New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rpc: Sanitize label name in various RPCs with tests #26186
rpc: Sanitize label name in various RPCs with tests #26186
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approach ACK 3012200
3012200
to
cef09dd
Compare
Thanks for the review @stickies-v, I've addressed all your comments. |
cef09dd
to
b2d0d4b
Compare
b2d0d4b
to
d293585
Compare
Pushed, thanks @stickies-v. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK d293585 - nice improvement, straightforward code changes and test.
Left a few nits, nothing blocking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK. Left a follow-up idea
62535d8
to
8867b03
Compare
8867b03
to
5b98f5a
Compare
5b98f5a
to
8b71661
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 8b71661
Done @luke-jr. |
cce2e87
to
b119bb8
Compare
Concept ACK |
b119bb8
to
408e375
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re-ACK 408e375
Reduced string copying compared to my previous ACK. One non-blocking nit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 893c288
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK.
408e375
to
6d70265
Compare
- importprivkey - importaddress - importpubkey - listtransactions - listsinceblock - importmulti - importdescriptors
6d70265
to
632202c
Compare
632202c
to
65e78bd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff ACK 65e78bd
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re-ACK 65e78bd
static const std::string empty_string; | ||
if (value.isNull()) return empty_string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: not needed anymore now that we're returning a string copy
static const std::string empty_string; | |
if (value.isNull()) return empty_string; | |
if (value.isNull()) return ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or return {};
ACK 65e78bd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re-ACK 65e78bd
[node.getnewaddress], | ||
[node.setlabel, address], | ||
[node.getaddressesbylabel], | ||
[node.importpubkey, pubkey], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In 65e78bd "test: Invalid label name coverage"
importpubkey
is a legacy wallet only RPC. The reason this test still passes with --descriptors
is because the test framework has this (and some of the other import RPCs) aliased to importdescriptors
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to know. But considering this PR has 4 ACKs, is it worth the change? The test is executed with both --legacy-wallet
and --descriptors
anyway.
ACK 65e78bd |
65e78bd test: Invalid label name coverage (Aurèle Oulès) 552b51e refactor: Add sanity checks in LabelFromValue (Aurèle Oulès) 67e7ba8 rpc: Sanitize label name in various RPCs (Aurèle Oulès) Pull request description: The following RPCs did not sanitize the optional label name: - importprivkey - importaddress - importpubkey - importmulti - importdescriptors - listsinceblock Thus is was possible to import an address with a label `*` which should not be possible. The wildcard label is used for backwards compatibility in the `listtransactions` rpc. I added test coverage for these RPCs. ACKs for top commit: ajtowns: ACK 65e78bd achow101: ACK 65e78bd furszy: diff ACK 65e78bd stickies-v: re-ACK 65e78bd theStack: re-ACK 65e78bd Tree-SHA512: ad99f2824d4cfae352166b76da4ca0069b7c2eccf81aaa0654be25bbb3c6e5d6b005d93960f3f4154155f80e12be2d0cebd5529922ae3d2a36ee4eed82440b31
The following RPCs did not sanitize the optional label name:
Thus is was possible to import an address with a label
*
which should not be possible.The wildcard label is used for backwards compatibility in the
listtransactions
rpc.I added test coverage for these RPCs.