Merge branch 'master' of github.com:desmos-labs/desmos into riccardo/…

…fix-permission-messages � Conflicts: � x/subspaces/keeper/msg_server.go � x/subspaces/keeper/msg_server_test.go
desmos-labs · Apr 4, 2022 · 52fcdc3 · 52fcdc3
2 parents 89342bf + 3edee0a
commit 52fcdc3
Show file tree

Hide file tree

Showing 11 changed files with 411 additions and 32 deletions.
diff --git a/.changeset/entries/6e78e6f7f9486799935df288f3d1467a646116fddc2952e79e559b1d4cc58d79.yaml b/.changeset/entries/6e78e6f7f9486799935df288f3d1467a646116fddc2952e79e559b1d4cc58d79.yaml
@@ -0,0 +1,6 @@
+type: fix
+module: x/subspaces
+pull_request: 801
+description: Added permissions sanitization
+backward_compatible: true
+date: 2022-04-01T09:09:14.889652713Z
diff --git a/testutil/context.go b/testutil/context.go
@@ -0,0 +1,32 @@
+package testutil
+
+import (
+	"github.com/cosmos/cosmos-sdk/store"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/tendermint/tendermint/libs/log"
+	tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
+	dbm "github.com/tendermint/tm-db"
+)
+
+func BuildContext(
+	keys map[string]*sdk.KVStoreKey, tKeys map[string]*sdk.TransientStoreKey, memKeys map[string]*sdk.MemoryStoreKey,
+) sdk.Context {
+	db := dbm.NewMemDB()
+	cms := store.NewCommitMultiStore(db)
+	for _, key := range keys {
+		cms.MountStoreWithDB(key, sdk.StoreTypeIAVL, db)
+	}
+	for _, tKey := range tKeys {
+		cms.MountStoreWithDB(tKey, sdk.StoreTypeTransient, db)
+	}
+	for _, memKey := range memKeys {
+		cms.MountStoreWithDB(memKey, sdk.StoreTypeMemory, nil)
+	}
+
+	err := cms.LoadLatestVersion()
+	if err != nil {
+		panic(err)
+	}
+
+	return sdk.NewContext(cms, tmproto.Header{}, false, log.NewNopLogger())
+}
diff --git a/x/profiles/legacy/v5/store_test.go b/x/profiles/legacy/v5/store_test.go
@@ -12,44 +12,16 @@ import (
 	"github.com/desmos-labs/desmos/v3/testutil"
 	profilestypes "github.com/desmos-labs/desmos/v3/x/profiles/types"
 
-	"github.com/cosmos/cosmos-sdk/store"
+	sdk "github.com/cosmos/cosmos-sdk/types"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
 	capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types"
 	paramstypes "github.com/cosmos/cosmos-sdk/x/params/types"
-	"github.com/tendermint/tendermint/libs/log"
-	tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
-	dbm "github.com/tendermint/tm-db"
-
-	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/stretchr/testify/require"
 
 	"github.com/desmos-labs/desmos/v3/app"
 	"github.com/desmos-labs/desmos/v3/x/relationships/types"
 )
 
-func buildContext(
-	keys map[string]*sdk.KVStoreKey, tKeys map[string]*sdk.TransientStoreKey, memKeys map[string]*sdk.MemoryStoreKey,
-) sdk.Context {
-	db := dbm.NewMemDB()
-	cms := store.NewCommitMultiStore(db)
-	for _, key := range keys {
-		cms.MountStoreWithDB(key, sdk.StoreTypeIAVL, db)
-	}
-	for _, tKey := range tKeys {
-		cms.MountStoreWithDB(tKey, sdk.StoreTypeTransient, db)
-	}
-	for _, memKey := range memKeys {
-		cms.MountStoreWithDB(memKey, sdk.StoreTypeMemory, nil)
-	}
-
-	err := cms.LoadLatestVersion()
-	if err != nil {
-		panic(err)
-	}
-
-	return sdk.NewContext(cms, tmproto.Header{}, false, log.NewNopLogger())
-}
-
 func TestMigrateStore(t *testing.T) {
 	cdc, _ := app.MakeCodecs()
 
