Merge "[FAB-3155] LSCC security checks at validation time"

hyperledger · Apr 30, 2017 · 8f7bfc3 · 8f7bfc3
2 parents a0763aa + eb019ee
commit 8f7bfc3
Show file tree

Hide file tree

Showing 7 changed files with 1,395 additions and 27 deletions.
diff --git a/common/mocks/ledger/queryexecutor.go b/common/mocks/ledger/queryexecutor.go
@@ -0,0 +1,61 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ledger
+
+import (
+	"fmt"
+
+	"github.com/hyperledger/fabric/common/ledger"
+)
+
+type MockQueryExecutor struct {
+	// State keeps all namepspaces
+	State map[string]map[string][]byte
+}
+
+func NewMockQueryExecutor(state map[string]map[string][]byte) *MockQueryExecutor {
+	return &MockQueryExecutor{
+		State: state,
+	}
+}
+
+func (m *MockQueryExecutor) GetState(namespace string, key string) ([]byte, error) {
+	ns := m.State[namespace]
+	if ns == nil {
+		return nil, fmt.Errorf("Could not retrieve namespace %s", namespace)
+	}
+
+	return ns[key], nil
+}
+
+func (m *MockQueryExecutor) GetStateMultipleKeys(namespace string, keys []string) ([][]byte, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) GetStateRangeScanIterator(namespace string, startKey string, endKey string) (ledger.ResultsIterator, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) ExecuteQuery(namespace, query string) (ledger.ResultsIterator, error) {
+	return nil, nil
+}
+
+func (m *MockQueryExecutor) Done() {
+
+}
diff --git a/core/common/sysccprovider/sysccprovider.go b/core/common/sysccprovider/sysccprovider.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package sysccprovider
 
-import "github.com/golang/protobuf/proto"
+import (
+	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/core/ledger"
+)
 
 // SystemChaincodeProvider provides an abstraction layer that is
 // used for different packages to interact with code in the
@@ -29,6 +32,12 @@ type SystemChaincodeProvider interface {
 	// IsSysCCAndNotInvokableCC2CC returns true if the supplied chaincode
 	// is a system chaincode and is not invokable through a cc2cc invocation
 	IsSysCCAndNotInvokableCC2CC(name string) bool
+
+	// GetQueryExecutorForLedger returns a query executor for the
+	// ledger of the supplied channel.
+	// That's useful for system chaincodes that require unfettered
+	// access to the ledger
+	GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error)
 }
 
 var sccFactory SystemChaincodeProviderFactory

diff --git a/core/scc/lscc/lscc_test.go b/core/scc/lscc/lscc_test.go
@@ -43,6 +43,7 @@ import (
 	putils "github.com/hyperledger/fabric/protos/utils"
 
 	cutil "github.com/hyperledger/fabric/core/container/util"
+	"github.com/hyperledger/fabric/core/ledger"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 )
@@ -67,6 +68,10 @@ func (c *mocksccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return false
 }
 
+func (c *mocksccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	return nil, nil
+}
+
 func register(stub *shim.MockStub, ccname string) error {
 	args := [][]byte{[]byte("register"), []byte(ccname)}
 	if res := stub.MockInvoke("1", args); res.Status != shim.OK {

diff --git a/core/scc/sccproviderimpl.go b/core/scc/sccproviderimpl.go
@@ -17,7 +17,11 @@ limitations under the License.
 package scc
 
 import (
+	"fmt"
+
 	"github.com/hyperledger/fabric/core/common/sysccprovider"
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/core/peer"
 )
 
 // sccProviderFactory implements the sysccprovider.SystemChaincodeProviderFactory
@@ -50,3 +54,12 @@ func (c *sccProviderImpl) IsSysCC(name string) bool {
 func (c *sccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return IsSysCCAndNotInvokableCC2CC(name)
 }
+
+func (c *sccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	l := peer.GetLedger(cid)
+	if l == nil {
+		return nil, fmt.Errorf("Could not retrieve ledger for channel %s", cid)
+	}
+
+	return l.NewQueryExecutor()
+}