Skip to content

Commit

Permalink
fix(security): address CVE-2021-23358
Browse files Browse the repository at this point in the history
fixes: hyperledger-cacti#1775
Signed-off-by: zondervancalvez <[email protected]>
  • Loading branch information
zondervancalvez committed Mar 25, 2022
1 parent 6e189dc commit 1bf796b
Show file tree
Hide file tree
Showing 12 changed files with 570 additions and 39 deletions.
2 changes: 1 addition & 1 deletion packages/cactus-plugin-htlc-eth-besu/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
"openapi-types": "9.1.0",
"typescript-optional": "2.0.1",
"web3": "1.5.2",
"web3-eea": "0.11.0"
"web3js-quorum": "21.7.0-rc1"
},
"devDependencies": {
"@hyperledger/cactus-plugin-keychain-memory": "1.0.0",
Expand Down
4 changes: 2 additions & 2 deletions packages/cactus-plugin-ledger-connector-besu/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@
"typescript-optional": "2.0.1",
"web3": "1.5.2",
"web3-core": "1.5.2",
"web3-eea": "0.11.0",
"web3-eth": "1.5.2",
"web3-utils": "1.5.2"
"web3-utils": "1.5.2",
"web3js-quorum": "21.7.0-rc1"
},
"devDependencies": {
"@hyperledger/cactus-plugin-keychain-memory": "1.0.0",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ import OAS from "../json/openapi.json";
import Web3 from "web3";

import type { WebsocketProvider } from "web3-core";
import EEAClient, { ICallOptions, IWeb3InstanceExtended } from "web3-eea";
//import EEAClient, { ICallOptions, IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import { Contract, ContractSendMethod } from "web3-eth-contract";
import { TransactionReceipt } from "web3-eth";
Expand Down Expand Up @@ -120,7 +121,7 @@ export class PluginLedgerConnectorBesu
private readonly log: Logger;
private readonly web3Provider: WebsocketProvider;
private readonly web3: Web3;
private web3EEA: IWeb3InstanceExtended | undefined;
private web3Quorum: IWeb3Quorum | undefined;
private readonly pluginRegistry: PluginRegistry;
private contracts: {
[name: string]: Contract;
Expand Down Expand Up @@ -183,8 +184,7 @@ export class PluginLedgerConnectorBesu
}

public async onPluginInit(): Promise<void> {
const chainId = await this.web3.eth.getChainId();
this.web3EEA = EEAClient(this.web3, chainId);
this.web3Quorum = Web3JsQuorum(this.web3);
}

public async shutdown(): Promise<void> {
Expand Down Expand Up @@ -471,18 +471,19 @@ export class PluginLedgerConnectorBesu
privateKey: privKey,
privateFor: req.privateTransactionConfig.privateFor,
};
if (!this.web3EEA) {
throw new RuntimeError(`InvalidState: web3EEA not initialized.`);
if (!this.web3Quorum) {
throw new RuntimeError(`InvalidState: web3Quorum not initialized.`);
}

const privacyGroupId = this.web3EEA.priv.generatePrivacyGroup(fnParams);
const privacyGroupId = this.web3Quorum.utils.generatePrivacyGroup(
fnParams,
);
this.log.debug("Generated privacyGroupId: ", privacyGroupId);
callOutput = await this.web3EEA.priv.call({
privacyGroupId,
callOutput = await this.web3Quorum.priv.call(privacyGroupId, {
to: contractInstance.options.address,
data,
// TODO: Update the "from" property of ICallOptions to be optional
} as ICallOptions);
});

success = true;
this.log.debug(`Web3 EEA Call output: `, callOutput);
Expand Down Expand Up @@ -636,11 +637,13 @@ export class PluginLedgerConnectorBesu
public async transactPrivate(options: any): Promise<RunTransactionResponse> {
const fnTag = `${this.className}#transactPrivate()`;

if (!this.web3EEA) {
if (!this.web3Quorum) {
throw new Error(`${fnTag} Web3 EEA client not initialized.`);
}

const txHash = await this.web3EEA.eea.sendRawTransaction(options);
const txHash = await this.web3Quorum.priv.generateAndSendRawTransaction(
options,
);

if (!txHash) {
throw new Error(`${fnTag} eea.sendRawTransaction provided no tx hash.`);
Expand All @@ -654,13 +657,12 @@ export class PluginLedgerConnectorBesu
): Promise<RunTransactionResponse> {
const fnTag = `${this.className}#getPrivateTxReceipt()`;

if (!this.web3EEA) {
throw new Error(`${fnTag} Web3 EEA client not initialized.`);
if (!this.web3Quorum) {
throw new Error(`${fnTag} Web3 Quorum client not initialized.`);
}

const txPoolReceipt = await this.web3EEA.priv.getTransactionReceipt(
const txPoolReceipt = await this.web3Quorum.priv.waitForTransactionReceipt(
txHash,
privateFrom,
);
if (!txPoolReceipt) {
throw new RuntimeError(`priv.getTransactionReceipt provided no receipt.`);
Expand Down
2 changes: 1 addition & 1 deletion packages/cactus-test-plugin-htlc-eth-besu/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"axios": "0.21.4",
"key-encoder": "2.0.3",
"web3": "1.5.2",
"web3-eea": "0.11.0"
"web3js-quorum": "21.7.0-rc1"
},
"devDependencies": {
"@types/express": "4.17.13"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"@hyperledger/cactus-test-tooling": "1.0.0",
"key-encoder": "2.0.3",
"web3": "1.5.2",
"web3-eea": "0.11.0"
"web3js-quorum": "21.7.0-rc1"
},
"engines": {
"node": ">=10",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -128,7 +128,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 2018);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -147,7 +147,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);

await web3.eth.getTransaction(transactionHash);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -137,7 +137,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 2018);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -156,7 +156,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);

const transaction = await web3.eth.getTransaction(transactionHash);
const singData = jsObjectSigner.sign(transaction.input);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -131,7 +131,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 1337);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -150,7 +150,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);
await web3.eth.getTransaction(transactionHash);

/*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -131,7 +131,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 1337);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -150,7 +150,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);

await web3.eth.getTransaction(transactionHash);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -131,7 +131,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 1337);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -150,7 +150,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);

await web3.eth.getTransaction(transactionHash);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { createServer } from "http";
import KeyEncoder from "key-encoder";
import { AddressInfo } from "net";
import Web3 from "web3";
import EEAClient, { IWeb3InstanceExtended } from "web3-eea";
import Web3JsQuorum, { IWeb3Quorum } from "web3js-quorum";

import {
ApiServer,
Expand Down Expand Up @@ -140,7 +140,7 @@ test(testCase, async (t: Test) => {

const web3Provider = new Web3.providers.HttpProvider(rpcApiHttpHost);
const web3 = new Web3(web3Provider);
const web3Eea: IWeb3InstanceExtended = EEAClient(web3, 1337);
const web3JsQuorum: IWeb3Quorum = Web3JsQuorum(web3);

const orionKeyPair = await besuTestLedger.getOrionKeyPair();
const besuKeyPair = await besuTestLedger.getBesuKeyPair();
Expand All @@ -159,7 +159,9 @@ test(testCase, async (t: Test) => {
privateKey: besuPrivateKey,
};

const transactionHash = await web3Eea.eea.sendRawTransaction(contractOptions);
const transactionHash = await web3JsQuorum.priv.generateAndSendRawTransaction(
contractOptions,
);

const transaction = await web3.eth.getTransaction(transactionHash);
const singData = jsObjectSigner.sign(transaction.input);
Expand Down
Loading

0 comments on commit 1bf796b

Please sign in to comment.