Release finding

proto/shentu/bounty/v1/bounty.proto

@@ -42,13 +42,15 @@ message Finding {
   uint64 finding_id = 1 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""];
   string title = 2 [(gogoproto.moretags) = "yaml:\"title\""];
   google.protobuf.Any encrypted_desc = 3 [(cosmos_proto.accepts_interface) = "EncryptedDesc",(gogoproto.moretags) = "yaml:\"encrypted_desc\""];
-  uint64 program_id = 4 [(gogoproto.moretags) = "yaml:\"program_id\""];
-  SeverityLevel severity_level = 5 [(gogoproto.moretags) = "yaml:\"severity_level\""];;
-  google.protobuf.Any encrypted_poc = 6 [(cosmos_proto.accepts_interface) = "EncryptedPoc",(gogoproto.moretags) = "yaml:\"encrypted_poc\""];
-  string submitter_address  = 7 [(gogoproto.moretags) = "yaml:\"submitter_address\""];
-  FindingStatus finding_status = 8 [(gogoproto.moretags) = "yaml:\"finding_status\""];
-
-  google.protobuf.Any encrypted_comment = 9 [(cosmos_proto.accepts_interface) = "EncryptedComment",(gogoproto.moretags) = "yaml:\"encrypted_comment\""];
+  string  desc = 4 [(gogoproto.moretags) = "yaml:\"desc\""];
+  uint64 program_id = 5 [(gogoproto.moretags) = "yaml:\"program_id\""];
+  SeverityLevel severity_level = 6 [(gogoproto.moretags) = "yaml:\"severity_level\""];;
+  google.protobuf.Any encrypted_poc = 7 [(cosmos_proto.accepts_interface) = "EncryptedPoc",(gogoproto.moretags) = "yaml:\"encrypted_poc\""];
+  string poc = 8 [(gogoproto.moretags) = "yaml:\"poc\""];
+  string submitter_address  = 9 [(gogoproto.moretags) = "yaml:\"submitter_address\""];
+  FindingStatus finding_status = 10 [(gogoproto.moretags) = "yaml:\"finding_status\""];
+  google.protobuf.Any encrypted_comment = 11 [(cosmos_proto.accepts_interface) = "EncryptedComment",(gogoproto.moretags) = "yaml:\"encrypted_comment\""];
+  string comment = 12 [(cosmos_proto.accepts_interface) = "Comment",(gogoproto.moretags) = "yaml:\"comment\""];
 }
 
 message EciesEncryptedDesc {

proto/shentu/bounty/v1/tx.proto

@@ -24,6 +24,9 @@ service Msg {
 
   // HostRejectFinding defines a method for host reject a finding.
   rpc HostRejectFinding(MsgHostRejectFinding) returns (MsgHostRejectFindingResponse);
+
+  // MsgReleaseFinding defines a method for release a finding.
+  rpc ReleaseFinding(MsgReleaseFinding) returns (MsgReleaseFindingResponse);
 }
 
 // MsgCreateProgram defines a SDK message for creating a new program.
@@ -48,6 +51,8 @@ message MsgCreateProgram {
 message MsgCreateProgramResponse {
   uint64 program_id = 1 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""];
 }
+
+// MsgSubmitFinding defines a message to submit a finding.
 message MsgSubmitFinding {
   option (gogoproto.equal)           = false;
   option (gogoproto.goproto_getters) = false;
@@ -60,6 +65,7 @@ message MsgSubmitFinding {
   string submitter_address  = 6 [(gogoproto.moretags) = "yaml:\"submitter_address\""];
 }
 
+// MsgSubmitFindingResponse defines the MsgSubmitFinding response type.
 message MsgSubmitFindingResponse {
   option (gogoproto.goproto_getters) = false;
   uint64 finding_id = 1 [(gogoproto.jsontag) = "finding_id", (gogoproto.moretags) = "yaml:\"finding_id\""];
@@ -89,4 +95,18 @@ message MsgHostRejectFinding {
 }
 
 // MsgHostRejectFindingResponse defines the Msg/ostRejectFinding response type.
-message MsgHostRejectFindingResponse {}
+message MsgHostRejectFindingResponse {}
+
+// MsgReleaseFinding defines a message to release a finding.
+message MsgReleaseFinding {
+  option (gogoproto.equal)           = false;
+
+  uint64 finding_id = 1 [(gogoproto.moretags) = "yaml:\"finding_id\""];
+  string desc = 2 [(gogoproto.moretags) = "yaml:\"desc\""];
+  string poc = 3 [(gogoproto.moretags) = "yaml:\"poc\""];
+  string comment = 4 [(gogoproto.moretags) = "yaml:\"comment\""];
+  string host_address  = 5 [(gogoproto.moretags) = "yaml:\"host_address\""];
+}
+
+// MsgReleaseFindingResponse defines the MsgReleaseFinding response type.
+message MsgReleaseFindingResponse {}

