Validate the request

The patchset adds validation to the request before using it. This can help protect from mal-formed request. Change-Id: Ic6a7a65d6da289d84fe82c3f6e048e396b1f1a0e Signed-off-by: Baohua Yang <yangbaohua@gmail.com> Signed-off-by: Baohua Yang <baohua.yang@oracle.com>
hyperledger · Feb 1, 2024 · a82dc92 · a82dc92
1 parent 6572eef
commit a82dc92
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/internal/pkg/gateway/commitstatus.go b/internal/pkg/gateway/commitstatus.go
@@ -33,6 +33,16 @@ func (gs *Server) CommitStatus(ctx context.Context, signedRequest *gp.SignedComm
 		return nil, status.Errorf(codes.InvalidArgument, "invalid status request: %v", err)
 	}
 
+	// Validate the request has valid channel id and transaction id
+	switch {
+	case request.GetIdentity() == nil:
+		return nil, status.Error(codes.InvalidArgument, "no identity provided")
+	case request.GetChannelId() == "":
+		return nil, status.Error(codes.InvalidArgument, "no channel ID provided")
+	case request.GetTransactionId() == "":
+		return nil, status.Error(codes.InvalidArgument, "transaction ID should not be empty")
+	}
+
 	signedData := &protoutil.SignedData{
 		Data:      signedRequest.GetRequest(),
 		Identity:  request.GetIdentity(),

diff --git a/internal/pkg/gateway/commitstatus_test.go b/internal/pkg/gateway/commitstatus_test.go
@@ -119,7 +119,7 @@ func TestCommitStatus(t *testing.T) {
 
 			request := &pb.CommitStatusRequest{
 				ChannelId:     testChannel,
-				Identity:      tt.identity,
+				Identity:      []byte("IDENTITY"),
 				TransactionId: "TX_ID",
 			}
 			requestBytes, err := proto.Marshal(request)