Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(gnovm): forbid importing realms in packages #3042

Open
wants to merge 41 commits into
base: master
Choose a base branch
from
+181 −154
Open

feat(gnovm): forbid importing realms in packages #3042

Show file tree
Hide file tree
Changes from 37 commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
f2fb5f7
fix: forbid importing realms from pure packages r/ from p/
MikaelVallenet Oct 28, 2024
112daa1
fix: handle different domain name
MikaelVallenet Oct 28, 2024
144f4a2
fix: use index instead of splitting the path
MikaelVallenet Oct 28, 2024
29d018e
fix: remove redundant condition
MikaelVallenet Oct 28, 2024
4b733e3
fix: check there is no slash before instead of looking for one
MikaelVallenet Oct 28, 2024
9f6f5cb
fix: run golangci-lint
MikaelVallenet Oct 29, 2024
1f12e19
test: adapt assert origin call txtar test
MikaelVallenet Oct 29, 2024
aab9d55
fix: skip unparsable file
MikaelVallenet Oct 29, 2024
4fbe93d
test: adapt prevrealm test txtar
MikaelVallenet Oct 29, 2024
8f61825
fix: remove groups file in groups pkg since it's just a wrapper of bo…
MikaelVallenet Oct 29, 2024
d2f0200
chore: run gno mod tidy
MikaelVallenet Oct 29, 2024
7b026d1
fix: remove call from realm into pkg demo/test
MikaelVallenet Oct 29, 2024
e26a293
test: add txtar testfile to import realm into pkg
MikaelVallenet Oct 29, 2024
91aa244
fix: remove testfile about realm to pkg import
MikaelVallenet Oct 29, 2024
794b5a9
fix: adapt zrealm_crossrealm11 test to new import restriction
MikaelVallenet Oct 29, 2024
a54975d
fix: txtar prevrealm & import realm into pkg
MikaelVallenet Oct 29, 2024
da09313
fix: txtat import realm pkg
MikaelVallenet Oct 29, 2024
d52969c
fix: trying to fix txtar test
MikaelVallenet Oct 29, 2024
eccc2e4
fix: remove txtar not working test file
MikaelVallenet Oct 29, 2024
a0fc9f6
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
0fc525c
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
49828e8
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
9af0e68
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
5459c2d
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
c92d714
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
fde9ddd
fix: add test import about pkg importing realm not working
MikaelVallenet Oct 29, 2024
b28d1bd
Merge branch 'master' into dev/mikaelvallenet/forbid-importing-realms
MikaelVallenet Oct 29, 2024
7116ef1
chore: optimization
MikaelVallenet Oct 30, 2024
90190a0
chore: optimization
MikaelVallenet Oct 30, 2024
7b64799
fix: add test for handling /r/ as a realm name or namespace
MikaelVallenet Oct 30, 2024
c5512bc
Merge remote-tracking branch 'upstream/master' into dev/mikaelvallene…
MikaelVallenet Oct 31, 2024
ad1c8df
fix(gnovom): optimize
MikaelVallenet Oct 31, 2024
cf90c37
fix(gnovm): return error on parsing error
MikaelVallenet Oct 31, 2024
dd1bd94
fix(gnovm): add body to testfiles to avoid crash on test parsing
MikaelVallenet Oct 31, 2024
21f15fe
fix(gnovm): add pkg import in assertorigincall txtar
MikaelVallenet Oct 31, 2024
128f7f4
fix(gnovm): add pkg import from msgrun in prevrealm txtar
MikaelVallenet Oct 31, 2024
530edfb
Merge remote-tracking branch 'upstream/master' into dev/mikaelvallene…
MikaelVallenet Oct 31, 2024
63be6b3
fix(gnovm): re order index in prevrealm txtar
MikaelVallenet Oct 31, 2024
6081a7b
test(gnovm): add two test case file about empty gno file & non gno fi…
MikaelVallenet Oct 31, 2024
8d97af3
test(gnovm): fix order
MikaelVallenet Oct 31, 2024
8f0bbc1
Merge remote-tracking branch 'upstream/master' into dev/mikaelvallene…
MikaelVallenet Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions examples/gno.land/p/demo/groups/gno.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
module gno.land/p/demo/groups

