m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Code

🐛 Calldata validation (#17326)

Browse Source 
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
Co-authored-by: Pedro Figueiredo <pedro.figueiredo@consensys.net>
Co-authored-by: brad-decker <bhdecker84@gmail.com>
This commit is contained in:
Harry 2023-02-01 22:34:55 +00:00 committed by GitHub
parent b0ed6be77a
commit fd819451e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
app/scripts/controllers/transactions/lib/util.js
View File

@ -1,4 +1,6 @@
import { ethErrors } from 'eth-rpc-errors'; import { ethErrors } from 'eth-rpc-errors';
import { Interface } from '@ethersproject/abi';
import abi from 'human-standard-token-abi';
import { addHexPrefix } from '../../../lib/util'; import { addHexPrefix } from '../../../lib/util';
import { import {
TransactionEnvelopeType, TransactionEnvelopeType,
@ -218,12 +220,38 @@ export function validateTxParams(txParams, eip1559Compatibility = true) {
); );
} }
break; break;
case 'data':
validateInputData(value);
ensureFieldIsString(txParams, 'data');
break;
default: default:
ensureFieldIsString(txParams, key); ensureFieldIsString(txParams, key);
} }
}); });
} }
/**
*
* @param {*} value
*/
export function validateInputData(value) {
if (value !== null) {
// Validate the input data
const hstInterface = new Interface(abi);
try {
hstInterface.parseTransaction({ data: value });
} catch (e) {
// Throw an invalidParams error if BUFFER_OVERRUN
/* eslint require-unicode-regexp: off */
if (e.message.match(/BUFFER_OVERRUN/)) {
throw ethErrors.rpc.invalidParams(
`Invalid transaction params: data out-of-bounds, BUFFER_OVERRUN.`,
);
}
}
}
}
/** /**
* Validates the {@code from} field in the given tx params * Validates the {@code from} field in the given tx params
* *

12
app/scripts/controllers/transactions/lib/util.test.js
View File

@ -30,6 +30,18 @@ describe('txUtils', function () {
}); });
}); });
it('throws for data out of bounds buffer overrun', function () {
const sample = {
from: '0x1678a085c290ebd122dc42cba69373b5953b831d',
to: '0xfbb5595c18ca76bab52d66188e4ca50c7d95f77a',
data: '0xa9059cbb00000000000000000000000011b6A5fE2906F3354145613DB0d99CEB51f604C90000000000000000000000000000000000000000000000004563918244F400',
};
assert.throws(() => txUtils.validateTxParams(sample), {
message:
'Invalid transaction params: data out-of-bounds, BUFFER_OVERRUN.',
});
});
it('throws for missing "to" and "data"', function () { it('throws for missing "to" and "data"', function () {
const sample = { const sample = {
from: '0x1678a085c290ebd122dc42cba69373b5953b831d', from: '0x1678a085c290ebd122dc42cba69373b5953b831d',

8
coverage-targets.js
View File

@ -6,10 +6,10 @@
// subset of files to check against these targets. // subset of files to check against these targets.
module.exports = { module.exports = {
global: { global: {
branches: 20, branches: 22,
functions: 30, functions: 33.5,
lines: 57, lines: 62.25,
statements: 40, statements: 41.75,
}, },
transforms: { transforms: {
branches: 100, branches: 100,