input validation 2 #654
Open
input validation 2 #654
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updated `GoIter` and `GoQuerier` implementations to replace unsafe calls to `go_result.into_result` with `go_result.into_result_safe`, enhancing safety in error handling. - This change improves the overall robustness of the Go API by eliminating unsafe blocks in the iterator and querier modules.
- Modified error messages in `iterator_test.go` and `lib_test.go` to provide more specific feedback regarding gas limit and checksum format issues. - Enhanced clarity of error reporting to improve debugging and user experience.
…king - Introduced a new example in `debug_vectors.go` to demonstrate vector debugging capabilities. - Enhanced `SafeUnmanagedVector` to track consumption state and provide detailed debug information, including stack traces for consumption attempts. - Added functions to enable vector debugging and retrieve vector creation/consumption statistics. - Updated error handling in `StoreCode` and `StoreCodeUnchecked` to ensure proper validation and error messaging.
… for safer memory management - Updated comments to clarify the purpose of contract functions. - Replaced instances of copyAndDestroyUnmanagedVector with the safer CopyAndDestroyToSafeVector pattern across multiple contract functions, enhancing memory safety. - Introduced a new receiveVectorSafe function to handle UnmanagedVector safely, preventing potential double-free issues.
…or improved memory safety - Replaced all instances of copyAndDestroyUnmanagedVector with CopyAndDestroyToSafeVector in contract functions to enhance memory management. - Updated comments to reflect the safer pattern being implemented across the codebase.
- Updated test cases to replace instances of copyAndDestroyUnmanagedVector with CopyAndDestroyToSafeVector, ensuring consistent use of safer memory management practices. - Enhanced comments to clarify the safer approach being implemented in the tests.
- Updated the `Instantiate`, `Execute`, and `Query` methods to use a default `deserCost` value of 1/10000 gas per byte as defined in the VMConfig. - Replaced direct JSON unmarshalling with `DeserializeResponse` to account for gas costs in the contract function implementations. - Improved comments to clarify the changes made for gas cost management.
…d unmanaged vector functions - Introduced `is_available` method in `SafeByteSlice` to check if the byte slice is not consumed and not nil, enhancing defensive programming. - Added early return in `destroy_unmanaged_vector` to avoid unnecessary consumption of a nil vector. - Implemented early checks in `safe_unmanaged_vector_to_bytes` to prevent consuming already consumed vectors. - Updated test assertions for clarity and conciseness in error handling for consumed vectors.
- Introduced #[allow(non_camel_case_types)] attribute to the cache_t struct to suppress warnings related to naming conventions, improving code clarity and compliance with Go's conventions.
- Updated address formats in `ibc_test.go` to use Bech32-compliant addresses for consistency. - Added comprehensive address validation tests in `internal/api/address_validation_test.go` covering valid and invalid Bech32, Ethereum, and Solana addresses, as well as legacy formats. - Improved error messages in `api_test.go` for clarity on address validation failures. - Refactored `mocks.go` to support various address formats and added validation logic for empty and oversized addresses. - Introduced new tests in `libwasmvm/src/api_test.rs` to validate address formats, ensuring robust testing for address validation logic.
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR enables extensive input validation above and beyond earlier attempts including direct checks of wasm validity. Basically, this PR ensures that
wasmvmdoesn't trust users. It's possible I missed some things, though.this builds on