Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

APIv2(account_tx, noripple_check): return error for invalid input (fix #4543) #4620

Merged
merged 11 commits into from
Sep 13, 2023

Conversation

PeterChen13579
Copy link
Contributor

@PeterChen13579 PeterChen13579 commented Jul 12, 2023

High Level Overview of Change

Fixed issue #4543 resolving malformed input on certain parameters

Context of Change

Certain inputs for AccountTx and noRippleCheck should of error'ed out

Type of Change

  • [ X] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ X] Tests (You added tests for code that already exists, or your new feature included in this PR)

Added own unit tests for API version 2

Copy link
Collaborator

@arihantkothari arihantkothari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have similar comments that I had in previous PRs (#4577 (comment)). Better to keep it consistent.

@PeterChen13579 PeterChen13579 marked this pull request as draft July 19, 2023 23:06
@PeterChen13579 PeterChen13579 marked this pull request as ready for review August 3, 2023 17:46
@PeterChen13579
Copy link
Contributor Author

PeterChen13579 commented Aug 3, 2023

@ximinez if you mind reviewing this PR when you have the time. Thanks 😃

@intelliot intelliot requested a review from ximinez August 7, 2023 14:02
@@ -137,7 +137,8 @@ doAccountInfo(RPC::JsonContext& context)
// The document states that signer_lists is a bool, however
// assigning any string value works. Do not allow this.
// This check is for api Version 2 onwards only
if (!params[jss::signer_lists].isBool() && context.apiVersion > 1)
if (params.isMember(jss::signer_lists) &&
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't have to explicitly check if jss::signer_lists is a member of params, because otherwise a NULL member is returned as a default. (Source:

operator[](const char* key) const;
)

I'm not saying that what you did is wrong, I am making sure that the existing code is not incorrect.

Does it make a difference that you are using 1u instead of 1, given that the left-hand-side context.apiVersion is an unsigned int?

Copy link
Collaborator

@arihantkothari arihantkothari Aug 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would "1" not do an implicit type conversion from signed to unsigned ? I think "1u" avoids that extra step. No ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking that the field exists is generally best practice for readability, and because if the Json::Value is not const (which is the case for params), referencing the field will create the field if it doesn't exist. That can have negative side effects, from just making the object look ugly and wrong, to actually changing behavior.

@@ -389,6 +389,20 @@ doAccountTxJson(RPC::JsonContext& context)
AccountTxArgs args;
Json::Value response;

// The document states that binary and forward params is a boolean value,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you mean by "document" here? Is it the XRPL documentation website? Can you include a link for the same?

src/ripple/rpc/handlers/AccountInfo.cpp Outdated Show resolved Hide resolved
src/ripple/rpc/handlers/NoRippleCheck.cpp Outdated Show resolved Hide resolved
src/ripple/rpc/handlers/AccountTx.cpp Outdated Show resolved Hide resolved
src/ripple/rpc/handlers/AccountTx.cpp Outdated Show resolved Hide resolved
@@ -137,7 +137,8 @@ doAccountInfo(RPC::JsonContext& context)
// The document states that signer_lists is a bool, however
// assigning any string value works. Do not allow this.
// This check is for api Version 2 onwards only
if (!params[jss::signer_lists].isBool() && context.apiVersion > 1)
if (params.isMember(jss::signer_lists) &&
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking that the field exists is generally best practice for readability, and because if the Json::Value is not const (which is the case for params), referencing the field will create the field if it doesn't exist. That can have negative side effects, from just making the object look ugly and wrong, to actually changing behavior.


if (params[jss::api_version] < 2)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a bunch more overhead to look up params[jss::api_version] and compare it to 2 than there would be to just compare apiVersion < 2u.

But more importantly, this check makes no sense. It makes more sense to run every test, then compare the results based on version. Yes, that will sometimes lead to repetition, but what happens if version 1 is eventually deprecated? Do you want these tests to be deleted? Of course not. You also want to run that version-2-only test under version 1 to demonstrate that the "asdf" is accepted as a valid value.

Copy link
Collaborator

@ximinez ximinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@intelliot intelliot added this to the 1.13 milestone Aug 24, 2023
@intelliot intelliot changed the title Fix malformed optional param APIv2(account_tx, noripple_check): return error for invalid input (fix #4543) Aug 25, 2023
@intelliot
Copy link
Collaborator

note: updates rippled (with api_version 2) to behave as Clio already does

@intelliot
Copy link
Collaborator

@arihantkothari - could you check whether all of your comments have been addressed?

Copy link
Collaborator

@arihantkothari arihantkothari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @intelliot , yes all my comments have been addressed. Thanks! 🚀

@intelliot intelliot merged commit 7fae1c1 into XRPLF:develop Sep 13, 2023
ckeshava pushed a commit to ckeshava/rippled that referenced this pull request Sep 22, 2023
…LF#4620)

For the `account_tx` and `noripple_check` methods, perform input
validation for optional parameters such as "binary", "forward",
"strict", "transactions". Previously, when these parameters had invalid
values (e.g. not a bool), no error would be returned. Now, it returns an
`invalidParams` error.

* This updates the behavior to match Clio
  (https://github.com/XRPLF/clio).
* Since this is potentially a breaking change, it only applies to
  requests specifying api_version: 2.
* Fix XRPLF#4543.
ckeshava pushed a commit to ckeshava/rippled that referenced this pull request Sep 25, 2023
…LF#4620)

For the `account_tx` and `noripple_check` methods, perform input
validation for optional parameters such as "binary", "forward",
"strict", "transactions". Previously, when these parameters had invalid
values (e.g. not a bool), no error would be returned. Now, it returns an
`invalidParams` error.

* This updates the behavior to match Clio
  (https://github.com/XRPLF/clio).
* Since this is potentially a breaking change, it only applies to
  requests specifying api_version: 2.
* Fix XRPLF#4543.
sophiax851 pushed a commit to sophiax851/rippled that referenced this pull request Jun 12, 2024
…LF#4620)

For the `account_tx` and `noripple_check` methods, perform input
validation for optional parameters such as "binary", "forward",
"strict", "transactions". Previously, when these parameters had invalid
values (e.g. not a bool), no error would be returned. Now, it returns an
`invalidParams` error.

* This updates the behavior to match Clio
  (https://github.com/XRPLF/clio).
* Since this is potentially a breaking change, it only applies to
  requests specifying api_version: 2.
* Fix XRPLF#4543.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

5 participants