Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: add max int64 checks #1166

Merged
merged 4 commits into from
Aug 9, 2022
Merged

Enhancement: add max int64 checks #1166

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c8cb7b3
add max int64 checks
shiqizng Aug 5, 2022
fc97c11
fix failing test
shiqizng Aug 5, 2022
01fffbe
addressed PR suggestions, added more checks to filter validation
shiqizng Aug 8, 2022
5a7f582
update error message
shiqizng Aug 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions api/converter_utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"encoding/base64"
"errors"
"fmt"
"math"
"sort"
"strconv"
"strings"
Expand Down Expand Up @@ -588,6 +589,10 @@ func (si *ServerImplementation) transactionParamsToTransactionFilter(params gene
filter.ApplicationID = uintOrDefault(params.ApplicationId)
filter.Limit = min(uintOrDefaultValue(params.Limit, si.opts.DefaultTransactionsLimit), si.opts.MaxTransactionsLimit)
filter.Round = params.Round
// Integer > math.Int64
if filter.AssetID > math.MaxInt64 || filter.ApplicationID > math.MaxInt64 || (filter.Round != nil && uint64(*filter.Round) > math.MaxInt64) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that there are a lot more fields in a filter which are uint64 https://github.com/algorand/indexer/blob/develop/idb/idb.go#L196

Why are these the only ones we need to do checks for as opposed to checking all of the supplied filters?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved these checks to validateTransactionFilter and added checks for all uint64 fields except for AssetAmount which is type numeric(20) in the DB table.

errorArr = append(errorArr, errValueExceedingInt64)
}

// String
filter.AddressRole, errorArr = decodeAddressRole(params.AddressRole, params.ExcludeCloseTo, errorArr)
Expand Down
1 change: 1 addition & 0 deletions api/error_messages.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ const (
errZeroAddressAssetSenderRole = "searching transactions by zero address with asset sender role is not supported"
errZeroAddressAssetCloseToRole = "searching transactions by zero address with asset close address role is not supported"
ErrResultLimitReached = "Result limit exceeded"
errValueExceedingInt64 = "searching by round or application-id or asset-id greater than 9223372036854775807 is not supported"
)

var errUnknownAddressRole string
Expand Down
62 changes: 61 additions & 1 deletion api/handlers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"math"
"net/http"
"strconv"
"strings"
Expand Down Expand Up @@ -51,6 +52,12 @@ type ServerImplementation struct {
func validateTransactionFilter(filter *idb.TransactionFilter) error {
var errorArr = make([]string, 0)

// Round or application-id or asset-id is greater than math.MaxInt64
if filter.AssetID > math.MaxInt64 || filter.ApplicationID > math.MaxInt64 ||
(filter.Round != nil && *filter.Round > math.MaxInt64) {
errorArr = append(errorArr, errValueExceedingInt64)
}

