sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-25 20:12:57 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Validate proposals on prepare and submit (#1488)

Browse Source 
* Implement proposal validation

Includes commits:
  Implemented CProposalValidator

  Use CProposalValidator to check proposals at prepare and submit stages

  Modify proposal validator to support numerical data in string format

  Multiple bug fixes in governance-validators.cpp

  Fixed bug in CheckURL

  Fixed stream state check

  Increase strictness of payment address validation for compatibility with sentinel

  Improved error reporting

  Implemented "check" rpc command to validate proposals

  Fixes to RPC check command

  Fix error message

  Unit test and data files for proposal validator

  Added test cases

  Removed debugging code

* Fix name validation

* Changes to address code review comments
This commit is contained in:
Tim Flynn 2017-06-26 09:56:29 -04:00 committed by UdjinM6
parent 7155043571
commit a109a611f3
8 changed files with 567 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Makefile.am
View File

@ -106,6 +106,7 @@ BITCOIN_CORE_H = \
governance-classes.h \
governance-exceptions.h \
governance-object.h \
governance-validators.h \
governance-vote.h \
governance-votedb.h \
flat-database.h \
@ -212,6 +213,7 @@ libbitcoin_server_a_SOURCES = \
governance.cpp \
governance-classes.cpp \
governance-object.cpp \
governance-validators.cpp \
governance-vote.cpp \
governance-votedb.cpp \
main.cpp \

1
src/Makefile.test.include
View File

@ -55,6 +55,7 @@ BITCOIN_TESTS =\
test/crypto_tests.cpp \
test/DoS_tests.cpp \
test/getarg_tests.cpp \
test/governance_validators_tests.cpp \
test/hash_tests.cpp \
test/key_tests.cpp \
test/limitedmap_tests.cpp \

