Merge pull request #2097 from rsksmart/json_rpc_param_validation

Json RPC method parameter validation
rsksmart · Oct 12, 2023 · 5c5fe3d · 5c5fe3d
2 parents 15ffd2c + bdc22a1
commit 5c5fe3d
Show file tree

Hide file tree

Showing 53 changed files with 3,443 additions and 634 deletions.
diff --git a/rskj-core/src/main/java/co/rsk/rpc/ExecutionBlockRetriever.java b/rskj-core/src/main/java/co/rsk/rpc/ExecutionBlockRetriever.java
@@ -62,8 +62,7 @@ public ExecutionBlockRetriever(Blockchain blockchain, BlockToMineBuilder builder
     }
 
     public Result retrieveExecutionBlock(String bnOrId) {
-
-        if(BlockTag.EARLIEST.tagEquals(bnOrId)) {
+        if (BlockTag.EARLIEST.tagEquals(bnOrId)) {
             return Result.ofBlock(blockchain.getBlockByNumber(0));
         }
 

diff --git a/rskj-core/src/main/java/co/rsk/rpc/Web3EthModule.java b/rskj-core/src/main/java/co/rsk/rpc/Web3EthModule.java
@@ -19,26 +19,35 @@
 package co.rsk.rpc;
 
 import co.rsk.rpc.modules.eth.EthModule;
-import org.ethereum.rpc.CallArguments;
-import org.ethereum.rpc.FilterRequest;
 import org.ethereum.rpc.dto.BlockResultDTO;
 import org.ethereum.rpc.dto.CompilationResultDTO;
 import org.ethereum.rpc.dto.TransactionReceiptDTO;
 import org.ethereum.rpc.dto.TransactionResultDTO;
+import org.ethereum.rpc.parameters.BlockHashParam;
+import org.ethereum.rpc.parameters.FilterRequestParam;
+import org.ethereum.rpc.parameters.BlockIdentifierParam;
+import org.ethereum.rpc.parameters.BlockRefParam;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
+import org.ethereum.rpc.parameters.HexAddressParam;
+import org.ethereum.rpc.parameters.HexDataParam;
+import org.ethereum.rpc.parameters.HexIndexParam;
+import org.ethereum.rpc.parameters.HexNumberParam;
+import org.ethereum.rpc.parameters.TxHashParam;
 
 import java.math.BigInteger;
 import java.util.Map;
 
+@SuppressWarnings({"java:S100", "java:S112"})
 public interface Web3EthModule {
     default String[] eth_accounts() {
         return getEthModule().accounts();
     }
 
-    default String eth_sign(String addr, String data) {
-        return getEthModule().sign(addr, data);
+    default String eth_sign(HexAddressParam addr, HexDataParam data) {
+        return getEthModule().sign(addr.getAddress().toHexString(), data.getAsHexString());
     }
 
-    default String eth_call(CallArguments args, String bnOrId) {
+    default String eth_call(CallArgumentsParam args, BlockIdentifierParam bnOrId) {
         return getEthModule().call(args, bnOrId);
     }
 
@@ -50,8 +59,8 @@ default String eth_chainId() {
         return getEthModule().chainId();
     }
 
-    String eth_estimateGas(CallArguments args, String bnOrId);
-    String eth_estimateGas(CallArguments args);
+    String eth_estimateGas(CallArgumentsParam args);
+    String eth_estimateGas(CallArgumentsParam args, BlockIdentifierParam bnOrId);
 
     EthModule getEthModule();
 
@@ -69,59 +78,53 @@ default String eth_chainId() {
 
     String eth_blockNumber();
 
-    String eth_call(CallArguments args, Map<String, String> blockRef) throws Exception; // NOSONAR
+    String eth_call(CallArgumentsParam args, Map<String, String> blockRef) throws Exception; // NOSONAR
 
-    String eth_getBalance(String address, String block) throws Exception;
+    String eth_getBalance(HexAddressParam address, BlockRefParam blockRefParam) throws Exception;
 
-    String eth_getBalance(String address) throws Exception;
+    String eth_getBalance(HexAddressParam address) throws Exception;
 
-    String eth_getBalance(String address, Map<String, String> blockRef) throws Exception; // NOSONAR
+    String eth_getStorageAt(HexAddressParam address, HexNumberParam storageIdx, BlockRefParam blockRefParam) throws Exception;
 
-    String eth_getStorageAt(String address, String storageIdx, Map<String, String> blockRef) throws Exception; // NOSONAR
+    String eth_getTransactionCount(HexAddressParam address, BlockRefParam blockRefParam) throws Exception;
 