// Round + min/max round
if filter.Round != nil && (filter.MaxRound != 0 || filter.MinRound != 0) {
errorArr = append(errorArr, errInvalidRoundAndMinMax)
Expand Down Expand Up @@ -159,6 +166,9 @@ func (si *ServerImplementation) verifyHandler(operationID string, ctx echo.Conte
// LookupAccountByID queries indexer for a given account.
// (GET /v2/accounts/{account-id})
func (si *ServerImplementation) LookupAccountByID(ctx echo.Context, accountID string, params generated.LookupAccountByIDParams) error {
if params.Round != nil && uint64(*params.Round) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountByID", ctx); err != nil {
return badRequest(ctx, err.Error())
}
shiqizng marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -212,6 +222,9 @@ func (si *ServerImplementation) LookupAccountByID(ctx echo.Context, accountID st
// LookupAccountAppLocalStates queries indexer for AppLocalState for a given account, and optionally a given app ID.
// (GET /v2/accounts/{account-id}/apps-local-state)
func (si *ServerImplementation) LookupAccountAppLocalStates(ctx echo.Context, accountID string, params generated.LookupAccountAppLocalStatesParams) error {
if params.ApplicationId != nil && uint64(*params.ApplicationId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountAppLocalStates", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -249,6 +262,9 @@ func (si *ServerImplementation) LookupAccountAppLocalStates(ctx echo.Context, ac
// LookupAccountAssets queries indexer for AssetHolding for a given account, and optionally a given asset ID.
// (GET /v2/accounts/{account-id}/assets)
func (si *ServerImplementation) LookupAccountAssets(ctx echo.Context, accountID string, params generated.LookupAccountAssetsParams) error {
if params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountAssets", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -295,6 +311,9 @@ func (si *ServerImplementation) LookupAccountAssets(ctx echo.Context, accountID
// LookupAccountCreatedApplications queries indexer for AppParams for a given account, and optionally a given app ID.
// (GET /v2/accounts/{account-id}/created-applications)
func (si *ServerImplementation) LookupAccountCreatedApplications(ctx echo.Context, accountID string, params generated.LookupAccountCreatedApplicationsParams) error {
if params.ApplicationId != nil && uint64(*params.ApplicationId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountCreatedApplications", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand All @@ -312,6 +331,9 @@ func (si *ServerImplementation) LookupAccountCreatedApplications(ctx echo.Contex
// LookupAccountCreatedAssets queries indexer for AssetParams for a given account, and optionally a given asset ID.
// (GET /v2/accounts/{account-id}/created-assets)
func (si *ServerImplementation) LookupAccountCreatedAssets(ctx echo.Context, accountID string, params generated.LookupAccountCreatedAssetsParams) error {
if params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountCreatedAssets", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand All @@ -329,6 +351,11 @@ func (si *ServerImplementation) LookupAccountCreatedAssets(ctx echo.Context, acc
// SearchForAccounts returns accounts matching the provided parameters
// (GET /v2/accounts)
func (si *ServerImplementation) SearchForAccounts(ctx echo.Context, params generated.SearchForAccountsParams) error {
if (params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64) ||
(params.ApplicationId != nil && uint64(*params.ApplicationId) > math.MaxInt64) ||
(params.Round != nil && uint64(*params.Round) > math.MaxInt64) {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("SearchForAccounts", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand All @@ -352,7 +379,7 @@ func (si *ServerImplementation) SearchForAccounts(ctx echo.Context, params gener
HasAppID: uintOrDefault(params.ApplicationId),
EqualToAuthAddr: spendingAddr[:],
IncludeDeleted: boolOrDefault(params.IncludeAll),
MaxResources: uint64(si.opts.MaxAPIResourcesPerAccount),
MaxResources: si.opts.MaxAPIResourcesPerAccount,
}

