Skip to content

Commit

Permalink
Merge pull request #812 from CosmWasm/disable-stargate
Browse files Browse the repository at this point in the history
Disable stargate queries
  • Loading branch information
webmaster128 authored Apr 21, 2022
2 parents 57ead1a + 38cf60a commit 65729c5
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 58 deletions.
28 changes: 1 addition & 27 deletions x/wasm/keeper/query_plugins.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ package keeper
import (
"encoding/json"
"errors"
"fmt"
"strings"

"github.com/cosmos/cosmos-sdk/baseapp"

Expand All @@ -17,7 +15,6 @@ import (
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
distributiontypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
abci "github.com/tendermint/tendermint/abci/types"
)

type QueryHandler struct {
Expand Down Expand Up @@ -271,32 +268,9 @@ func IBCQuerier(wasm contractMetaDataSource, channelKeeper types.ChannelKeeper)
}
}

var queryDenyList = []string{
"/cosmos.tx.",
"/cosmos.base.tendermint.",
}

func StargateQuerier(queryRouter GRPCQueryRouter) func(ctx sdk.Context, request *wasmvmtypes.StargateQuery) ([]byte, error) {
return func(ctx sdk.Context, msg *wasmvmtypes.StargateQuery) ([]byte, error) {
for _, b := range queryDenyList {
if strings.HasPrefix(msg.Path, b) {
return nil, wasmvmtypes.UnsupportedRequest{Kind: "path is not allowed from the contract"}
}
}

route := queryRouter.Route(msg.Path)
if route == nil {
return nil, wasmvmtypes.UnsupportedRequest{Kind: fmt.Sprintf("No route to query '%s'", msg.Path)}
}
req := abci.RequestQuery{
Data: msg.Data,
Path: msg.Path,
}
res, err := route(ctx, req)
if err != nil {
return nil, err
}
return res.Value, nil
return nil, wasmvmtypes.UnsupportedRequest{Kind: "Stargate queries are disabled."}
}
}

Expand Down
55 changes: 24 additions & 31 deletions x/wasm/keeper/reflect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -356,34 +356,6 @@ func TestReflectStargateQuery(t *testing.T) {
require.Equal(t, len(expectedBalance), len(simpleBalance.Amount))
assert.Equal(t, simpleBalance.Amount[0].Amount, expectedBalance[0].Amount.String())
assert.Equal(t, simpleBalance.Amount[0].Denom, expectedBalance[0].Denom)

// now, try to build a protobuf query
protoQuery := banktypes.QueryAllBalancesRequest{
Address: creator.String(),
}
protoQueryBin, err := proto.Marshal(&protoQuery)
protoRequest := wasmvmtypes.QueryRequest{
Stargate: &wasmvmtypes.StargateQuery{
Path: "/cosmos.bank.v1beta1.Query/AllBalances",
Data: protoQueryBin,
},
}
protoQueryBz, err := json.Marshal(ReflectQueryMsg{
Chain: &ChainQuery{Request: &protoRequest},
})
require.NoError(t, err)

// make a query on the chain
protoRes, err := keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
require.NoError(t, err)
var protoChain ChainResponse
mustParse(t, protoRes, &protoChain)

// unmarshal raw protobuf response
var protoResult banktypes.QueryAllBalancesResponse
err = proto.Unmarshal(protoChain.Data, &protoResult)
require.NoError(t, err)
assert.Equal(t, expectedBalance, protoResult.Balances)
}

func TestReflectInvalidStargateQuery(t *testing.T) {
Expand All @@ -409,21 +381,42 @@ func TestReflectInvalidStargateQuery(t *testing.T) {
require.NotEmpty(t, contractAddr)

// now, try to build a protobuf query
protoQuery := banktypes.QueryAllBalancesRequest{
Address: creator.String(),
}
protoQueryBin, err := proto.Marshal(&protoQuery)
protoRequest := wasmvmtypes.QueryRequest{
Stargate: &wasmvmtypes.StargateQuery{
Path: "/cosmos.bank.v1beta1.Query/AllBalances",
Data: protoQueryBin,
},
}
protoQueryBz, err := json.Marshal(ReflectQueryMsg{
Chain: &ChainQuery{Request: &protoRequest},
})
require.NoError(t, err)

// make a query on the chain, should be blacklisted
_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
require.Error(t, err)
require.Contains(t, err.Error(), "Stargate queries are disabled")

// now, try to build a protobuf query
protoRequest = wasmvmtypes.QueryRequest{
Stargate: &wasmvmtypes.StargateQuery{
Path: "/cosmos.tx.v1beta1.Service/GetTx",
Data: []byte{},
},
}
protoQueryBz, err := json.Marshal(ReflectQueryMsg{
protoQueryBz, err = json.Marshal(ReflectQueryMsg{
Chain: &ChainQuery{Request: &protoRequest},
})
require.NoError(t, err)

// make a query on the chain, should be blacklisted
_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
require.Error(t, err)
require.Contains(t, err.Error(), "path is not allowed from the contract")
require.Contains(t, err.Error(), "Stargate queries are disabled")

// and another one
protoRequest = wasmvmtypes.QueryRequest{
Expand All @@ -440,7 +433,7 @@ func TestReflectInvalidStargateQuery(t *testing.T) {
// make a query on the chain, should be blacklisted
_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
require.Error(t, err)
require.Contains(t, err.Error(), "path is not allowed from the contract")
require.Contains(t, err.Error(), "Stargate queries are disabled")
}

type reflectState struct {
Expand Down

0 comments on commit 65729c5

Please sign in to comment.