354
src/governance-validators.cpp Normal file
View File

@ -0,0 +1,354 @@
// Copyright (c) 2014-2017 The Dash Core developers
// Distributed under the MIT/X11 software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include "governance-validators.h"
#include "base58.h"
#include "utilstrencodings.h"
#include <algorithm>
CProposalValidator::CProposalValidator(const std::string& strDataHexIn)
: strData(),
objJSON(UniValue::VOBJ),
fJSONValid(false),
strErrorMessages()
{
if(!strDataHexIn.empty()) {
SetHexData(strDataHexIn);
}
}
void CProposalValidator::Clear()
{
strData = std::string();
objJSON = UniValue(UniValue::VOBJ);
fJSONValid = false;
strErrorMessages = std::string();
}
void CProposalValidator::SetHexData(const std::string& strDataHexIn)
{
std::vector<unsigned char> v = ParseHex(strDataHexIn);
strData = std::string(v.begin(), v.end());
ParseJSONData();
}
bool CProposalValidator::Validate()
{
if(!ValidateJSON()) {
strErrorMessages += "JSON parsing error;";
return false;
}
if(!ValidateName()) {
strErrorMessages += "Invalid name;";
return false;
}
if(!ValidateStartEndEpoch()) {
strErrorMessages += "Invalid start:end range;";
return false;
}
if(!ValidatePaymentAmount()) {
strErrorMessages += "Invalid payment amount;";
return false;
}
if(!ValidatePaymentAddress()) {
strErrorMessages += "Invalid payment address;";
return false;
}
if(!ValidateURL()) {
strErrorMessages += "Invalid URL;";
return false;
}
return true;
}
bool CProposalValidator::ValidateJSON()
{
return fJSONValid;
}
bool CProposalValidator::ValidateName()
{
std::string strName;
if(!GetDataValue("name", strName)) {
strErrorMessages += "name field not found;";
return false;
}
std::string strNameStripped = StripWhitespace(strName);
if(strNameStripped.empty()) {
strErrorMessages += "name is empty;";
return false;
}
static const std::string strAllowedChars = "-_abcdefghijklmnopqrstuvwxyz012345789";
std::transform(strName.begin(), strName.end(), strName.begin(), ::tolower);
if(strName.find_first_not_of(strAllowedChars) != std::string::npos) {
strErrorMessages += "name contains invalid characters;";
return false;
}
return true;
}
bool CProposalValidator::ValidateStartEndEpoch()
{
int64_t nStartEpoch = 0;
int64_t nEndEpoch = 0;
if(!GetDataValue("start_epoch", nStartEpoch)) {
strErrorMessages += "start_epoch field not found;";
return false;
}
if(!GetDataValue("end_epoch", nEndEpoch)) {
strErrorMessages += "end_epoch field not found;";
return false;
}
if(nEndEpoch <= nStartEpoch) {
strErrorMessages += "end_epoch <= start_epoch;";
return false;
}
return true;
}
bool CProposalValidator::ValidatePaymentAmount()
{
double dValue = 0.0;
if(!GetDataValue("payment_amount", dValue)) {
strErrorMessages += "payment_amount field not found;";
return false;
}
if(dValue <= 0.0) {
strErrorMessages += "payment_amount is negative;";
return false;
}
// TODO: Should check for an amount which exceeds the budget but this is
// currently difficult because start and end epochs are defined in terms of
// clock time instead of block height.
return true;
}
bool CProposalValidator::ValidatePaymentAddress()
{
std::string strPaymentAddress;
if(!GetDataValue("payment_address", strPaymentAddress)) {
strErrorMessages += "payment_address field not found;";
return false;
}
static const std::string base58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
size_t nLength = strPaymentAddress.size();
if((nLength < 26) || (nLength > 35)) {
strErrorMessages += "incorrect payment_address length;";
return false;
}
if(strPaymentAddress.find_first_not_of(base58chars) != std::string::npos) {
strErrorMessages += "payment_address contains invalid characters;";
return false;
}
CBitcoinAddress address(strPaymentAddress);
if(!address.IsValid()) {
strErrorMessages += "payment_address is invalid;";