x/bounty/client/cli/flags.go

@@ -18,4 +18,5 @@ const (
 
 	FlagFindingAddress   = "finding-address"
 	FlagSubmitterAddress = "submitter-address"
+	FlagFindingID        = "finding-id"
 )

x/bounty/client/cli/tx.go

@@ -34,6 +34,7 @@ func NewTxCmd() *cobra.Command {
 		NewSubmitFindingCmd(),
 		NewHostAcceptFindingCmd(),
 		NewHostRejectFindingCmd(),
+		NewReleaseFindingCmd(),
 	)
 
 	return bountyTxCmds
@@ -317,3 +318,83 @@ func HostProcessFinding(cmd *cobra.Command, args []string) (fid uint64,
 
 	return fid, commentAny, hostAddr, nil
 }
+
+func NewReleaseFindingCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "release-finding",
+		Short: "release encrypted part of a finding ",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx, err := client.GetClientTxContext(cmd)
+			if err != nil {
+				return err
+			}
+			hostAddr := clientCtx.GetFromAddress()
+
+			fid, err := cmd.Flags().GetUint64(FlagFindingID)
+			if err != nil {
+				return err
+			}
+
+			encKeyFile, err := cmd.Flags().GetString(FlagEncKeyFile)
+			if err != nil {
+				return err
+			}
+
+			findingDesc, findingPoc, findingComment, err := GetFindingPlainText(cmd, fid, encKeyFile)
+			if err != nil {
+				return err
+			}
+
+			msg := types.NewReleaseFinding(
+				hostAddr.String(),
+				fid,
+				findingDesc,
+				findingPoc,
+				findingComment,
+			)
+
+			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
+		},
+	}
+
+	cmd.Flags().String(FlagEncKeyFile, "", "The program's encryption key file to decrypt findings")
+	cmd.Flags().Uint64(FlagFindingID, 0, "The program's ID")
+	flags.AddTxFlagsToCmd(cmd)
+
+	_ = cmd.MarkFlagRequired(flags.FlagFrom)
+	_ = cmd.MarkFlagRequired(FlagFindingID)
+	_ = cmd.MarkFlagRequired(FlagEncKeyFile)
+
+	return cmd
+}
+
+func GetFindingPlainText(cmd *cobra.Command, fid uint64, encKeyFile string) (
+	desc, poc, comment string, err error) {
+	// get finding info
+	finding, err := GetFinding(cmd, fid)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	prvKey := LoadPrvKey(encKeyFile)
+
+	encryptedDescBytes := finding.EncryptedDesc.GetValue()
+	descBytes, err := prvKey.Decrypt(encryptedDescBytes[2:], nil, nil)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	encryptedPocBytes := finding.EncryptedPoc.GetValue()
+	pocBytes, err := prvKey.Decrypt(encryptedPocBytes[2:], nil, nil)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	encryptedCommentBytes := finding.EncryptedComment.GetValue()
+	commentBytes, err := prvKey.Decrypt(encryptedCommentBytes[2:], nil, nil)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	return string(descBytes), string(pocBytes), string(commentBytes), nil
+}

x/bounty/client/cli/utils_test.go

@@ -3,6 +3,8 @@ package cli
 import (
 	"bytes"
 	"crypto/rand"
+	codectypes "github.com/cosmos/cosmos-sdk/codec/types"
+	"github.com/shentufoundation/shentu/v2/x/bounty/types"
 	"testing"
 
 	"github.com/ethereum/go-ethereum/crypto"
@@ -13,6 +15,33 @@ const (
 	keyFile = "./dec-key.json"
 )
 
+func TestAnyToBytes(t *testing.T) {
+	decKey, err := ecies.GenerateKey(rand.Reader, ecies.DefaultCurve, nil)
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+	desc := "test"
+	encryptedDesc, err := ecies.Encrypt(rand.Reader, &decKey.PublicKey, []byte(desc), nil, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var descAny *codectypes.Any
+	encDesc := types.EciesEncryptedDesc{
+		EncryptedDesc: encryptedDesc,
+	}
+	if descAny, err = codectypes.NewAnyWithValue(&encDesc); err != nil {
+		t.Fatal(err)
+	}
+
+	descBytes := descAny.GetValue()[2:]
+	descDecrypt, err := decKey.Decrypt(descBytes, nil, nil)
+
+	if string(descDecrypt) != desc {
+		t.Fatal("error")
+	}
+}
+
 func TestSaveLoadKey(t *testing.T) {
 	decKey, err := ecies.GenerateKey(rand.Reader, ecies.DefaultCurve, nil)
 	if err != nil {

