
node = {{:atom, "secret_key"}, secret_key},
_acc = {:ok, %{scope: {:function, "add_ownership", {:actions, _}}}}
)
when not is_binary(secret_key) do
throw({:error, "invalid add_ownership arguments", node})
end

defp prewalk(
node = {{:atom, "authorized_public_keys"}, authorized_public_keys},
_acc = {:ok, %{scope: {:function, "add_ownership", {:actions, _}}}}
)
when not is_list(authorized_public_keys) do
throw({:error, "invalid add_ownership arguments", node})
end

defp prewalk(
node = {{:atom, atom}, _},
_acc = {:ok, %{scope: {:function, "add_ownership", {:actions, _}}}}
)
when atom != "secret" and atom != "secret_key" and atom != "authorized_public_keys" do
throw({:error, "invalid add_ownership arguments", node})
end

# Whitelist the keywords
Expand Down
33 changes: 30 additions & 3 deletions test/archethic/contracts/interpreter/action_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -530,6 +530,8 @@ defmodule Archethic.Contracts.ActionInterpreterTest do
~S"""
actions triggered_by: transaction do
add_uco_transfer to: "ABC123", amount: 64
add_token_transfer to: "ABC123", amount: 64, token_id: 0, token_address: "012"
add_ownership secret: "ABC123", secret_key: "s3cr3t", authorized_public_keys: ["ADE459"]
end
"""
|> Interpreter.sanitize_code()
Expand All @@ -541,8 +543,14 @@ defmodule Archethic.Contracts.ActionInterpreterTest do
assert {:ok, :transaction, _ast} =
~S"""
actions triggered_by: transaction do
transfer = [to: "ABC123", amount: 33]
add_uco_transfer transfer
uco_transfer = [to: "ABC123", amount: 33]
add_uco_transfer uco_transfer
token_transfer = [to: "ABC123", amount: 64, token_id: 0, token_address: "012"]
add_token_transfer token_transfer
ownership = [secret: "ABC123", secret_key: "s3cr3t", authorized_public_keys: ["ADE459"]]
add_ownership ownership
end
"""
|> Interpreter.sanitize_code()
Expand All @@ -560,7 +568,26 @@ defmodule Archethic.Contracts.ActionInterpreterTest do
|> Interpreter.sanitize_code()
|> elem(1)
|> ActionInterpreter.parse()

assert {:error, "invalid add_token_transfer arguments - amount"} =
~S"""
actions triggered_by: transaction do
add_token_transfer to: "abc123", amount: "thirty one"
end
"""
|> Interpreter.sanitize_code()
|> elem(1)
|> ActionInterpreter.parse()

assert {:error, "invalid add_ownership arguments - authorized_public_keys"} =
~S"""
actions triggered_by: transaction do
add_ownership secret: "ABC123", secret_key: "s3cr3t", authorized_public_keys: 42
end
"""
|> Interpreter.sanitize_code()
|> elem(1)
|> ActionInterpreter.parse()
end
end

end

0 comments on commit 0bc7f64

Please sign in to comment.