return false;
}
return true;
}
bool CProposalValidator::ValidateURL()
{
std::string strURL;
if(!GetDataValue("url", strURL)) {
strErrorMessages += "url field not found;";
return false;
}
std::string strURLStripped = StripWhitespace(strURL);
if(strURLStripped.size() < 4U) {
strErrorMessages += "url too short;";
return false;
}
if(!CheckURL(strURL)) {
strErrorMessages += "url invalid;";
return false;
}
return true;
}
void CProposalValidator::ParseJSONData()
{
fJSONValid = false;
if(strData.empty()) {
return;
}
try {
UniValue obj(UniValue::VOBJ);
obj.read(strData);
std::vector<UniValue> arr1 = obj.getValues();
std::vector<UniValue> arr2 = arr1.at(0).getValues();
objJSON = arr2.at(1);
fJSONValid = true;
}
catch(std::exception& e) {
strErrorMessages += std::string(e.what()) + std::string(";");
}
catch(...) {
strErrorMessages += "Unknown exception;";
}
}
bool CProposalValidator::GetDataValue(const std::string& strKey, std::string& strValue)
{
bool fOK = false;
try {
strValue = objJSON[strKey].get_str();
fOK = true;
}
catch(std::exception& e) {
strErrorMessages += std::string(e.what()) + std::string(";");
}
catch(...) {
strErrorMessages += "Unknown exception;";
}
return fOK;
}
bool CProposalValidator::GetDataValue(const std::string& strKey, int64_t& nValue)
{
bool fOK = false;
try {
const UniValue uValue = objJSON[strKey];
switch(uValue.getType()) {
case UniValue::VNUM:
nValue = uValue.get_int64();
fOK = true;
break;
case UniValue::VSTR:
{
std::istringstream istr(uValue.get_str());
istr >> nValue;
fOK = ! istr.fail();
}
break;
default:
break;
}
}
catch(std::exception& e) {
strErrorMessages += std::string(e.what()) + std::string(";");
}
catch(...) {
strErrorMessages += "Unknown exception;";
}
return fOK;
}
bool CProposalValidator::GetDataValue(const std::string& strKey, double& dValue)
{
bool fOK = false;
try {
const UniValue uValue = objJSON[strKey];
switch(uValue.getType()) {
case UniValue::VNUM:
dValue = uValue.get_real();
fOK = true;
break;
case UniValue::VSTR:
{
std::istringstream istr(uValue.get_str());
istr >> dValue;
fOK = ! istr.fail();
}
break;
default:
break;
}
}
catch(std::exception& e) {
strErrorMessages += std::string(e.what()) + std::string(";");
}
catch(...) {
strErrorMessages += "Unknown exception;";
}
return fOK;
}
std::string CProposalValidator::StripWhitespace(const std::string& strIn)
{
static const std::string strWhitespace = " \f\n\r\t\v";
std::string::size_type nStart = strIn.find_first_not_of(strWhitespace);
std::string::size_type nEnd = strIn.find_last_not_of(strWhitespace);
if((nStart == std::string::npos) || (nEnd == std::string::npos)) {
return std::string();
}
return strIn.substr(nStart, nEnd - nStart + 1);
}
/*
The purpose of this function is to replicate the behavior of the
Python urlparse function used by sentinel (urlparse.py). This function
should return false whenever urlparse raises an exception and true
otherwise.
*/
bool CProposalValidator::CheckURL(const std::string& strURLIn)
{
std::string strRest(strURLIn);
std::string::size_type nPos = strRest.find(':');
if(nPos != std::string::npos) {
//std::string strSchema = strRest.substr(0,nPos);
if(nPos < strRest.size()) {
strRest = strRest.substr(nPos + 1);
}
else {
strRest = "";
}
}
// Process netloc
if((strRest.size() > 2) && (strRest.substr(0,2) == "//")) {
static const std::string strNetlocDelimiters = "/?#";
strRest = strRest.substr(2);
std::string::size_type nPos2 = strRest.find_first_of(strNetlocDelimiters);
std::string strNetloc = strRest.substr(0,nPos2);
if((strNetloc.find('[') != std::string::npos) && (strNetloc.find(']') == std::string::npos)) {
return false;
}
if((strNetloc.find(']') != std::string::npos) && (strNetloc.find('[') == std::string::npos)) {
return false;
}
}
return true;
}

