-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release finding #585
Release finding #585
Changes from 5 commits
f9f7c39
f4032d0
9f51ef3
019531a
95d0d28
d8ce8ae
e6834bf
0f1ba1f
9c66421
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,6 +24,9 @@ service Msg { | |
|
||
// HostRejectFinding defines a method for host reject a finding. | ||
rpc HostRejectFinding(MsgHostRejectFinding) returns (MsgHostRejectFindingResponse); | ||
|
||
// MsgReleaseFinding defines a method for release a finding. | ||
rpc ReleaseFinding(MsgReleaseFinding) returns (MsgReleaseFindingResponse); | ||
} | ||
|
||
// MsgCreateProgram defines a SDK message for creating a new program. | ||
|
@@ -48,6 +51,8 @@ message MsgCreateProgram { | |
message MsgCreateProgramResponse { | ||
uint64 program_id = 1 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""]; | ||
} | ||
|
||
// MsgSubmitFinding defines a message to submit a finding. | ||
message MsgSubmitFinding { | ||
option (gogoproto.equal) = false; | ||
option (gogoproto.goproto_getters) = false; | ||
|
@@ -60,6 +65,7 @@ message MsgSubmitFinding { | |
string submitter_address = 6 [(gogoproto.moretags) = "yaml:\"submitter_address\""]; | ||
} | ||
|
||
// MsgSubmitFindingResponse defines the MsgSubmitFinding response type. | ||
message MsgSubmitFindingResponse { | ||
option (gogoproto.goproto_getters) = false; | ||
uint64 finding_id = 1 [(gogoproto.jsontag) = "finding_id", (gogoproto.moretags) = "yaml:\"finding_id\""]; | ||
|
@@ -89,4 +95,18 @@ message MsgHostRejectFinding { | |
} | ||
|
||
// MsgHostRejectFindingResponse defines the Msg/ostRejectFinding response type. | ||
message MsgHostRejectFindingResponse {} | ||
message MsgHostRejectFindingResponse {} | ||
|
||
// MsgReleaseFinding defines a message to release a finding. | ||
message MsgReleaseFinding { | ||
option (gogoproto.equal) = false; | ||
|
||
uint64 finding_id = 1 [(gogoproto.moretags) = "yaml:\"finding_id\""]; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We might also need release all or some findings of a given program. |
||
string desc = 2 [(gogoproto.moretags) = "yaml:\"desc\""]; | ||
string poc = 3 [(gogoproto.moretags) = "yaml:\"poc\""]; | ||
string comment = 4 [(gogoproto.moretags) = "yaml:\"comment\""]; | ||
string host_address = 5 [(gogoproto.moretags) = "yaml:\"host_address\""]; | ||
} | ||
|
||
// MsgReleaseFindingResponse defines the MsgReleaseFinding response type. | ||
message MsgReleaseFindingResponse {} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -34,6 +34,7 @@ func NewTxCmd() *cobra.Command { | |
NewSubmitFindingCmd(), | ||
NewHostAcceptFindingCmd(), | ||
NewHostRejectFindingCmd(), | ||
NewReleaseFindingCmd(), | ||
) | ||
|
||
return bountyTxCmds | ||
|
@@ -317,3 +318,83 @@ func HostProcessFinding(cmd *cobra.Command, args []string) (fid uint64, | |
|
||
return fid, commentAny, hostAddr, nil | ||
} | ||
|
||
func NewReleaseFindingCmd() *cobra.Command { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This was deprecated in favor of providing the decrypted plaintext for each finding to be verified by encrypting it again and matching it with the on-chain encrypted ciphertext There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. so you'd only be able to release findings one by one There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. make sense |
||
cmd := &cobra.Command{ | ||
Use: "release-finding", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think all commands should use the same command format There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, there are currently 2 formats, and should be unified. |
||
