From 517d46a69d9f6d4feea35319bddf47529892d27d Mon Sep 17 00:00:00 2001
From: Baohua Yang <yangbaohua@gmail.com>
Date: Wed, 3 Jan 2024 14:01:13 -0800
Subject: [PATCH] Validate the request

The patchset adds validation to the request before using it.

This can help protect from mal-formed request.

Change-Id: Ic6a7a65d6da289d84fe82c3f6e048e396b1f1a0e
Signed-off-by: Baohua Yang <yangbaohua@gmail.com>
Signed-off-by: Baohua Yang <baohua.yang@oracle.com>
---
 internal/pkg/gateway/commitstatus.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/pkg/gateway/commitstatus.go b/internal/pkg/gateway/commitstatus.go
index 211be09f33b..c1b7ec02b36 100644
--- a/internal/pkg/gateway/commitstatus.go
+++ b/internal/pkg/gateway/commitstatus.go
@@ -33,6 +33,11 @@ func (gs *Server) CommitStatus(ctx context.Context, signedRequest *gp.SignedComm
 		return nil, status.Errorf(codes.InvalidArgument, "invalid status request: %v", err)
 	}
 
+	// Validate the request has valid channel id and transaction id
+	if request.GetIdentity() == nil || request.GetChannelId() == "" || request.GetTransactionId() == "" {
+		return nil, status.Error(codes.InvalidArgument, "request must have valid identity, channel ID and transaction ID")
+	}
+
 	signedData := &protoutil.SignedData{
 		Data:      signedRequest.GetRequest(),
 		Identity:  request.GetIdentity(),