63
src/governance-validators.h Normal file
View File

@ -0,0 +1,63 @@
// Copyright (c) 2014-2017 The Dash Core developers
// Distributed under the MIT/X11 software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef GOVERNANCE_VALIDATORS_H
#define GOVERNANCE_VALIDATORS_H
#include <string>
#include <univalue.h>
class CProposalValidator {
public:
CProposalValidator(const std::string& strDataHexIn = std::string());
void Clear();
void SetHexData(const std::string& strDataHexIn);
bool Validate();
bool ValidateJSON();
bool ValidateName();
bool ValidateStartEndEpoch();
bool ValidatePaymentAmount();
bool ValidatePaymentAddress();
bool ValidateURL();
const std::string& GetErrorMessages()
{
return strErrorMessages;
}
private:
void ParseJSONData();
bool GetDataValue(const std::string& strKey, std::string& strValue);
bool GetDataValue(const std::string& strKey, int64_t& nValue);
bool GetDataValue(const std::string& strKey, double& dValue);
static std::string StripWhitespace(const std::string& strIn);
static bool CheckURL(const std::string& strURLIn);
private:
std::string strData;
UniValue objJSON;
bool fJSONValid;
std::string strErrorMessages;
};
#endif

54
src/rpcgovernance.cpp
View File

@ -8,6 +8,7 @@
#include "governance.h"
#include "governance-vote.h"
#include "governance-classes.h"
#include "governance-validators.h"
#include "init.h"
#include "main.h"
#include "masternode.h"
@ -29,11 +30,13 @@ UniValue gobject(const UniValue& params, bool fHelp)
if (fHelp ||
(strCommand != "vote-many" && strCommand != "vote-conf" && strCommand != "vote-alias" && strCommand != "prepare" && strCommand != "submit" && strCommand != "count" &&
strCommand != "deserialize" && strCommand != "get" && strCommand != "getvotes" && strCommand != "getcurrentvotes" && strCommand != "list" && strCommand != "diff"))
strCommand != "deserialize" && strCommand != "get" && strCommand != "getvotes" && strCommand != "getcurrentvotes" && strCommand != "list" && strCommand != "diff" &&
strCommand != "check" ))
throw std::runtime_error(
"gobject \"command\"...\n"
"Manage governance objects\n"
"\nAvailable commands:\n"
" check - Validate governance object data (proposal only)\n"
" prepare - Prepare governance object by signing and creating tx\n"
" submit - Submit governance object to network\n"
" deserialize - Deserialize governance object from hex string to JSON\n"
@ -75,6 +78,41 @@ UniValue gobject(const UniValue& params, bool fHelp)
return u.write().c_str();
}
// VALIDATE A GOVERNANCE OBJECT PRIOR TO SUBMISSION
if(strCommand == "check")
{
if (params.size() != 2) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Correct usage is 'gobject check <data-hex>'");
}
// ASSEMBLE NEW GOVERNANCE OBJECT FROM USER PARAMETERS
uint256 hashParent;
int nRevision = 1;
int64_t nTime = GetTime();
std::string strData = params[1].get_str();
CGovernanceObject govobj(hashParent, nRevision, nTime, uint256(), strData);
if(govobj.GetObjectType() == GOVERNANCE_OBJECT_PROPOSAL) {
CProposalValidator validator(strData);
if(!validator.Validate()) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal data, error messages:" + validator.GetErrorMessages());
}
}
else {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid object type, only proposals can be validated");
}
UniValue objResult(UniValue::VOBJ);
objResult.push_back(Pair("Object status", "OK"));
return objResult;
}
// PREPARE THE GOVERNANCE OBJECT BY CREATING A COLLATERAL TRANSACTION
if(strCommand == "prepare")
{
@ -103,6 +141,13 @@ UniValue gobject(const UniValue& params, bool fHelp)
CGovernanceObject govobj(hashParent, nRevision, nTime, uint256(), strData);
if(govobj.GetObjectType() == GOVERNANCE_OBJECT_PROPOSAL) {
CProposalValidator validator(strData);
if(!validator.Validate()) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal data, error messages:" + validator.GetErrorMessages());
}
}
if((govobj.GetObjectType() == GOVERNANCE_OBJECT_TRIGGER) ||
(govobj.GetObjectType() == GOVERNANCE_OBJECT_WATCHDOG)) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Trigger and watchdog objects need not be prepared (however only masternodes can create them)");
@ -180,6 +225,13 @@ UniValue gobject(const UniValue& params, bool fHelp)
<< ", txidFee = " << txidFee.GetHex()
<< endl; );
if(govobj.GetObjectType() == GOVERNANCE_OBJECT_PROPOSAL) {
CProposalValidator validator(strData);
if(!validator.Validate()) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal data, error messages:" + validator.GetErrorMessages());
}
}
// Attempt to sign triggers if we are a MN
if((govobj.GetObjectType() == GOVERNANCE_OBJECT_TRIGGER) ||
(govobj.GetObjectType() == GOVERNANCE_OBJECT_WATCHDOG)) {

