From b59f6fed92d4ecb6bbfdf41f8539be7bc2ddd73d Mon Sep 17 00:00:00 2001 From: Andrii Date: Wed, 16 Oct 2024 13:55:43 +0300 Subject: [PATCH 1/3] Added check for overflow error --- engine/access/rest/util/converter.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/engine/access/rest/util/converter.go b/engine/access/rest/util/converter.go index aebd58f8c71..e697232bc9a 100644 --- a/engine/access/rest/util/converter.go +++ b/engine/access/rest/util/converter.go @@ -2,6 +2,7 @@ package util import ( "encoding/base64" + "errors" "fmt" "strconv" ) @@ -15,7 +16,10 @@ func FromUint[U uint | uint64 | uint32](number U) string { func ToUint64(uint64Str string) (uint64, error) { val, err := strconv.ParseUint(uint64Str, 10, 64) if err != nil { - return 0, fmt.Errorf("value must be an unsigned 64 bit integer") // hide error from user + if errors.Is(err, strconv.ErrRange) { + return 0, fmt.Errorf("value overflows uint64 range") + } + return 0, fmt.Errorf("value must be an unsigned 64 bit integer: %v", err) } return val, nil } @@ -24,7 +28,10 @@ func ToUint64(uint64Str string) (uint64, error) { func ToUint32(uint32Str string) (uint32, error) { val, err := strconv.ParseUint(uint32Str, 10, 32) if err != nil { - return 0, fmt.Errorf("value must be an unsigned 32 bit integer") // hide error from user + if errors.Is(err, strconv.ErrRange) { + return 0, fmt.Errorf("value overflows uint32 range") + } + return 0, fmt.Errorf("value must be an unsigned 32 bit integer: %v", err) } return uint32(val), nil } From d5e495010aa28cd4fddc2bd2b82bd70c965b4733 Mon Sep 17 00:00:00 2001 From: Andrii Date: Wed, 16 Oct 2024 14:26:05 +0300 Subject: [PATCH 2/3] Added back hiding error from user --- engine/access/rest/util/converter.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/access/rest/util/converter.go b/engine/access/rest/util/converter.go index e697232bc9a..77d3576e8b5 100644 --- a/engine/access/rest/util/converter.go +++ b/engine/access/rest/util/converter.go @@ -19,7 +19,7 @@ func ToUint64(uint64Str string) (uint64, error) { if errors.Is(err, strconv.ErrRange) { return 0, fmt.Errorf("value overflows uint64 range") } - return 0, fmt.Errorf("value must be an unsigned 64 bit integer: %v", err) + return 0, fmt.Errorf("value must be an unsigned 64 bit integer") // hide error from user } return val, nil } @@ -31,7 +31,7 @@ func ToUint32(uint32Str string) (uint32, error) { if errors.Is(err, strconv.ErrRange) { return 0, fmt.Errorf("value overflows uint32 range") } - return 0, fmt.Errorf("value must be an unsigned 32 bit integer: %v", err) + return 0, fmt.Errorf("value must be an unsigned 32 bit integer") // hide error from user } return uint32(val), nil } From 3658c6bba1fbd47cd1bae716236a775f3feafe41 Mon Sep 17 00:00:00 2001 From: Andrii Date: Wed, 16 Oct 2024 14:31:18 +0300 Subject: [PATCH 3/3] Added test case for overflow --- engine/access/rest/routes/transactions_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/engine/access/rest/routes/transactions_test.go b/engine/access/rest/routes/transactions_test.go index e0e36e1680b..d97ca3dd890 100644 --- a/engine/access/rest/routes/transactions_test.go +++ b/engine/access/rest/routes/transactions_test.go @@ -403,6 +403,7 @@ func TestCreateTransaction(t *testing.T) { {"reference_block_id", "-1", `{"code":400, "message":"invalid reference block ID: invalid ID format"}`}, {"reference_block_id", "", `{"code":400, "message":"reference block not provided"}`}, {"gas_limit", "-1", `{"code":400, "message":"invalid gas limit: value must be an unsigned 64 bit integer"}`}, + {"gas_limit", "18446744073709551616", `{"code":400, "message":"invalid gas limit: value overflows uint64 range"}`}, {"payer", "yo", `{"code":400, "message":"invalid payer: invalid address"}`}, {"proposal_key", "yo", `{"code":400, "message":"request body contains an invalid value for the \"proposal_key\" field (at position 461)"}`}, {"authorizers", "", `{"code":400, "message":"request body contains an invalid value for the \"authorizers\" field (at position 32)"}`},