Skip to content

Commit

Permalink
[disperser] More security params validation (#22)
Browse files Browse the repository at this point in the history
  • Loading branch information
ian-shim authored Nov 14, 2023
1 parent 5d260be commit 323132e
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 2 deletions.
11 changes: 10 additions & 1 deletion disperser/apiserver/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,18 +78,27 @@ func (s *DispersalServer) DisperseBlob(ctx context.Context, req *pb.DisperseBlob
if len(securityParams) == 0 {
return nil, fmt.Errorf("invalid request: security_params must not be empty")
}
if len(securityParams) > 256 {
return nil, fmt.Errorf("invalid request: security_params must not exceed 256")
}

seenQuorums := make(map[uint32]struct{})
// The quorum ID must be in range [0, 255]. It'll actually be converted
// to uint8, so it cannot be greater than 255.
for _, param := range securityParams {
if _, ok := seenQuorums[param.QuorumId]; ok {
return nil, fmt.Errorf("invalid request: security_params must not contain duplicate quorum_id")
}
seenQuorums[param.QuorumId] = struct{}{}

if param.GetQuorumId() >= uint32(s.quorumCount) {
err := s.updateQuorumCount(ctx)
if err != nil {
return nil, fmt.Errorf("failed to get onchain quorum count: %w", err)
}

if param.GetQuorumId() >= uint32(s.quorumCount) {
return nil, fmt.Errorf("Invalid request: the quorum_id must be in range [0, %d], but found %d", s.quorumCount-1, param.GetQuorumId())
return nil, fmt.Errorf("invalid request: the quorum_id must be in range [0, %d], but found %d", s.quorumCount-1, param.GetQuorumId())
}
}
}
Expand Down
19 changes: 18 additions & 1 deletion disperser/apiserver/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,24 @@ func TestDisperseBlobWithInvalidQuorum(t *testing.T) {
},
},
})
assert.ErrorContains(t, err, "Invalid request: the quorum_id must be in range [0, 1], but found 2")
assert.ErrorContains(t, err, "invalid request: the quorum_id must be in range [0, 1], but found 2")

_, err = dispersalServer.DisperseBlob(ctx, &pb.DisperseBlobRequest{
Data: data,
SecurityParams: []*pb.SecurityParams{
{
QuorumId: 0,
AdversaryThreshold: 80,
QuorumThreshold: 100,
},
{
QuorumId: 0,
AdversaryThreshold: 50,
QuorumThreshold: 90,
},
},
})
assert.ErrorContains(t, err, "invalid request: security_params must not contain duplicate quorum_id")
}

func TestGetBlobStatus(t *testing.T) {
Expand Down

0 comments on commit 323132e

Please sign in to comment.