6
src/test/data/proposals-invalid.json Normal file
View File

@ -0,0 +1,6 @@
[
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "yYe8KwyaUu5YswSYmB3q3ryx8XTUu9y7Ui", "payment_amount": 25.75, "start_epoch": 1474261086, "type": 1, "url": "http://dashcentral.org/dean-miller-5493"},
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": " XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": 25.75, "start_epoch": 1474261086, "type": 1, "url": "http://dashcentral.org/dean-miller-5493"},
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": "25.75", "start_epoch": 1474261086, "type": 1, "url": "http://[::1/foo/bad]/bad"},
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": "25.75", "start_epoch": 1474261086, "type": 1, "url": "http://::12.34.56.78]/"}
]

5
src/test/data/proposals-valid.json Normal file
View File

@ -0,0 +1,5 @@
[
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": 25.75, "start_epoch": 1474261086, "type": 1, "url": "http://dashcentral.org/dean-miller-5493"},
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": "25.75", "start_epoch": 1474261086, "type": 1, "url": "http://dashcentral.org/dean-miller-5493"},
{"end_epoch": 1491368400, "name": "dean-miller-5493", "payment_address": "XpG61qAVhdyN7AqVZQsHfJL7AEk4dPVinc", "payment_amount": "25.75", "start_epoch": 1474261086, "type": 1, "url": "http://[dead:beef:cafe:5417:affe:8FA3:deaf:feed]:/foo/"}
]

83
src/test/governance_validators_tests.cpp Normal file
View File

@ -0,0 +1,83 @@
// Copyright (c) 2014-2017 The Dash Core developers
#include "governance-validators.h"
#include "univalue.h"
#include "utilstrencodings.h"
#include "test/test_dash.h"
#include <boost/test/unit_test.hpp>
#include <iostream>
#include <fstream>
#include <string>
BOOST_FIXTURE_TEST_SUITE(governance_validators_tests, BasicTestingSetup)
UniValue LoadJSON(const std::string& strFilename)
{
UniValue obj(UniValue::VOBJ);
std::ifstream istr(strFilename.c_str());
std::string strData;
std::string strLine;
bool fFirstLine = true;
while(std::getline(istr, strLine)) {
if(!fFirstLine) {
strData += "\n";
}
strData += strLine;
fFirstLine = false;
}
obj.read(strData);
return obj;
}
std::string CreateEncodedProposalObject(const UniValue& objJSON)
{
UniValue innerArray(UniValue::VARR);
innerArray.push_back(UniValue("proposal"));
innerArray.push_back(objJSON);
UniValue outerArray(UniValue::VARR);
outerArray.push_back(innerArray);
std::string strData = outerArray.write();
std::string strHex = HexStr(strData);
return strHex;
}
BOOST_AUTO_TEST_CASE(valid_proposals_test)
{
CProposalValidator validator;
UniValue obj = LoadJSON("src/test/data/proposals-valid.json");
for(size_t i = 0; i < obj.size(); ++i) {
const UniValue& objProposal = obj[i];
std::string strHexData = CreateEncodedProposalObject(objProposal);
validator.SetHexData(strHexData);
BOOST_CHECK(validator.ValidateJSON());
BOOST_CHECK(validator.ValidateName());
BOOST_CHECK(validator.ValidateURL());
BOOST_CHECK(validator.ValidateStartEndEpoch());
BOOST_CHECK(validator.ValidatePaymentAmount());
BOOST_CHECK(validator.ValidatePaymentAddress());
BOOST_CHECK(validator.Validate());
validator.Clear();
}
}
BOOST_AUTO_TEST_CASE(invalid_proposals_test)
{
CProposalValidator validator;
UniValue obj = LoadJSON("src/test/data/proposals-invalid.json");
for(size_t i = 0; i < obj.size(); ++i) {
const UniValue& objProposal = obj[i];
std::string strHexData = CreateEncodedProposalObject(objProposal);
validator.SetHexData(strHexData);
BOOST_CHECK(!validator.Validate());
validator.Clear();
}
}
BOOST_AUTO_TEST_SUITE_END()