From a82dc92725ae19f8bbeed239063aaa39eb360bf8 Mon Sep 17 00:00:00 2001 From: Baohua Yang Date: Wed, 3 Jan 2024 14:01:13 -0800 Subject: [PATCH] Validate the request The patchset adds validation to the request before using it. This can help protect from mal-formed request. Change-Id: Ic6a7a65d6da289d84fe82c3f6e048e396b1f1a0e Signed-off-by: Baohua Yang Signed-off-by: Baohua Yang --- internal/pkg/gateway/commitstatus.go | 10 ++++++++++ internal/pkg/gateway/commitstatus_test.go | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/internal/pkg/gateway/commitstatus.go b/internal/pkg/gateway/commitstatus.go index 211be09f33b..7396ea2fd6d 100644 --- a/internal/pkg/gateway/commitstatus.go +++ b/internal/pkg/gateway/commitstatus.go @@ -33,6 +33,16 @@ func (gs *Server) CommitStatus(ctx context.Context, signedRequest *gp.SignedComm return nil, status.Errorf(codes.InvalidArgument, "invalid status request: %v", err) } + // Validate the request has valid channel id and transaction id + switch { + case request.GetIdentity() == nil: + return nil, status.Error(codes.InvalidArgument, "no identity provided") + case request.GetChannelId() == "": + return nil, status.Error(codes.InvalidArgument, "no channel ID provided") + case request.GetTransactionId() == "": + return nil, status.Error(codes.InvalidArgument, "transaction ID should not be empty") + } + signedData := &protoutil.SignedData{ Data: signedRequest.GetRequest(), Identity: request.GetIdentity(), diff --git a/internal/pkg/gateway/commitstatus_test.go b/internal/pkg/gateway/commitstatus_test.go index c84c67916ef..c37211cd2fc 100644 --- a/internal/pkg/gateway/commitstatus_test.go +++ b/internal/pkg/gateway/commitstatus_test.go @@ -119,7 +119,7 @@ func TestCommitStatus(t *testing.T) { request := &pb.CommitStatusRequest{ ChannelId: testChannel, - Identity: tt.identity, + Identity: []byte("IDENTITY"), TransactionId: "TX_ID", } requestBytes, err := proto.Marshal(request)