require (
gno.land/p/demo/rat v0.0.0-latest
gno.land/r/demo/boards v0.0.0-latest
)
require gno.land/p/demo/rat v0.0.0-latest
8 changes: 0 additions & 8 deletions examples/gno.land/p/demo/groups/groups.gno
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion examples/gno.land/p/demo/tests/gno.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,4 @@ module gno.land/p/demo/tests
require (
gno.land/p/demo/tests/subtests v0.0.0-latest
gno.land/p/demo/uassert v0.0.0-latest
gno.land/r/demo/tests v0.0.0-latest
)
13 changes: 0 additions & 13 deletions examples/gno.land/p/demo/tests/tests.gno
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,10 @@ import (
"std"

psubtests "gno.land/p/demo/tests/subtests"
"gno.land/r/demo/tests"
rtests "gno.land/r/demo/tests"
)

const World = "world"

// IncCounter demonstrates that it's possible to call a realm function from
// a package. So a package can potentially write into the store, by calling
// an other realm.
func IncCounter() {
tests.IncCounter()
}

func CurrentRealmPath() string {
return std.CurrentRealm().PkgPath()
}
Expand Down Expand Up @@ -64,10 +55,6 @@ func GetPSubtestsPrevRealm() std.Realm {
return psubtests.GetPrevRealm()
}

func GetRTestsGetPrevRealm() std.Realm {
return rtests.GetPrevRealm()
}

// Warning: unsafe pattern.
func Exec(fn func()) {
fn()
Expand Down
16 changes: 0 additions & 16 deletions examples/gno.land/p/demo/tests/z0_filetest.gno
View file
Open in desktop

This file was deleted.

73 changes: 26 additions & 47 deletions gno.land/cmd/gnoland/testdata/assertorigincall.txtar
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,16 @@
# | 4 | | through /r/foo | myrealm.A() | PANIC |
# | 5 | | | myrealm.B() | pass |
# | 6 | | | myrealm.C() | PANIC |
# | 7 | | through /p/demo/bar | myrealm.A() | PANIC |
# | 7 | MsgRun | wallet direct | myrealm.A() | PANIC |
# | 8 | | | myrealm.B() | pass |
# | 9 | | | myrealm.C() | PANIC |
# | 10 | MsgRun | wallet direct | myrealm.A() | PANIC |
# | 10 | | through /r/foo | myrealm.A() | PANIC |
# | 11 | | | myrealm.B() | pass |
# | 12 | | | myrealm.C() | PANIC |
# | 13 | | through /r/foo | myrealm.A() | PANIC |
# | 14 | | | myrealm.B() | pass |
# | 15 | | | myrealm.C() | PANIC |
# | 16 | | through /p/demo/bar | myrealm.A() | PANIC |
# | 17 | | | myrealm.B() | pass |
# | 18 | | | myrealm.C() | PANIC |
# | 19 | MsgCall | wallet direct | std.AssertOriginCall() | pass |
# | 20 | MsgRun | wallet direct | std.AssertOriginCall() | PANIC |
# | 13 | | through /p/demo/bar | bar.A() | PANIC |
# | 14 | | | bar.B() | pass |
# | 15 | | | bar.C() | PANIC |
# | 16 | MsgRun | wallet direct | std.AssertOriginCall() | PANIC |

# Init
## set up and start a new node
Expand Down Expand Up @@ -56,61 +52,43 @@ stdout 'OK!'
! gnokey maketx call -pkgpath gno.land/r/foo -func C -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
stderr 'invalid non-origin call'

## remove due to update to maketx call can only call realm (case 7,8,9)
## 7. MsgCall -> p/demo/bar.A -> myrlm.A: PANIC
## ! gnokey maketx call -pkgpath gno.land/p/demo/bar -func A -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stderr 'invalid non-origin call'

## 8. MsgCall -> p/demo/bar.B -> myrlm.B: PASS
## gnokey maketx call -pkgpath gno.land/p/demo/bar -func B -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stdout 'OK!'

## 9. MsgCall -> p/demo/bar.C -> myrlm.C: PANIC
## ! gnokey maketx call -pkgpath gno.land/p/demo/bar -func C -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stderr 'invalid non-origin call'

## 10. MsgRun -> run.main -> myrlm.A: PANIC
## 7. MsgRun -> run.main -> myrlm.A: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/myrlmA.gno
stderr 'invalid non-origin call'

## 11. MsgRun -> run.main -> myrlm.B: PASS
## 8. MsgRun -> run.main -> myrlm.B: PASS
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/myrlmB.gno
stdout 'OK!'