@@ -154,7 +126,7 @@ func TestMigrateStore(t *testing.T) {
 	for _, tc := range testCases {
 		tc := tc
 		t.Run(tc.name, func(t *testing.T) {
-			ctx := buildContext(keys, tKeys, memKeys)
+			ctx := testutil.BuildContext(keys, tKeys, memKeys)
 			if tc.store != nil {
 				tc.store(ctx)
 			}

diff --git a/x/subspaces/keeper/migrations.go b/x/subspaces/keeper/migrations.go
@@ -0,0 +1,26 @@
+package keeper
+
+import (
+	sdk "github.com/cosmos/cosmos-sdk/types"
+
+	v2 "github.com/desmos-labs/desmos/v3/x/subspaces/legacy/v2"
+)
+
+// DONTCOVER
+
+// Migrator is a struct for handling in-place store migrations.
+type Migrator struct {
+	keeper Keeper
+}
+
+// NewMigrator returns a new Migrator
+func NewMigrator(keeper Keeper) Migrator {
+	return Migrator{
+		keeper: keeper,
+	}
+}
+
+// Migrate1to2 migrates from version 1 to 2.
+func (m Migrator) Migrate1to2(ctx sdk.Context) error {
+	return v2.MigrateStore(ctx, m.keeper.storeKey, m.keeper.cdc)
+}
diff --git a/x/subspaces/keeper/msg_server.go b/x/subspaces/keeper/msg_server.go
@@ -277,6 +277,11 @@ func (k msgServer) SetUserGroupPermissions(goCtx context.Context, msg *types.Msg
 		return nil, sdkerrors.Wrapf(types.ErrPermissionDenied, "you cannot manage permissions in this subspace")
 	}
 
+	// Make sure the permission is valid
+	if !types.IsPermissionValid(msg.Permissions) {
+		return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "invalid permission value")
+	}
+
 	// Make sure that the user is not part of the group they want to change the permissions for, unless they are the owner
 	if subspace.Owner != msg.Signer && k.IsMemberOfGroup(ctx, msg.SubspaceID, msg.GroupID, signer) {
 		return nil, sdkerrors.Wrapf(sdkerrors.ErrInvalidRequest, "cannot set the permissions for a group you are part of")
@@ -480,6 +485,11 @@ func (k msgServer) SetUserPermissions(goCtx context.Context, msg *types.MsgSetUs
 		return nil, sdkerrors.Wrapf(types.ErrPermissionDenied, "you cannot manage permissions in this subspace")
 	}
 
+	// Make sure the permission is valid
+	if !types.IsPermissionValid(msg.Permissions) {
+		return nil, sdkerrors.Wrap(sdkerrors.ErrInvalidRequest, "invalid permission value")
+	}
+
 	// Set the permissions
 	if msg.Permissions == types.PermissionNothing {
 		// Remove the permission to clear the store if PermissionNothing is used

diff --git a/x/subspaces/keeper/msg_server_test.go b/x/subspaces/keeper/msg_server_test.go
@@ -913,6 +913,38 @@ func (suite *KeeperTestsuite) TestMsgServer_SetUserGroupPermissions() {
 			),
 			shouldErr: true,
 		},
+		{
+			name: "invalid permission value returns error",
+			store: func(ctx sdk.Context) {
+				suite.k.SaveSubspace(ctx, types.NewSubspace(
+					1,
+					"Test subspace",
+					"This is a test subspace",
+					"cosmos1qzskhrcjnkdz2ln4yeafzsdwht8ch08j4wed69",
+					"cosmos1m0czrla04f7rp3zg7dsgc4kla54q7pc4xt00l5",
+					"cosmos1qzskhrcjnkdz2ln4yeafzsdwht8ch08j4wed69",
+					time.Date(2020, 1, 1, 12, 00, 00, 000, time.UTC),
+				))
+				suite.k.SaveUserGroup(ctx, types.NewUserGroup(
+					1,
+					1,
+					"Test group",
+					"This is a test group",
+					types.PermissionWrite,
+				))
+
+				sdkAddr, err := sdk.AccAddressFromBech32("cosmos1x5pjlvufs4znnhhkwe8v4tw3kz30f3lxgwza53")
+				suite.Require().NoError(err)
+				suite.k.SetUserPermissions(ctx, 1, sdkAddr, types.PermissionSetPermissions)
+			},
+			msg: types.NewMsgSetUserGroupPermissions(
+				1,
+				1,
+				256,
+				"cosmos1x5pjlvufs4znnhhkwe8v4tw3kz30f3lxgwza53",
+			),
+			shouldErr: true,
+		},
 		{
 			name: "setting the permissions for a group you are part of returns error if not owner",
 			store: func(ctx sdk.Context) {
@@ -1000,7 +1032,7 @@ func (suite *KeeperTestsuite) TestMsgServer_SetUserGroupPermissions() {
 			},
 		},
 		{
-			name: "existing group is deleted properly",
+			name: "group permissions are updated correctly",
 			store: func(ctx sdk.Context) {
 				suite.k.SaveSubspace(ctx, types.NewSubspace(
 					1,
@@ -1621,6 +1653,31 @@ func (suite *KeeperTestsuite) TestMsgServer_SetUserPermissions() {
 			),
 			shouldErr: true,
 		},
+		{
+			name: "invalid permission returns error",
+			store: func(ctx sdk.Context) {
+				suite.k.SaveSubspace(ctx, types.NewSubspace(
+					1,
+					"Test subspace",
+					"This is a test subspace",
+					"cosmos1qzskhrcjnkdz2ln4yeafzsdwht8ch08j4wed69",
+					"cosmos1m0czrla04f7rp3zg7dsgc4kla54q7pc4xt00l5",
+					"cosmos1qzskhrcjnkdz2ln4yeafzsdwht8ch08j4wed69",
+					time.Date(2020, 1, 1, 12, 00, 00, 000, time.UTC),
+				))
+
+				sdkAddr, err := sdk.AccAddressFromBech32("cosmos1x5pjlvufs4znnhhkwe8v4tw3kz30f3lxgwza53")
+				suite.Require().NoError(err)
+				suite.k.SetUserPermissions(ctx, 1, sdkAddr, types.PermissionSetPermissions)
+			},
+			msg: types.NewMsgSetUserPermissions(
+				1,
+				"cosmos1x5pjlvufs4znnhhkwe8v4tw3kz30f3lxgwza53",
+				256,
+				"cosmos1x5pjlvufs4znnhhkwe8v4tw3kz30f3lxgwza53",
+			),
+			shouldErr: true,
+		},
 		{
 			name: "permissions are set correctly",
 			store: func(ctx sdk.Context) {