-    String eth_getStorageAt(String address, String storageIdx, String blockId) throws Exception;
+    String eth_getBlockTransactionCountByHash(BlockHashParam blockHash)throws Exception;
 
-    String eth_getTransactionCount(String address, Map<String, String> blockRef) throws Exception; // NOSONAR
+    String eth_getBlockTransactionCountByNumber(BlockIdentifierParam bnOrId)throws Exception;
 
-    String eth_getTransactionCount(String address, String blockId) throws Exception ;
+    String eth_getUncleCountByBlockHash(BlockHashParam blockHash)throws Exception;
 
-    String eth_getBlockTransactionCountByHash(String blockHash)throws Exception;
+    String eth_getUncleCountByBlockNumber(BlockIdentifierParam bnOrId)throws Exception;
 
-    String eth_getBlockTransactionCountByNumber(String bnOrId)throws Exception;
+    String eth_getCode(HexAddressParam address, BlockRefParam blockRefParam) throws Exception;
 
-    String eth_getUncleCountByBlockHash(String blockHash)throws Exception;
-
-    String eth_getUncleCountByBlockNumber(String bnOrId)throws Exception;
-
-    default String eth_getCode(String address, String blockId) {
+    default String getCode(HexAddressParam address, String blockId) {
         return getEthModule().getCode(address, blockId);
     }
 
-    String eth_getCode(String address, Map<String, String> blockRef) throws Exception; // NOSONAR
-
-    default String eth_sendRawTransaction(String rawData) {
+    default String eth_sendRawTransaction(HexDataParam rawData) {
         return getEthModule().sendRawTransaction(rawData);
     }
 
-    default String eth_sendTransaction(CallArguments args) {
+    default String eth_sendTransaction(CallArgumentsParam args) {
         return getEthModule().sendTransaction(args);
     }
 
-    BlockResultDTO eth_getBlockByHash(String blockHash, Boolean fullTransactionObjects) throws Exception;
+    BlockResultDTO eth_getBlockByHash(BlockHashParam blockHash, Boolean fullTransactionObjects) throws Exception;
 
-    BlockResultDTO eth_getBlockByNumber(String bnOrId, Boolean fullTransactionObjects) throws Exception;
+    BlockResultDTO eth_getBlockByNumber(BlockIdentifierParam bnOrId, Boolean fullTransactionObjects) throws Exception;
 
-    TransactionResultDTO eth_getTransactionByHash(String transactionHash) throws Exception;
+    TransactionResultDTO eth_getTransactionByHash(TxHashParam transactionHash) throws Exception;
 
-    TransactionResultDTO eth_getTransactionByBlockHashAndIndex(String blockHash, String index) throws Exception;
+    TransactionResultDTO eth_getTransactionByBlockHashAndIndex(BlockHashParam blockHash, HexIndexParam index) throws Exception;
 
-    TransactionResultDTO eth_getTransactionByBlockNumberAndIndex(String bnOrId, String index) throws Exception;
+    TransactionResultDTO eth_getTransactionByBlockNumberAndIndex(BlockIdentifierParam bnOrId, HexIndexParam index) throws Exception;
 
-    TransactionReceiptDTO eth_getTransactionReceipt(String transactionHash) throws Exception;
+    TransactionReceiptDTO eth_getTransactionReceipt(TxHashParam transactionHash) throws Exception;
 
-    BlockResultDTO eth_getUncleByBlockHashAndIndex(String blockHash, String uncleIdx) throws Exception;
+    BlockResultDTO eth_getUncleByBlockHashAndIndex(BlockHashParam blockHash, HexIndexParam uncleIdx) throws Exception;
 
-    BlockResultDTO eth_getUncleByBlockNumberAndIndex(String blockId, String uncleIdx) throws Exception;
+    BlockResultDTO eth_getUncleByBlockNumberAndIndex(BlockIdentifierParam blockId, HexIndexParam uncleIdx) throws Exception;
 
     String[] eth_getCompilers();
 
@@ -131,19 +134,19 @@ default String eth_sendTransaction(CallArguments args) {
 
     Map<String, CompilationResultDTO> eth_compileSolidity(String contract);
 
-    String eth_newFilter(FilterRequest fr) throws Exception;
+    String eth_newFilter(FilterRequestParam fr) throws Exception;
 
     String eth_newBlockFilter();
 
     String eth_newPendingTransactionFilter();
 
-    boolean eth_uninstallFilter(String id);
+    boolean eth_uninstallFilter(HexIndexParam id);
 
-    Object[] eth_getFilterChanges(String id);
+    Object[] eth_getFilterChanges(HexIndexParam id);
 
-    Object[] eth_getFilterLogs(String id);
+    Object[] eth_getFilterLogs(HexIndexParam id);
 
