feat: pss target input validation (#2463)

ethersphere · Sep 2, 2021 · ef1c383 · ef1c383
1 parent ad43c52
commit ef1c383
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/openapi/SwarmCommon.yaml b/openapi/SwarmCommon.yaml
@@ -258,6 +258,8 @@ components:
       type: string
 
     PssTargets:
+      pattern: '^[0-9a-fA-F]{1,6}(,[0-9a-fA-F]{1,6})*$'
+      description: List of hex string targets that are comma seprated and can have maximum length of 6
       type: string
 
     PssTopic:

diff --git a/pkg/api/pss.go b/pkg/api/pss.go
@@ -9,6 +9,7 @@ import (
 	"crypto/ecdsa"
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"strings"
@@ -42,13 +43,13 @@ func (s *server) pssPostHandler(w http.ResponseWriter, r *http.Request) {
 		if err != nil {
 			s.logger.Debugf("pss send: bad target (%s): %v", target, err)
 			s.logger.Errorf("pss send: bad target (%s): %v", target, err)
-			jsonhttp.BadRequest(w, nil)
+			jsonhttp.BadRequest(w, "target is not valid hex string")
 			return
 		}
 		if len(target) > targetMaxLength {
 			s.logger.Debugf("pss send: bad target length: %d", len(target))
 			s.logger.Errorf("pss send: bad target length: %d", len(target))
-			jsonhttp.BadRequest(w, nil)
+			jsonhttp.BadRequest(w, fmt.Sprintf("hex string target exceeds max length of %d", targetMaxLength*2))
 			return
 		}
 		targets = append(targets, target)

diff --git a/pkg/api/pss_test.go b/pkg/api/pss_test.go
@@ -210,7 +210,17 @@ func TestPssSend(t *testing.T) {
 		jsonhttptest.Request(t, client, http.MethodPost, "/pss/send/to/badtarget?recipient="+recipient, http.StatusBadRequest,
 			jsonhttptest.WithRequestBody(bytes.NewReader(payload)),
 			jsonhttptest.WithExpectedJSONResponse(jsonhttp.StatusResponse{
-				Message: "Bad Request",
+				Message: "target is not valid hex string",
+				Code:    http.StatusBadRequest,
+			}),
+		)
+
+		// If this test needs to be modified (most probably because the max target length changed)
+		// the please verify that SwarmCommon.yaml -> components -> PssTarget also reflects the correct value
+		jsonhttptest.Request(t, client, http.MethodPost, "/pss/send/to/123456789abcdf?recipient="+recipient, http.StatusBadRequest,
+			jsonhttptest.WithRequestBody(bytes.NewReader(payload)),
+			jsonhttptest.WithExpectedJSONResponse(jsonhttp.StatusResponse{
+				Message: "hex string target exceeds max length of 6",
 				Code:    http.StatusBadRequest,
 			}),
 		)