[RPC] require valid URL scheme on budget commands

PIVX-Project · Aug 9, 2019 · 009bd63 · 009bd63
1 parent b9ce433
commit 009bd63
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 2 deletions.
diff --git a/src/rpc/budget.cpp b/src/rpc/budget.cpp
@@ -56,8 +56,9 @@ void checkBudgetInputs(const UniValue& params, std::string &strProposalName, std
         throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal name, limit of 20 characters.");
 
     strURL = SanitizeString(params[1].get_str());
-    if (strURL.size() > 64)
-        throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid url, limit of 64 characters.");
+    std::string strErr;
+    if (!validateURL(strURL, strErr))
+        throw JSONRPCError(RPC_INVALID_PARAMETER, strErr);
 
     nPaymentCount = params[2].get_int();
     if (nPaymentCount < 1)

diff --git a/src/utilstrencodings.cpp b/src/utilstrencodings.cpp
@@ -39,6 +39,33 @@ std::string SanitizeString(const std::string& str, int rule)
     return strResult;
 }
 
+bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize) {
+
+    // Check URL size
+    if (strURL.size() > maxSize) {
+        strErr = strprintf("Invalid URL: %d exceeds limit of %d characters.", strURL.size(), maxSize);
+        return false;
+    }
+
+    std::vector<std::string> reqPre;
+
+    // Required initial strings; URL must contain one
+    reqPre.push_back("http://");
+    reqPre.push_back("https://");
+
+    // check fronts
+    bool found = false;
+    for (int i=0; i < reqPre.size() && !found; i++) {
+        if (strURL.find(reqPre[i]) == 0) found = true;
+    }
+    if ((!found) && (reqPre.size() > 0)) {
+        strErr = "Invalid URL, check scheme (e.g. https://)";
+        return false;
+    }
+
+    return true;
+}
+
 const signed char p_util_hexdigit[256] =
     {
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,

diff --git a/src/utilstrencodings.h b/src/utilstrencodings.h
@@ -40,6 +40,16 @@ enum SafeChars
 * @return           A new string without unsafe chars
 */
 std::string SanitizeString(const std::string& str, int rule = SAFE_CHARS_DEFAULT);
+
+/**
+* Check URL format for conformance for validity to a defined pattern
+* @param[in] strURL   The string to be processed for validity
+* @param[in] stdErr   A string that will be loaded with any validation error message
+* @param[in] maxSize  An unsigned int, defaulted to 64, to restrict the length
+* @return             A bool, true if valid, false if not (reason in stdErr)
+*/
+bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize = 64);
+
 std::vector<unsigned char> ParseHex(const char* psz);
 std::vector<unsigned char> ParseHex(const std::string& str);
 signed char HexDigit(char c);