-    Object[] eth_getLogs(FilterRequest fr) throws Exception;
+    Object[] eth_getLogs(FilterRequestParam fr) throws Exception;
 
     BigInteger eth_netHashrate();
 

diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModule.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModule.java
@@ -39,6 +39,10 @@
 import org.ethereum.rpc.CallArguments;
 import org.ethereum.rpc.converters.CallArgumentsToByteArray;
 import org.ethereum.rpc.exception.RskJsonRpcRequestException;
+import org.ethereum.rpc.parameters.BlockIdentifierParam;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
+import org.ethereum.rpc.parameters.HexAddressParam;
+import org.ethereum.rpc.parameters.HexDataParam;
 import org.ethereum.vm.GasCost;
 import org.ethereum.vm.PrecompiledContracts;
 import org.ethereum.vm.program.ProgramResult;
@@ -122,10 +126,11 @@ public Map<String, Object> bridgeState() throws IOException, BlockStoreException
         return state.stateToMap();
     }
 
-    public String call(CallArguments args, String bnOrId) {
+    public String call(CallArgumentsParam argsParam, BlockIdentifierParam bnOrId) {
         String hReturn = null;
+        CallArguments args = argsParam.toCallArguments();
         try {
-            ExecutionBlockRetriever.Result result = executionBlockRetriever.retrieveExecutionBlock(bnOrId);
+            ExecutionBlockRetriever.Result result = executionBlockRetriever.retrieveExecutionBlock(bnOrId.getIdentifier());
             Block block = result.getBlock();
             Trie finalState = result.getFinalState();
             ProgramResult res;
@@ -152,8 +157,8 @@ public String call(CallArguments args, String bnOrId) {
         }
     }
 
-    public String estimateGas(CallArguments args, @Nonnull String bnOrId) {
-        ExecutionBlockRetriever.Result result = executionBlockRetriever.retrieveExecutionBlock(bnOrId);
+    public String estimateGas(CallArgumentsParam args, @Nonnull BlockIdentifierParam bnOrId) {
+        ExecutionBlockRetriever.Result result = executionBlockRetriever.retrieveExecutionBlock(bnOrId.getIdentifier());
         Block block = result.getBlock();
         Trie finalState = result.getFinalState();
         RepositorySnapshot snapshot = finalState == null
@@ -162,7 +167,7 @@ public String estimateGas(CallArguments args, @Nonnull String bnOrId) {
 
         String estimation = null;
         try {
-            CallArgumentsToByteArray hexArgs = new CallArgumentsToByteArray(args);
+            CallArgumentsToByteArray hexArgs = new CallArgumentsToByteArray(args.toCallArguments());
 
             TransactionExecutor executor = reversibleTransactionExecutor.estimateGas(
                     block,
@@ -203,12 +208,12 @@ protected String internalEstimateGas(ProgramResult reversibleExecutionResult) {
     }
 
     @Override
-    public String sendTransaction(CallArguments args) {
+    public String sendTransaction(CallArgumentsParam args) {
         return ethModuleTransaction.sendTransaction(args);
     }
 
     @Override
-    public String sendRawTransaction(String rawData) {
+    public String sendRawTransaction(HexDataParam rawData) {
         return ethModuleTransaction.sendRawTransaction(rawData);
     }
 
@@ -221,14 +226,14 @@ public String chainId() {
         return HexUtils.toJsonHex(new byte[]{chainId});
     }
 
-    public String getCode(String address, String blockId) {
+    public String getCode(HexAddressParam address, String blockId) {
         if (blockId == null) {
             throw new NullPointerException();
         }
 
         String s = null;
+        RskAddress addr = address.getAddress();
         try {
-            RskAddress addr = new RskAddress(address);
 
             AccountInformationProvider accountInformationProvider = getAccountInformationProvider(blockId);
 
@@ -246,7 +251,7 @@ public String getCode(String address, String blockId) {
             return s;
         } finally {
             if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug("eth_getCode({}, {}): {}", address, blockId, s);
+                LOGGER.debug("eth_getCode({}, {}): {}", addr.toHexString(), blockId, s);
             }
         }
     }

diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransaction.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransaction.java
@@ -18,10 +18,11 @@
 
 package co.rsk.rpc.modules.eth;
 
-import org.ethereum.rpc.CallArguments;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
+import org.ethereum.rpc.parameters.HexDataParam;
 
 public interface EthModuleTransaction {
-    String sendTransaction(CallArguments args);
+    String sendTransaction(CallArgumentsParam args);
 
