You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
Lisk Validator supports the int32, int64, uint32, and uint64 data formats, which can be set in schemas as the value of a property’s format field. However, we found that specifying one of these formats for a property whose data type is set to “integer” (i.e., it is encoded as a number as opposed to a string) results in the format not being validated.
For example, the schema for the setHashOnionUsage request from the random module defines a height property with type set to “integer” and format set to “uint32”
Despite this, it is possible to provide a value of height to setHashOnionUsage that is
negative or outside of the range of a 32-bit unsigned integer
Furthermore, we created the following lisk-validator tests, designed to ensure correct validation of integer formats, which fail to reject negative uint32 values and int32 values above the range of a 32-bit integer
Recommendation
Modify affected schemas to use the “string” type instead of “integer” in order to ensure that they are validated properly. Review lisk-validator’s handling of number types to ensure that integer properties provided as numbers are validated like their string counterparts.
Affected Version
v6.0.0-beta.2
The text was updated successfully, but these errors were encountered:
Description
Lisk Validator supports the
int32
,int64
,uint32
, anduint64
data formats, which can be set in schemas as the value of a property’s format field. However, we found that specifying one of these formats for a property whose data type is set to “integer” (i.e., it is encoded as a number as opposed to a string) results in the format not being validated.For example, the schema for the setHashOnionUsage request from the random module defines a height property with type set to “integer” and format set to “uint32”
https://github.com/LiskHQ/lisk-sdk/blob/89e7504ef5eb6183aefe576a93be3d6052e56038/framework/src/modules/random/schemas.ts#L129-L147
Despite this, it is possible to provide a value of
height
tosetHashOnionUsage
that isnegative or outside of the range of a 32-bit unsigned integer
Furthermore, we created the following lisk-validator tests, designed to ensure correct validation of integer formats, which fail to reject negative uint32 values and int32 values above the range of a 32-bit integer
Recommendation
Modify affected schemas to use the “string” type instead of “integer” in order to ensure that they are validated properly. Review lisk-validator’s handling of number types to ensure that integer properties provided as numbers are validated like their string counterparts.
Affected Version
v6.0.0-beta.2
The text was updated successfully, but these errors were encountered: