-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reject unknown fields in TxDecoder and sign mode handlers #6883
Conversation
Codecov Report
@@ Coverage Diff @@
## master #6883 +/- ##
==========================================
+ Coverage 61.57% 65.04% +3.46%
==========================================
Files 518 389 -129
Lines 31996 24253 -7743
==========================================
- Hits 19703 15775 -3928
+ Misses 10716 7271 -3445
+ Partials 1577 1207 -370 |
…ronc/6192-unknown-field-rejection
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this change @aaronc and for wiring things up! I have left some questions and suggestions, but also I still don't get why the boolean, when the error could be checked.
There is a case where we want to know if there are non-critical fields without returning an error. |
Oh okay, so an explicit customization, gotcha! Thanks for answering my question. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To ensure that you aren't blocked @aaronc when you get back this, from the protoc-side LGTM with just the change to avoid the allocation and revert to (*types.Any)(nil)
. Thank you and great to see this all come alive!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
if body.TimeoutHeight != 0 { | ||
return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, | ||
"SIGN_MODE_LEGACY_AMINO_JSON does not support timeout height.") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexanderbez note that TimeoutHeight
is being now rejected by SIGN_MODE_LEGACY_AMINO_JSON
(because otherwise it's a malleability issue) so if you are adding it to StdTx
in #6089, you'll need to remove these lines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for pointing that out!
* WIP on unknown field rejection in TxDecoder * WIP on unknown field rejection in TxDecoder * WIP * WIP * WIP * WIP * Fix bugs with RejectUnknownFields * Fix tests * Fix bug and update docs * Lint * Add tests * Add unknown field tests * Lint * Address review comments
This should wrap up or almost wrap up the critical path of #6213.
TxDecoder
, rejecting:TxRaw
TxBody
AuthInfo
StdTx
and protoTx
amino JSON sign mode handlingTxBody
extensions
andnon_critical_extensions
fieldstimeout_height
which isn't supported inStdTx
RejectUnknownFields
to track if non-critical fields are present in a messageRejectUnknownFields
(cc @odeke-em)Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/
) or specification (x/<module>/spec/
)godoc
comments.Unreleased
section inCHANGELOG.md
Files changed
in the Github PR explorerCodecov Report
in the comment section below once CI passes