From b8aad2584b3163240051c0d8a0071cd8b604625d Mon Sep 17 00:00:00 2001 From: atheesh Date: Wed, 29 May 2024 10:45:36 +0530 Subject: [PATCH] validations --- x/authz/keeper/msg_server.go | 78 +++++++++++++++++++++++++++--------- 1 file changed, 58 insertions(+), 20 deletions(-) diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go index fdd919257b95..ff304efea20c 100644 --- a/x/authz/keeper/msg_server.go +++ b/x/authz/keeper/msg_server.go @@ -60,7 +60,7 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra var rules []*authz.Rule if msg.Rules != nil { var err error - err, rules = k.VerifyAndBuildRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules) + rules, err = k.VerifyAndBuildRules(goCtx, msg.Grant.Authorization.GetTypeUrl(), msg.Rules) if err != nil { return nil, err } @@ -75,31 +75,20 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra } // VerifyTheRules checks the keys of rules provided are allowed -func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesBytes []byte) (error, []*authz.Rule) { +func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesBytes []byte) ([]*authz.Rule, error) { var rulesJson authz.AppAuthzRules err := json.Unmarshal(rulesBytes, &rulesJson) if err != nil { - return err, nil + return nil, err } - var rules []*authz.Rule - switch msg { - case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}): - rules = []*authz.Rule{ - {Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients}, - {Key: authz.MaxAmount, Values: rulesJson.MaxAmount}, - } - - case sdk.MsgTypeURL(&staking.MsgDelegate{}): - rules = []*authz.Rule{ - {Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators}, - {Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount}, - } + if err := validateRules(rulesJson); err != nil { + return nil, err } registeredRules, err := k.GetAuthzRulesKeys(goCtx) if err != nil { - return err, nil + return nil, err } var values []string @@ -110,11 +99,26 @@ func (k Keeper) VerifyAndBuildRules(goCtx context.Context, msg string, rulesByte } } - if err := checkStructKeys(rules, values); err != nil { - return err, nil + if err := checkStructKeys(rulesJson, values); err != nil { + return nil, err } - return nil, rules + var rules []*authz.Rule + switch msg { + case sdk.MsgTypeURL(&bankv1beta1.MsgSend{}): + rules = []*authz.Rule{ + {Key: authz.AllowedRecipients, Values: rulesJson.AllowedRecipients}, + {Key: authz.MaxAmount, Values: rulesJson.MaxAmount}, + } + + case sdk.MsgTypeURL(&staking.MsgDelegate{}): + rules = []*authz.Rule{ + {Key: authz.AllowedStakeValidators, Values: rulesJson.AllowedStakeValidators}, + {Key: authz.AllowedMaxStakeAmount, Values: rulesJson.AllowedMaxStakeAmount}, + } + } + + return rules, nil } func checkStructKeys(s interface{}, allowedKeys []string) error { @@ -145,6 +149,40 @@ func isAllowedKey(key string, allowedKeys []string) bool { return false } +func validateRules(rules authz.AppAuthzRules) error { + for _, addr := range rules.AllowedRecipients { + if _, err := sdk.AccAddressFromBech32(addr); err != nil { + return err + } + } + + coins, err := sdk.ParseCoinsNormalized(strings.Join(rules.MaxAmount, ",")) + if err != nil { + return err + } + + if err := coins.Sort().Validate(); err != nil { + return err + } + + for _, valAddr := range rules.AllowedStakeValidators { + if _, err := sdk.ValAddressFromBech32(valAddr); err != nil { + return err + } + } + + maxStake, err := sdk.ParseCoinsNormalized(strings.Join(rules.AllowedMaxStakeAmount, ",")) + if err != nil { + return err + } + + if err := maxStake.Sort().Validate(); err != nil { + return err + } + + return nil +} + // Revoke implements the MsgServer.Revoke method. func (k Keeper) Revoke(goCtx context.Context, msg *authz.MsgRevoke) (*authz.MsgRevokeResponse, error) { if strings.EqualFold(msg.Grantee, msg.Granter) {