From 7c7840c32a65c79e9b9525ec9488de464cbf78a0 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 14 Apr 2022 22:11:13 +0200 Subject: [PATCH 1/2] Disable stargate queries --- x/wasm/keeper/query_plugins.go | 12 +------- x/wasm/keeper/reflect_test.go | 55 +++++++++++++++------------------- 2 files changed, 25 insertions(+), 42 deletions(-) diff --git a/x/wasm/keeper/query_plugins.go b/x/wasm/keeper/query_plugins.go index 26d63ad5dc..9dcffb1c1b 100644 --- a/x/wasm/keeper/query_plugins.go +++ b/x/wasm/keeper/query_plugins.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "strings" "github.com/cosmos/cosmos-sdk/baseapp" @@ -271,18 +270,9 @@ func IBCQuerier(wasm contractMetaDataSource, channelKeeper types.ChannelKeeper) } } -var queryDenyList = []string{ - "/cosmos.tx.", - "/cosmos.base.tendermint.", -} - func StargateQuerier(queryRouter GRPCQueryRouter) func(ctx sdk.Context, request *wasmvmtypes.StargateQuery) ([]byte, error) { return func(ctx sdk.Context, msg *wasmvmtypes.StargateQuery) ([]byte, error) { - for _, b := range queryDenyList { - if strings.HasPrefix(msg.Path, b) { - return nil, wasmvmtypes.UnsupportedRequest{Kind: "path is not allowed from the contract"} - } - } + return nil, wasmvmtypes.UnsupportedRequest{Kind: "Stargate queries are disabled."} route := queryRouter.Route(msg.Path) if route == nil { diff --git a/x/wasm/keeper/reflect_test.go b/x/wasm/keeper/reflect_test.go index 37a8d2eb75..a4631a19e8 100644 --- a/x/wasm/keeper/reflect_test.go +++ b/x/wasm/keeper/reflect_test.go @@ -356,34 +356,6 @@ func TestReflectStargateQuery(t *testing.T) { require.Equal(t, len(expectedBalance), len(simpleBalance.Amount)) assert.Equal(t, simpleBalance.Amount[0].Amount, expectedBalance[0].Amount.String()) assert.Equal(t, simpleBalance.Amount[0].Denom, expectedBalance[0].Denom) - - // now, try to build a protobuf query - protoQuery := banktypes.QueryAllBalancesRequest{ - Address: creator.String(), - } - protoQueryBin, err := proto.Marshal(&protoQuery) - protoRequest := wasmvmtypes.QueryRequest{ - Stargate: &wasmvmtypes.StargateQuery{ - Path: "/cosmos.bank.v1beta1.Query/AllBalances", - Data: protoQueryBin, - }, - } - protoQueryBz, err := json.Marshal(ReflectQueryMsg{ - Chain: &ChainQuery{Request: &protoRequest}, - }) - require.NoError(t, err) - - // make a query on the chain - protoRes, err := keeper.QuerySmart(ctx, contractAddr, protoQueryBz) - require.NoError(t, err) - var protoChain ChainResponse - mustParse(t, protoRes, &protoChain) - - // unmarshal raw protobuf response - var protoResult banktypes.QueryAllBalancesResponse - err = proto.Unmarshal(protoChain.Data, &protoResult) - require.NoError(t, err) - assert.Equal(t, expectedBalance, protoResult.Balances) } func TestReflectInvalidStargateQuery(t *testing.T) { @@ -409,13 +381,34 @@ func TestReflectInvalidStargateQuery(t *testing.T) { require.NotEmpty(t, contractAddr) // now, try to build a protobuf query + protoQuery := banktypes.QueryAllBalancesRequest{ + Address: creator.String(), + } + protoQueryBin, err := proto.Marshal(&protoQuery) protoRequest := wasmvmtypes.QueryRequest{ + Stargate: &wasmvmtypes.StargateQuery{ + Path: "/cosmos.bank.v1beta1.Query/AllBalances", + Data: protoQueryBin, + }, + } + protoQueryBz, err := json.Marshal(ReflectQueryMsg{ + Chain: &ChainQuery{Request: &protoRequest}, + }) + require.NoError(t, err) + + // make a query on the chain, should be blacklisted + _, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz) + require.Error(t, err) + require.Contains(t, err.Error(), "Stargate queries are disabled") + + // now, try to build a protobuf query + protoRequest = wasmvmtypes.QueryRequest{ Stargate: &wasmvmtypes.StargateQuery{ Path: "/cosmos.tx.v1beta1.Service/GetTx", Data: []byte{}, }, } - protoQueryBz, err := json.Marshal(ReflectQueryMsg{ + protoQueryBz, err = json.Marshal(ReflectQueryMsg{ Chain: &ChainQuery{Request: &protoRequest}, }) require.NoError(t, err) @@ -423,7 +416,7 @@ func TestReflectInvalidStargateQuery(t *testing.T) { // make a query on the chain, should be blacklisted _, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz) require.Error(t, err) - require.Contains(t, err.Error(), "path is not allowed from the contract") + require.Contains(t, err.Error(), "Stargate queries are disabled") // and another one protoRequest = wasmvmtypes.QueryRequest{ @@ -440,7 +433,7 @@ func TestReflectInvalidStargateQuery(t *testing.T) { // make a query on the chain, should be blacklisted _, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz) require.Error(t, err) - require.Contains(t, err.Error(), "path is not allowed from the contract") + require.Contains(t, err.Error(), "Stargate queries are disabled") } type reflectState struct { From 38cf60a16824af3d38c23d5c1cecdbdb22bca418 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Thu, 21 Apr 2022 10:55:25 +0200 Subject: [PATCH 2/2] Remove dead code to make linter happy --- x/wasm/keeper/query_plugins.go | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/x/wasm/keeper/query_plugins.go b/x/wasm/keeper/query_plugins.go index 9dcffb1c1b..856134da8f 100644 --- a/x/wasm/keeper/query_plugins.go +++ b/x/wasm/keeper/query_plugins.go @@ -3,7 +3,6 @@ package keeper import ( "encoding/json" "errors" - "fmt" "github.com/cosmos/cosmos-sdk/baseapp" @@ -16,7 +15,6 @@ import ( sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" distributiontypes "github.com/cosmos/cosmos-sdk/x/distribution/types" stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" - abci "github.com/tendermint/tendermint/abci/types" ) type QueryHandler struct { @@ -273,20 +271,6 @@ func IBCQuerier(wasm contractMetaDataSource, channelKeeper types.ChannelKeeper) func StargateQuerier(queryRouter GRPCQueryRouter) func(ctx sdk.Context, request *wasmvmtypes.StargateQuery) ([]byte, error) { return func(ctx sdk.Context, msg *wasmvmtypes.StargateQuery) ([]byte, error) { return nil, wasmvmtypes.UnsupportedRequest{Kind: "Stargate queries are disabled."} - - route := queryRouter.Route(msg.Path) - if route == nil { - return nil, wasmvmtypes.UnsupportedRequest{Kind: fmt.Sprintf("No route to query '%s'", msg.Path)} - } - req := abci.RequestQuery{ - Data: msg.Data, - Path: msg.Path, - } - res, err := route(ctx, req) - if err != nil { - return nil, err - } - return res.Value, nil } }