Short: "release encrypted part of a finding ", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
clientCtx, err := client.GetClientTxContext(cmd) | ||
if err != nil { | ||
return err | ||
} | ||
hostAddr := clientCtx.GetFromAddress() | ||
|
||
fid, err := cmd.Flags().GetUint64(FlagFindingID) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
encKeyFile, err := cmd.Flags().GetString(FlagEncKeyFile) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
findingDesc, findingPoc, findingComment, err := GetFindingPlainText(cmd, fid, encKeyFile) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
msg := types.NewReleaseFinding( | ||
hostAddr.String(), | ||
fid, | ||
findingDesc, | ||
findingPoc, | ||
findingComment, | ||
) | ||
|
||
return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) | ||
}, | ||
} | ||
|
||
cmd.Flags().String(FlagEncKeyFile, "", "The program's encryption key file to decrypt findings") | ||
cmd.Flags().Uint64(FlagFindingID, 0, "The program's ID") | ||
flags.AddTxFlagsToCmd(cmd) | ||
|
||
_ = cmd.MarkFlagRequired(flags.FlagFrom) | ||
_ = cmd.MarkFlagRequired(FlagFindingID) | ||
_ = cmd.MarkFlagRequired(FlagEncKeyFile) | ||
|
||
return cmd | ||
} | ||
|
||
func GetFindingPlainText(cmd *cobra.Command, fid uint64, encKeyFile string) ( | ||
desc, poc, comment string, err error) { | ||
// get finding info | ||
finding, err := GetFinding(cmd, fid) | ||
if err != nil { | ||
return "", "", "", err | ||
} | ||
|
||
prvKey := LoadPrvKey(encKeyFile) | ||
|
||
encryptedDescBytes := finding.EncryptedDesc.GetValue() | ||
descBytes, err := prvKey.Decrypt(encryptedDescBytes[2:], nil, nil) | ||
if err != nil { | ||
return "", "", "", err | ||
} | ||
|
||
encryptedPocBytes := finding.EncryptedPoc.GetValue() | ||
pocBytes, err := prvKey.Decrypt(encryptedPocBytes[2:], nil, nil) | ||
if err != nil { | ||
return "", "", "", err | ||
} | ||
|
||
encryptedCommentBytes := finding.EncryptedComment.GetValue() | ||
commentBytes, err := prvKey.Decrypt(encryptedCommentBytes[2:], nil, nil) | ||
if err != nil { | ||
return "", "", "", err | ||
} | ||
|
||
return string(descBytes), string(pocBytes), string(commentBytes), nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,8 @@ package cli | |
import ( | ||
"bytes" | ||
"crypto/rand" | ||
codectypes "github.com/cosmos/cosmos-sdk/codec/types" | ||
"github.com/shentufoundation/shentu/v2/x/bounty/types" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. should be sorted later |
||
"testing" | ||
|
||
"github.com/ethereum/go-ethereum/crypto" | ||
|
@@ -13,6 +15,33 @@ const ( | |
keyFile = "./dec-key.json" | ||
) | ||
|
||
func TestAnyToBytes(t *testing.T) { | ||
decKey, err := ecies.GenerateKey(rand.Reader, ecies.DefaultCurve, nil) | ||
if err != nil { | ||
t.Fatal(err.Error()) | ||
} | ||
desc := "test" | ||
encryptedDesc, err := ecies.Encrypt(rand.Reader, &decKey.PublicKey, []byte(desc), nil, nil) | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
|
||
var descAny *codectypes.Any | ||
encDesc := types.EciesEncryptedDesc{ | ||
EncryptedDesc: encryptedDesc, | ||
} | ||
if descAny, err = codectypes.NewAnyWithValue(&encDesc); err != nil { | ||
t.Fatal(err) | ||
} | ||
|
||
descBytes := descAny.GetValue()[2:] | ||
descDecrypt, err := decKey.Decrypt(descBytes, nil, nil) | ||
|
||
if string(descDecrypt) != desc { | ||
t.Fatal("error") | ||
} | ||
} | ||
|
||
func TestSaveLoadKey(t *testing.T) { | ||
decKey, err := ecies.GenerateKey(rand.Reader, ecies.DefaultCurve, nil) | ||
if err != nil { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think encrypted_poc & poc or encrypted_comment & comment pairs can be merged to accept an interface?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, I will merge these.