Verify Stargate Queries handles properly #776
Conversation
Codecov Report
@@ Coverage Diff @@
## master #776 +/- ##
==========================================
+ Coverage 58.61% 58.63% +0.02%
==========================================
Files 49 49
Lines 5835 5838 +3
==========================================
+ Hits 3420 3423 +3
Misses 2165 2165
Partials 250 250
|
There was a problem hiding this comment.
This solves the issue already.
@webmaster128 had some good points that would improve the solution. I added some comments for bonus points.
x/wasm/keeper/query_plugins.go
Outdated
| func StargateQuerier(queryRouter GRPCQueryRouter) func(ctx sdk.Context, request *wasmvmtypes.StargateQuery) ([]byte, error) { | ||
| return func(ctx sdk.Context, msg *wasmvmtypes.StargateQuery) ([]byte, error) { | ||
| for _, b := range queryDenyList { | ||
| if strings.Contains(msg.Path, b) { | ||
| return nil, wasmvmtypes.UnsupportedRequest{Kind: fmt.Sprintf("'%s' path is not allowed from the contract", msg.Path)} |
There was a problem hiding this comment.
I want to be more sensible to not return user input in errors. Would 'path is not allowed from the contract' be good enough? The caller knows the path already.
There was a problem hiding this comment.
I updated this. The caller (user) will not know by default, as this is called from a contract. But I did redact.
Also, 3 lines lower we already had this code:
return nil, wasmvmtypes.UnsupportedRequest{Kind: fmt.Sprintf("No route to query '%s'", msg.Path)}
Which I wrote March 2021. Should we change that as well?
|
Addressed comments. Waiting for CI |
Closes #762