## 12. MsgRun -> run.main -> myrlm.C: PANIC
## 9. MsgRun -> run.main -> myrlm.C: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/myrlmC.gno
stderr 'invalid non-origin call'

## 13. MsgRun -> run.main -> foo.A: PANIC
## 10. MsgRun -> run.main -> foo.A: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/fooA.gno
stderr 'invalid non-origin call'

## 14. MsgRun -> run.main -> foo.B: PASS
## 11. MsgRun -> run.main -> foo.B: PASS
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/fooB.gno
stdout 'OK!'

## 15. MsgRun -> run.main -> foo.C: PANIC
## 12. MsgRun -> run.main -> foo.C: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/fooC.gno
stderr 'invalid non-origin call'

## 16. MsgRun -> run.main -> bar.A: PANIC
## 13. MsgRun -> run.main -> bar.A: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barA.gno
stderr 'invalid non-origin call'

## 17. MsgRun -> run.main -> bar.B: PASS
## 14. MsgRun -> run.main -> bar.B: PASS
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barB.gno
stdout 'OK!'

## 18. MsgRun -> run.main -> bar.C: PANIC
## 15. MsgRun -> run.main -> bar.C: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barC.gno
stderr 'invalid non-origin call'

## remove testcase 19 due to maketx call forced to call a realm
## 19. MsgCall -> std.AssertOriginCall: pass
## gnokey maketx call -pkgpath std -func AssertOriginCall -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stdout 'OK!'

## 20. MsgRun -> std.AssertOriginCall: PANIC
## 16. MsgRun -> std.AssertOriginCall: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/baz.gno
stderr 'invalid non-origin call'

Expand All @@ -133,24 +111,25 @@ func B() {
func C() {
std.AssertOriginCall()
}
-- r/foo/foo.gno --
package foo
-- p/demo/bar/bar.gno --
package bar

import "gno.land/r/myrlm"
import "std"

func A() {
myrlm.A()
C()
}

func B() {
myrlm.B()
if false {
C()
}
}

func C() {
myrlm.C()
std.AssertOriginCall()
}
-- p/demo/bar/bar.gno --
package bar
-- r/foo/foo.gno --
package foo

import "gno.land/r/myrlm"

Expand Down
47 changes: 18 additions & 29 deletions gno.land/cmd/gnoland/testdata/prevrealm.txtar
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,14 @@
# | 2 | | | myrlm.B() | user address |
# | 3 | | through /r/foo | myrlm.A() | r/foo |
# | 4 | | | myrlm.B() | r/foo |
# | 5 | | through /p/demo/bar | myrlm.A() | user address |
# | 5 | MsgRun | wallet direct | myrlm.A() | user address |
# | 6 | | | myrlm.B() | user address |
# | 7 | MsgRun | wallet direct | myrlm.A() | user address |
# | 8 | | | myrlm.B() | user address |
# | 9 | | through /r/foo | myrlm.A() | r/foo |
# | 10 | | | myrlm.B() | r/foo |
# | 11 | | through /p/demo/bar | myrlm.A() | user address |
# | 12 | | | myrlm.B() | user address |
# | 13 | MsgCall | wallet direct | std.PrevRealm() | user address |
# | 14 | MsgRun | wallet direct | std.PrevRealm() | user address |
# | 7 | | through /r/foo | myrlm.A() | r/foo |
# | 8 | | | myrlm.B() | r/foo |
# | 11 | | through /p/demo/bar | bar.A() | user address |
# | 12 | | | bar.B() | user address |
# | 9 | MsgCall | wallet direct | std.PrevRealm() | user address |
# | 10 | MsgRun | wallet direct | std.PrevRealm() | user address |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

order and index do not match the actual tests below


# Init
## deploy myrlm
Expand Down Expand Up @@ -49,44 +47,35 @@ stdout ${RFOO_ADDR}
gnokey maketx call -pkgpath gno.land/r/foo -func B -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
stdout ${RFOO_ADDR}

## remove due to update to maketx call can only call realm (case 5, 6, 13)
## 5. MsgCall -> p/demo/bar.A -> myrlm.A: user address
## gnokey maketx call -pkgpath gno.land/p/demo/bar -func A -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stdout ${USER_ADDR_test1}