if params.Exclude != nil {
Expand Down Expand Up @@ -405,6 +432,9 @@ func (si *ServerImplementation) SearchForAccounts(ctx echo.Context, params gener
// LookupAccountTransactions looks up transactions associated with a particular account.
// (GET /v2/accounts/{account-id}/transactions)
func (si *ServerImplementation) LookupAccountTransactions(ctx echo.Context, accountID string, params generated.LookupAccountTransactionsParams) error {
if (params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64) || (params.Round != nil && uint64(*params.Round) > math.MaxInt64) {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAccountTransactions", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -443,6 +473,9 @@ func (si *ServerImplementation) LookupAccountTransactions(ctx echo.Context, acco
// SearchForApplications returns applications for the provided parameters.
// (GET /v2/applications)
func (si *ServerImplementation) SearchForApplications(ctx echo.Context, params generated.SearchForApplicationsParams) error {
if params.ApplicationId != nil && uint64(*params.ApplicationId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("SearchForApplications", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -473,6 +506,9 @@ func (si *ServerImplementation) SearchForApplications(ctx echo.Context, params g
// LookupApplicationByID returns one application for the requested ID.
// (GET /v2/applications/{application-id})
func (si *ServerImplementation) LookupApplicationByID(ctx echo.Context, applicationID uint64, params generated.LookupApplicationByIDParams) error {
if uint64(applicationID) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupApplicationByID", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -504,6 +540,9 @@ func (si *ServerImplementation) LookupApplicationByID(ctx echo.Context, applicat
// LookupApplicationLogsByID returns one application logs
// (GET /v2/applications/{application-id}/logs)
func (si *ServerImplementation) LookupApplicationLogsByID(ctx echo.Context, applicationID uint64, params generated.LookupApplicationLogsByIDParams) error {
if uint64(applicationID) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupApplicationLogsByID", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -567,6 +606,9 @@ func (si *ServerImplementation) LookupApplicationLogsByID(ctx echo.Context, appl
// LookupAssetByID looks up a particular asset
// (GET /v2/assets/{asset-id})
func (si *ServerImplementation) LookupAssetByID(ctx echo.Context, assetID uint64, params generated.LookupAssetByIDParams) error {
if uint64(assetID) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAssetByID", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -603,6 +645,9 @@ func (si *ServerImplementation) LookupAssetByID(ctx echo.Context, assetID uint64
// LookupAssetBalances looks up balances for a particular asset
// (GET /v2/assets/{asset-id}/balances)
func (si *ServerImplementation) LookupAssetBalances(ctx echo.Context, assetID uint64, params generated.LookupAssetBalancesParams) error {
if uint64(assetID) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAssetBalances", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -643,6 +688,9 @@ func (si *ServerImplementation) LookupAssetBalances(ctx echo.Context, assetID ui
// LookupAssetTransactions looks up transactions associated with a particular asset
// (GET /v2/assets/{asset-id}/transactions)
func (si *ServerImplementation) LookupAssetTransactions(ctx echo.Context, assetID uint64, params generated.LookupAssetTransactionsParams) error {
if uint64(assetID) > math.MaxInt64 || (params.Round != nil && *params.Round > math.MaxInt64) {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupAssetTransactions", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -675,6 +723,9 @@ func (si *ServerImplementation) LookupAssetTransactions(ctx echo.Context, assetI
// SearchForAssets returns assets matching the provided parameters
// (GET /v2/assets)
func (si *ServerImplementation) SearchForAssets(ctx echo.Context, params generated.SearchForAssetsParams) error {
if params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("SearchForAssets", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -704,6 +755,9 @@ func (si *ServerImplementation) SearchForAssets(ctx echo.Context, params generat
// LookupBlock returns the block for a given round number
// (GET /v2/blocks/{round-number})
func (si *ServerImplementation) LookupBlock(ctx echo.Context, roundNumber uint64) error {
if uint64(roundNumber) > math.MaxInt64 {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("LookupBlock", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -762,6 +816,11 @@ func (si *ServerImplementation) LookupTransaction(ctx echo.Context, txid string)
// SearchForTransactions returns transactions matching the provided parameters
// (GET /v2/transactions)
func (si *ServerImplementation) SearchForTransactions(ctx echo.Context, params generated.SearchForTransactionsParams) error {
if (params.AssetId != nil && uint64(*params.AssetId) > math.MaxInt64) ||
(params.ApplicationId != nil && uint64(*params.ApplicationId) > math.MaxInt64) ||
(params.Round != nil && *params.Round > math.MaxInt64) {
return badRequest(ctx, errValueExceedingInt64)
}
if err := si.verifyHandler("SearchForTransactions", ctx); err != nil {
return badRequest(ctx, err.Error())
}
Expand Down Expand Up @@ -835,6 +894,7 @@ func notFound(ctx echo.Context, err string) error {
func (si *ServerImplementation) fetchApplications(ctx context.Context, params idb.ApplicationQuery) ([]generated.Application, uint64, error) {
var round uint64
apps := make([]generated.Application, 0)
// TODO: add check
err := callWithTimeout(ctx, si.log, si.timeout, func(ctx context.Context) error {
var results <-chan idb.ApplicationRow
results, round = si.db.Applications(ctx, params)
Expand Down
Loading