Skip to content

Commit

Permalink
feat(logic): add filtered virtual FS
Browse files Browse the repository at this point in the history
  • Loading branch information
ccamel committed Apr 13, 2023
1 parent dd9d132 commit d35673d
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 3 deletions.
49 changes: 49 additions & 0 deletions x/logic/fs/filtered_fs.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
package fs

import (
"io/fs"
"net/url"

"github.com/okp4/okp4d/x/logic/util"
)

// FilteredFS is a wrapper around a fs.FS that filters out files that are not allowed to be read.
// This is used to prevent the interpreter from reading files, using protocols that are not allowed to be used
// by the interpreter on the blockchain.
// The whitelist and blacklist are mutually exclusive. If both are set, the blacklist will be ignored.
type FilteredFS struct {
decorated fs.FS
whitelist []*url.URL
blacklist []*url.URL
}

var _ fs.FS = (*FilteredFS)(nil)

// NewFilteredFS returns a new FilteredFS object that will filter out files that are not allowed to be read
// according to the whitelist and blacklist parameters.
func NewFilteredFS(whitelist, blacklist []*url.URL, decorated fs.FS) *FilteredFS {
return &FilteredFS{
decorated: decorated,
whitelist: whitelist,
blacklist: blacklist,
}
}

// Open opens the named file.
// The name parameter is a URL that will be parsed and checked against the whitelist and blacklist configured.
func (f *FilteredFS) Open(name string) (fs.File, error) {
urlFile, err := url.Parse(name)
if err != nil {
return nil, err
}

if !util.WhitelistBlacklistMatches(f.whitelist, f.blacklist, util.UrlMatches)(urlFile) {
return nil, &fs.PathError{
Op: "open",
Path: name,
Err: fs.ErrPermission,
}
}

return f.decorated.Open(name)
}
6 changes: 3 additions & 3 deletions x/logic/fs/virtual_fs.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ var _ fs.FS = (*VirtualFS)(nil)

// NewVirtualFS return a new VirtualFS object that will handle all virtual file on the interpreter.
// File can be provided from different sources like CosmWasm cw-storage smart contract.
func NewVirtualFS(ctx goctx.Context, handlers []URIHandler) VirtualFS {
func NewVirtualFS(ctx goctx.Context, handlers []URIHandler) *VirtualFS {
router := NewRouter()
for _, handler := range handlers {
router.RegisterHandler(handler)
}
return VirtualFS{
return &VirtualFS{
ctx: ctx,
router: router,
}
Expand All @@ -36,7 +36,7 @@ func NewVirtualFS(ctx goctx.Context, handlers []URIHandler) VirtualFS {
// Open should reject attempts to open names that do not satisfy
// ValidPath(name), returning a *PathError with Err set to
// ErrInvalid or ErrNotExist.
func (f VirtualFS) Open(name string) (fs.File, error) {
func (f *VirtualFS) Open(name string) (fs.File, error) {
data, err := f.router.Open(f.ctx, name)
if err != nil {
return nil, &fs.PathError{
Expand Down

0 comments on commit d35673d

Please sign in to comment.