add validation for msg url

cosmos · Nov 6, 2024 · bda9cae · bda9cae
1 parent db68f2d
commit bda9cae
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 2 deletions.
diff --git a/x/circuit/keeper/msg_server.go b/x/circuit/keeper/msg_server.go
@@ -94,7 +94,8 @@ func (srv msgServer) TripCircuitBreaker(ctx context.Context, msg *types.MsgTripC
 		return nil, err
 	}
 
-	for _, msgTypeURL := range msg.MsgTypeUrls {
+	msgTypeUrls := types.MsgTypeURLValidation(msg.MsgTypeUrls)
+	for _, msgTypeURL := range msgTypeUrls {
 		// check if the message is in the list of allowed messages
 		isAllowed, err := srv.IsAllowed(ctx, msgTypeURL)
 		if err != nil {
@@ -153,7 +154,8 @@ func (srv msgServer) ResetCircuitBreaker(ctx context.Context, msg *types.MsgRese
 		return nil, err
 	}
 
-	for _, msgTypeURL := range msg.MsgTypeUrls {
+	msgTypeUrls := types.MsgTypeURLValidation(msg.MsgTypeUrls)
+	for _, msgTypeURL := range msgTypeUrls {
 		// check if the message is in the list of allowed messages
 		isAllowed, err := srv.IsAllowed(ctx, msgTypeURL)
 		if err != nil {

diff --git a/x/circuit/keeper/msg_server_test.go b/x/circuit/keeper/msg_server_test.go
@@ -162,6 +162,30 @@ func TestAuthorizeCircuitBreakerWithPermissionValidation(t *testing.T) {
 	msg = &types.MsgAuthorizeCircuitBreaker{Granter: authority, Grantee: addresses[3], Permissions: &somemsgs}
 	_, err = srv.AuthorizeCircuitBreaker(ft.ctx, msg)
 	require.Error(t, err)
+
+	// grants user perms to Permissions_LEVEL_SOME_MSGS with empty LimitTypeUrls
+	permis := types.Permissions{Level: types.Permissions_LEVEL_SOME_MSGS, LimitTypeUrls: []string{"cosmos.staking.v1beta1.MsgDelegate", "/cosmos.gov.v1beta1.MsgDeposit", "cosmos.gov.v1beta1.MsgVote"}}
+	msg = &types.MsgAuthorizeCircuitBreaker{Granter: authority, Grantee: addresses[4], Permissions: &permis}
+	_, err = srv.AuthorizeCircuitBreaker(ft.ctx, msg)
+	require.NoError(t, err)
+	require.Equal(
+		t,
+		sdk.NewEvent(
+			"authorize_circuit_breaker",
+			sdk.NewAttribute("granter", authority),
+			sdk.NewAttribute("grantee", addresses[4]),
+			sdk.NewAttribute("permission", permis.String()),
+		),
+		lastEvent(ft.ctx),
+	)
+
+	add4, err := ft.ac.StringToBytes(addresses[4])
+	require.NoError(t, err)
+
+	perms, err = ft.keeper.Permissions.Get(ft.ctx, add4)
+	require.NoError(t, err)
+
+	require.Equal(t, []string{"/cosmos.staking.v1beta1.MsgDelegate", "/cosmos.gov.v1beta1.MsgDeposit", "/cosmos.gov.v1beta1.MsgVote"}, perms.LimitTypeUrls)
 }
 
 func TestTripCircuitBreaker(t *testing.T) {

diff --git a/x/circuit/types/permission.go b/x/circuit/types/permission.go
@@ -9,6 +9,8 @@ func (p *Permissions) Validation() error {
 		if len(p.LimitTypeUrls) == 0 {
 			return errors.New("LimitTypeUrls of LEVEL_SOME_MSGS should NOT be empty")
 		}
+
+		p.LimitTypeUrls = MsgTypeURLValidation(p.LimitTypeUrls)
 	case p.Level == Permissions_LEVEL_ALL_MSGS || p.Level == Permissions_LEVEL_SUPER_ADMIN:
 		// if permission is all msg or super addmin, LimitTypeUrls array clear
 		// all p.LimitTypeUrls since we not use this field
@@ -18,3 +20,12 @@ func (p *Permissions) Validation() error {
 
 	return nil
 }
+
+func MsgTypeURLValidation(urls []string) []string {
+	for idx, url := range urls {
+		if url[0] != '/' {
+			urls[idx] = "/" + url
+		}
+	}
+	return urls
+}