x/bounty/handler.go

@@ -27,6 +27,9 @@ func NewHandler(k keeper.Keeper) sdk.Handler {
 		case *types.MsgHostRejectFinding:
 			res, err := msgServer.HostRejectFinding(sdk.WrapSDKContext(ctx), msg)
 			return sdk.WrapServiceResult(ctx, res, err)
+		case *types.MsgReleaseFinding:
+			res, err := msgServer.ReleaseFinding(sdk.WrapSDKContext(ctx), msg)
+			return sdk.WrapServiceResult(ctx, res, err)
 		default:
 			return nil, sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, "unrecognized %s message type: %T", types.ModuleName, msg)
 		}

x/bounty/keeper/msg_server.go

@@ -241,3 +241,46 @@ func (k msgServer) hostProcess(ctx sdk.Context, fid uint64, hostAddr string, enc
 	finding.EncryptedComment = encryptedCommentAny
 	return &finding, nil
 }
+
+func (k msgServer) ReleaseFinding(goCtx context.Context, msg *types.MsgReleaseFinding) (*types.MsgReleaseFindingResponse, error) {
+	ctx := sdk.UnwrapSDKContext(goCtx)
+
+	// get finding
+	finding, isExist := k.GetFinding(ctx, msg.FindingId)
+	if !isExist {
+		return nil, fmt.Errorf("no finding id:%d", msg.FindingId)
+	}
+	// get program
+	program, isExist := k.GetProgram(ctx, finding.ProgramId)
+	if !isExist {
+		return nil, fmt.Errorf("no program id:%d", finding.ProgramId)
+	}
+	if !program.Active {
+		return nil, fmt.Errorf("program id:%d is closed", finding.ProgramId)
+	}
+
+	// only creator can update finding comment
+	if program.CreatorAddress != msg.HostAddress {
+		return nil, fmt.Errorf("%s not the program creator, expect %s", msg.HostAddress, program.CreatorAddress)
+	}
+
+	finding.Desc = msg.Desc
+	finding.Poc = msg.Poc
+	finding.Comment = msg.Comment
+
+	k.SetFinding(ctx, finding)
+
+	ctx.EventManager().EmitEvents(sdk.Events{
+		sdk.NewEvent(
+			types.EventTypeReleaseFinding,
+			sdk.NewAttribute(types.AttributeKeyFindingID, strconv.FormatUint(finding.FindingId, 10)),
+		),
+		sdk.NewEvent(
+			sdk.EventTypeMessage,
+			sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
+			sdk.NewAttribute(sdk.AttributeKeySender, msg.HostAddress),
+		),
+	})
+
+	return &types.MsgReleaseFindingResponse{}, nil
+}

x/bounty/keeper/msg_server_test.go

@@ -379,3 +379,60 @@ func (suite *KeeperTestSuite) TestHostRejectFinding() {
 		})
 	}
 }
+
+func (suite *KeeperTestSuite) TestReleaseFinding() {
+	programId := suite.InitCreateProgram()
+	findingId := suite.InitSubmitFinding(programId)
+
+	testCases := []struct {
+		name    string
+		req     *types.MsgReleaseFinding
+		expPass bool
+	}{
+		{
+			"empty request",
+			&types.MsgReleaseFinding{},
+			false,
+		},
+		{
+			"valid request => plain text is valid",
+			&types.MsgReleaseFinding{
+				FindingId:   findingId,
+				Desc:        "test desc",
+				Poc:         "test poc",
+				Comment:     "test comment",
+				HostAddress: suite.address[0].String(),
+			},
+			true,
+		},
+		{
+			"invalid request => host address is invalid",
+			&types.MsgReleaseFinding{
+				FindingId:   findingId,
+				Desc:        "test desc",
+				Poc:         "test poc",
+				Comment:     "test comment",
+				HostAddress: suite.address[1].String(),
+			},
+			false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		suite.Run(fmt.Sprintf("Case %s", testCase.name), func() {
+			ctx := types1.WrapSDKContext(suite.ctx)
+			_, err := suite.msgServer.ReleaseFinding(ctx, testCase.req)
+
+			finding, _ := suite.keeper.GetFinding(suite.ctx, findingId)
+
+			if testCase.expPass {
+				suite.Require().NoError(err)
+				suite.Require().Equal(finding.Desc, testCase.req.Desc)
+				suite.Require().Equal(finding.Poc, testCase.req.Poc)
+				suite.Require().Equal(finding.Comment, testCase.req.Comment)
+			} else {
+				suite.Require().Error(err)
+			}
+		})
+	}
+}