-    String sendRawTransaction(String rawData);
+    String sendRawTransaction(HexDataParam rawData);
 }
diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionBase.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionBase.java
@@ -30,14 +30,15 @@
 import org.ethereum.core.TransactionPoolAddResult;
 import org.ethereum.rpc.CallArguments;
 import org.ethereum.rpc.exception.RskJsonRpcRequestException;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
+import org.ethereum.rpc.parameters.HexDataParam;
 import org.ethereum.util.TransactionArgumentsUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import co.rsk.core.RskAddress;
 import co.rsk.core.Wallet;
 import co.rsk.net.TransactionGateway;
-import co.rsk.util.HexUtils;
 
 public class EthModuleTransactionBase implements EthModuleTransaction {
 
@@ -56,7 +57,12 @@ public EthModuleTransactionBase(Constants constants, Wallet wallet, TransactionP
     }
 
     @Override
-    public synchronized String sendTransaction(CallArguments args) {
+    public synchronized String sendTransaction(CallArgumentsParam argsParam) {
+        CallArguments args = argsParam.toCallArguments();
+
+        if(args.getFrom() == null) {
+            throw invalidParamError("from is null");
+        }
 
         Account senderAccount = this.wallet.getAccount(new RskAddress(args.getFrom()));
 
@@ -97,10 +103,10 @@ public synchronized String sendTransaction(CallArguments args) {
     }
 
     @Override
-    public String sendRawTransaction(String rawData) {
+    public String sendRawTransaction(HexDataParam rawData) {
         String s = null;
         try {
-            Transaction tx = new ImmutableTransaction(HexUtils.stringHexToByteArray(rawData));
+            Transaction tx = new ImmutableTransaction(rawData.getRawDataBytes());
 
             if (null == tx.getGasLimit() || null == tx.getGasPrice() || null == tx.getValue()) {
                 throw invalidParamError("Missing parameter, gasPrice, gas or value");

diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionDisabled.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionDisabled.java
@@ -21,7 +21,7 @@
 import co.rsk.net.TransactionGateway;
 import org.ethereum.config.Constants;
 import org.ethereum.core.TransactionPool;
-import org.ethereum.rpc.CallArguments;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
 
 import static org.ethereum.rpc.exception.RskJsonRpcRequestException.invalidParamError;
 
@@ -36,7 +36,7 @@ public EthModuleTransactionDisabled(Constants constants, TransactionPool transac
     }
 
     @Override
-    public String sendTransaction(CallArguments args) { // lgtm [java/non-sync-override]
+    public synchronized String sendTransaction(CallArgumentsParam args) { // lgtm [java/non-sync-override]
         LOGGER.debug("eth_sendTransaction({}): {}", args, null);
         throw invalidParamError("Local wallet is disabled in this node");
     }

diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionInstant.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleTransactionInstant.java
@@ -27,8 +27,9 @@
 import org.ethereum.core.Blockchain;
 import org.ethereum.core.TransactionPool;
 import org.ethereum.db.TransactionInfo;
-import org.ethereum.rpc.CallArguments;
 import org.ethereum.rpc.exception.RskJsonRpcRequestException;
+import org.ethereum.rpc.parameters.CallArgumentsParam;
+import org.ethereum.rpc.parameters.HexDataParam;
 import org.ethereum.vm.program.ProgramResult;
 
 import co.rsk.core.Wallet;
@@ -64,7 +65,7 @@ public EthModuleTransactionInstant(
     }
 
     @Override
-    public synchronized String sendTransaction(CallArguments args) {
+    public synchronized String sendTransaction(CallArgumentsParam args) {
         try {
             this.blockExecutor.setRegisterProgramResults(true);
 
@@ -80,7 +81,7 @@ public synchronized String sendTransaction(CallArguments args) {
     }
 
     @Override
-    public String sendRawTransaction(String rawData) {
+    public String sendRawTransaction(HexDataParam rawData) {
         try {
             this.blockExecutor.setRegisterProgramResults(true);
 

diff --git a/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleWalletEnabled.java b/rskj-core/src/main/java/co/rsk/rpc/modules/eth/EthModuleWalletEnabled.java
@@ -23,6 +23,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 
+import co.rsk.core.RskAddress;
 import org.bouncycastle.util.BigIntegers;
 import org.ethereum.core.Account;
 import org.ethereum.crypto.ECKey;
@@ -32,7 +33,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import co.rsk.core.RskAddress;
 import co.rsk.core.Wallet;
 import co.rsk.util.HexUtils;
 
@@ -55,7 +55,9 @@ public String sign(String addr, String data) {
                 throw invalidParamError("Account not found");
             }
 
-            return s = this.sign(data, account.getEcKey());
+            s = this.sign(data, account.getEcKey());
+
+            return s;
         } finally {
             LOGGER.debug("eth_sign({}, {}): {}", addr, data, s);
         }