Skip to content

Commit

Permalink
[RPC] require valid URL scheme on budget commands
Browse files Browse the repository at this point in the history
  • Loading branch information
CaveSpectre11 committed Aug 5, 2019
1 parent afad29e commit 39d52a6
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/rpc/budget.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,9 @@ void checkBudgetInputs(const UniValue& params, std::string &strProposalName, std
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid proposal name, limit of 20 characters.");

strURL = SanitizeString(params[1].get_str());
if (strURL.size() > 64)
throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid url, limit of 64 characters.");
std::string strErr;
if (!validateURL(strURL, strErr))
throw JSONRPCError(RPC_INVALID_PARAMETER, strErr);

nPaymentCount = params[2].get_int();
if (nPaymentCount < 1)
Expand Down
40 changes: 40 additions & 0 deletions src/utilstrencodings.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,46 @@ std::string SanitizeString(const std::string& str, int rule)
return strResult;
}

/*
** bool validateURL(std::string, int [optional, defaulted to 64])
**
** Input:
** strURL: A std::string URL to be be processed for validity.
** strErr: A std::string to be filled with any error messages.
** maxSize: An int to define the maximum size the URL can be;
** Optional, defaulting to 64.
**
** Return:
** boolean true|false result if the validation passes.
** strRrror: Filled with any error messages.
*/
bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize) {

// Check URL size
if (strURL.size() > maxSize) {
strErr = strprintf("Invalid URL: %d exceeds limit of %d characters.", strURL.size(), maxSize);
return false;
}

std::vector<std::string> reqPre;

// Required initial strings; URL must contain one
reqPre.push_back("http://");
reqPre.push_back("https://");

// check fronts
bool found = false;
for (int i=0; i < reqPre.size() && !found; i++) {
if (strURL.find(reqPre[i]) == 0) found = true;
}
if ((!found) && (reqPre.size() > 0)) {
strErr = "Invalid URL, check scheme (e.g. https://)";
return false;
}

return true;
}

const signed char p_util_hexdigit[256] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
Expand Down
1 change: 1 addition & 0 deletions src/utilstrencodings.h
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ enum SafeChars
* @return A new string without unsafe chars
*/
std::string SanitizeString(const std::string& str, int rule = SAFE_CHARS_DEFAULT);
bool validateURL(std::string strURL, std::string& strErr, unsigned int maxSize = 64);
std::vector<unsigned char> ParseHex(const char* psz);
std::vector<unsigned char> ParseHex(const std::string& str);
signed char HexDigit(char c);
Expand Down

0 comments on commit 39d52a6

Please sign in to comment.