[FAB-3155] LSCC security checks at validation time

This change set checks that - upon cc deploy and upgrade - the tx complies with the instantiation policy specified in the cc packge (for deploy) and in the cc info in the ledger (for upgrade). The committer code is essentially performing again the checks that lscc performs at proposal time, to ensure that no one can circumvent instantiation policies. Furthermore, we validate the read-write set of a cc deploy/upgrade and make sure that it is consistent with the invocation arguments. Finally, we make sure that LSCC deploy/upgrade transactions do not contain writes to namespaces other than LSCC's and the chaincode that is being deployed/upgraded. Change-Id: Id11fc359a8c77fa58c8a966a7c324075944ae22b Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>
hyperledger · Apr 28, 2017 · eb019ee · eb019ee
1 parent 23866ec
commit eb019ee
Show file tree

Hide file tree

Showing 7 changed files with 1,395 additions and 27 deletions.
diff --git a/common/mocks/ledger/queryexecutor.go b/common/mocks/ledger/queryexecutor.go
@@ -0,0 +1,61 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ledger
+
+import (
+	"fmt"
+
+	"github.com/hyperledger/fabric/common/ledger"
+)
+
+type MockQueryExecutor struct {
+	// State keeps all namepspaces
+	State map[string]map[string][]byte
+}
+
+func NewMockQueryExecutor(state map[string]map[string][]byte) *MockQueryExecutor {
+	return &MockQueryExecutor{
+		State: state,
+	}
+}
+
+func (m *MockQueryExecutor) GetState(namespace string, key string) ([]byte, error) {
+	ns := m.State[namespace]
+	if ns == nil {
+		return nil, fmt.Errorf("Could not retrieve namespace %s", namespace)
+	}
+
+	return ns[key], nil
+}
+
+func (m *MockQueryExecutor) GetStateMultipleKeys(namespace string, keys []string) ([][]byte, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) GetStateRangeScanIterator(namespace string, startKey string, endKey string) (ledger.ResultsIterator, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) ExecuteQuery(namespace, query string) (ledger.ResultsIterator, error) {
+	return nil, nil
+}
+
+func (m *MockQueryExecutor) Done() {
+
+}
diff --git a/core/common/sysccprovider/sysccprovider.go b/core/common/sysccprovider/sysccprovider.go
@@ -16,7 +16,10 @@ limitations under the License.
 
 package sysccprovider
 
-import "github.com/golang/protobuf/proto"
+import (
+	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/core/ledger"
+)
 
 // SystemChaincodeProvider provides an abstraction layer that is
 // used for different packages to interact with code in the
@@ -29,6 +32,12 @@ type SystemChaincodeProvider interface {
 	// IsSysCCAndNotInvokableCC2CC returns true if the supplied chaincode
 	// is a system chaincode and is not invokable through a cc2cc invocation
 	IsSysCCAndNotInvokableCC2CC(name string) bool
+
+	// GetQueryExecutorForLedger returns a query executor for the
+	// ledger of the supplied channel.
+	// That's useful for system chaincodes that require unfettered
+	// access to the ledger
+	GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error)
 }
 
 var sccFactory SystemChaincodeProviderFactory

diff --git a/core/scc/lscc/lscc_test.go b/core/scc/lscc/lscc_test.go
@@ -43,6 +43,7 @@ import (
 	putils "github.com/hyperledger/fabric/protos/utils"
 
 	cutil "github.com/hyperledger/fabric/core/container/util"
+	"github.com/hyperledger/fabric/core/ledger"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 )
@@ -67,6 +68,10 @@ func (c *mocksccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return false
 }
 
+func (c *mocksccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	return nil, nil
+}
+
 func register(stub *shim.MockStub, ccname string) error {
 	args := [][]byte{[]byte("register"), []byte(ccname)}
 	if res := stub.MockInvoke("1", args); res.Status != shim.OK {

diff --git a/core/scc/sccproviderimpl.go b/core/scc/sccproviderimpl.go
@@ -17,7 +17,11 @@ limitations under the License.
 package scc
 
 import (
+	"fmt"
+
 	"github.com/hyperledger/fabric/core/common/sysccprovider"
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/core/peer"
 )
 
 // sccProviderFactory implements the sysccprovider.SystemChaincodeProviderFactory
@@ -50,3 +54,12 @@ func (c *sccProviderImpl) IsSysCC(name string) bool {
 func (c *sccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return IsSysCCAndNotInvokableCC2CC(name)
 }
+
+func (c *sccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	l := peer.GetLedger(cid)
+	if l == nil {
+		return nil, fmt.Errorf("Could not retrieve ledger for channel %s", cid)
+	}
+
+	return l.NewQueryExecutor()
+}