CM-270 Enforce UUID, Key, and Value size limits for create

bluzelle · Mar 3, 2020 · 163d6b2 · 163d6b2
1 parent 200f42b
commit 163d6b2
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/x/crud/internal/types/msgs.go b/x/crud/internal/types/msgs.go
@@ -20,6 +20,9 @@ import (
 
 const RouterKey = ModuleName
 
+const MaxKeySize = 4097 // one extra byte for null between uuid & key
+const MaxValueSize = 262144
+
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 // Create
 type MsgBLZCreate struct {
@@ -46,9 +49,19 @@ func (msg MsgBLZCreate) ValidateBasic() sdk.Error {
 	if msg.Owner.Empty() {
 		return sdk.ErrInvalidAddress(msg.Owner.String())
 	}
+
 	if len(msg.UUID) == 0 || len(msg.Key) == 0 {
 		return sdk.ErrInvalidPubKey("UUID or key Empty")
 	}
+
+	if len(msg.UUID)+len(msg.Key) > MaxKeySize {
+		return sdk.ErrInternal("UUID+Key too large")
+	}
+
+	if len(msg.Value) > MaxValueSize {
+		return sdk.ErrInternal("Value too large")
+	}
+
 	return nil
 }
 

diff --git a/x/crud/internal/types/msgs_test.go b/x/crud/internal/types/msgs_test.go
@@ -55,6 +55,16 @@ func TestMsgBLZCreate_ValidateBasic(t *testing.T) {
 	sut.UUID = "uuid"
 	sut.Key = ""
 	assert.Equal(t, sut.ValidateBasic(), sdk.ErrInvalidPubKey("UUID or key Empty"))
+
+	// test max sizes...
+	sut.Key = string(make([]byte, MaxKeySize/2))
+	sut.UUID = string(make([]byte, MaxKeySize/2+2))
+	assert.Equal(t, sut.ValidateBasic(), sdk.ErrInternal("UUID+Key too large"))
+
+	sut.Key = "Key"
+	sut.UUID = "UUID"
+	sut.Value = string(make([]byte, MaxValueSize+1))
+	assert.Equal(t, sut.ValidateBasic(), sdk.ErrInternal("Value too large"))
 }
 
 func TestMsgBLZCreate_GetSignBytes(t *testing.T) {