diff --git a/x/subspaces/legacy/v2/store.go b/x/subspaces/legacy/v2/store.go
@@ -0,0 +1,87 @@
+package v2
+
+import (
+	"github.com/cosmos/cosmos-sdk/codec"
+	"github.com/cosmos/cosmos-sdk/store/prefix"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+
+	"github.com/desmos-labs/desmos/v3/x/subspaces/types"
+)
+
+func MigrateStore(ctx sdk.Context, storeKey sdk.StoreKey, cdc codec.BinaryCodec) error {
+	store := ctx.KVStore(storeKey)
+
+	err := fixGroupsPermissions(store, cdc)
+	if err != nil {
+		return err
+	}
+
+	fixUsersPermissions(store)
+
+	return nil
+}
+
+func fixGroupsPermissions(store sdk.KVStore, cdc codec.BinaryCodec) error {
+	groupsStore := prefix.NewStore(store, types.GroupsPrefix)
+	iterator := groupsStore.Iterator(nil, nil)
+
+	var groups []types.UserGroup
+	for ; iterator.Valid(); iterator.Next() {
+		var group types.UserGroup
+		err := cdc.Unmarshal(iterator.Value(), &group)
+		if err != nil {
+			return err
+		}
+
+		// Sanitize the permissions
+		group.Permissions = types.SanitizePermission(group.Permissions)
+		groups = append(groups, group)
+	}
+
+	iterator.Close()
+
+	// Store the new groups
+	for i, group := range groups {
+		bz, err := cdc.Marshal(&groups[i])
+		if err != nil {
+			return err
+		}
+
+		store.Set(types.GroupStoreKey(group.SubspaceID, group.ID), bz)
+	}
+
+	return nil
+}
+
+type userPermissionDetails struct {
+	subspaceID  uint64
+	user        sdk.AccAddress
+	permissions types.Permission
+}
+
+func fixUsersPermissions(store sdk.KVStore) {
+	permissionsStore := prefix.NewStore(store, types.UserPermissionsStorePrefix)
+	iterator := permissionsStore.Iterator(nil, nil)
+
+	var permissions []userPermissionDetails
+	for ; iterator.Valid(); iterator.Next() {
+		// The first 8 bytes are the subspace id (uint64 takes up 8 bytes)
+		// The remaining bytes are the user address
+		subspaceBz, addressBz := iterator.Key()[:8], iterator.Key()[8:]
+
+		permissions = append(permissions, userPermissionDetails{
+			subspaceID: types.GetSubspaceIDFromBytes(subspaceBz),
+			user:       types.GetAddressBytes(addressBz),
+
+			// Sanitize the permission
+			permissions: types.SanitizePermission(types.UnmarshalPermission(iterator.Value())),
+		})
+	}
+
+	iterator.Close()
+
+	// Store the new permissions
+	for _, entry := range permissions {
+		store.Set(types.UserPermissionStoreKey(entry.subspaceID, entry.user), types.MarshalPermission(entry.permissions))
+	}
+}