## 6. MsgCall -> p/demo/bar.B -> myrlm.B -> r/foo.A: user address
## gnokey maketx call -pkgpath gno.land/p/demo/bar -func B -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stdout ${USER_ADDR_test1}

## 7. MsgRun -> myrlm.A: user address
## 5. MsgRun -> myrlm.A: user address
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/myrlmA.gno
stdout ${USER_ADDR_test1}

## 8. MsgRun -> myrealm.B -> myrlm.A: user address
## 6. MsgRun -> myrealm.B -> myrlm.A: user address
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/myrlmB.gno
stdout ${USER_ADDR_test1}

## 9. MsgRun -> r/foo.A -> myrlm.A: r/foo
## 7. MsgRun -> r/foo.A -> myrlm.A: r/foo
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/fooA.gno
stdout ${RFOO_ADDR}

## 10. MsgRun -> r/foo.B -> myrlm.B -> r/foo.A: r/foo
## 8. MsgRun -> r/foo.B -> myrlm.B -> r/foo.A: r/foo
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/fooB.gno
stdout ${RFOO_ADDR}

## 11. MsgRun -> p/demo/bar.A -> myrlm.A: user address
## 9. MsgRun -> p/demo/bar.A -> myrlm.A: user address
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barA.gno
stdout ${USER_ADDR_test1}

## 12. MsgRun -> p/demo/bar.B -> myrlm.B -> r/foo.A: user address
## 10. MsgRun -> p/demo/bar.B -> myrlm.B -> r/foo.A: user address
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barB.gno
stdout ${USER_ADDR_test1}

## 13. MsgCall -> std.PrevRealm(): user address
## 9. MsgCall -> std.PrevRealm(): user address
## gnokey maketx call -pkgpath std -func PrevRealm -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1
## stdout ${USER_ADDR_test1}

## 14. MsgRun -> std.PrevRealm(): user address
## 10. MsgRun -> std.PrevRealm(): user address
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/baz.gno
stdout ${USER_ADDR_test1}

Expand Down Expand Up @@ -117,14 +106,14 @@ func B() string {
-- p/demo/bar/bar.gno --
package bar

import "gno.land/r/myrlm"
import "std"

func A() string {
return myrlm.A()
return std.PrevRealm().Addr().String()
}

func B() string {
return myrlm.B()
return A()
}
-- run/myrlmA.gno --
package main
Expand Down
24 changes: 24 additions & 0 deletions gnovm/memfile.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

import (
"fmt"
"go/parser"
"go/token"
"regexp"
"sort"
"strings"
Expand Down Expand Up @@ -87,6 +89,28 @@
prev = file.Name
}

pIndex := strings.Index(mempkg.Path, "/p/")
if pIndex > 0 && !strings.ContainsRune(mempkg.Path[:pIndex], '/') {
for _, file := range mempkg.Files {
if !strings.HasSuffix(file.Name, ".gno") {
continue

Check warning on line 96 in gnovm/memfile.go

View check run for this annotation

Codecov / codecov/patch

gnovm/memfile.go#L96 

Added line #L96 was not covered by tests
}
fset := token.NewFileSet()
astFile, err := parser.ParseFile(fset, file.Name, file.Body, parser.ImportsOnly)
if err != nil {
return fmt.Errorf("failed to parse imports in file %q of package %q: %w", file.Name, mempkg.Path, err)
}

Check warning on line 102 in gnovm/memfile.go

View check run for this annotation

Codecov / codecov/patch

gnovm/memfile.go#L101-L102 

Added lines #L101 - L102 were not covered by tests
for _, imp := range astFile.Imports {
// ensure the pkg is a realm by checking if the path contains /r/ and no other / character before it (i.e protect from gno.land/p/demo/r/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we should add a test for the case gno.land/p/demo/r/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

7b64799

importPath := strings.TrimPrefix(strings.TrimSuffix(imp.Path.Value, `"`), `"`)
rIndex := strings.Index(importPath, "/r/")
if rIndex > 0 && !strings.ContainsRune(importPath[:rIndex], '/') {
return fmt.Errorf("package %q imports realm %q", mempkg.Path, importPath)
}
}
}
}

return nil
}

Expand Down
Loading
Loading