Validate the request

The patchset adds validation to the request before using it. This can help protect from mal-formed request. Change-Id: Ic6a7a65d6da289d84fe82c3f6e048e396b1f1a0e Signed-off-by: Baohua Yang <yangbaohua@gmail.com> Signed-off-by: Baohua Yang <baohua.yang@oracle.com>
hyperledger · Jan 5, 2024 · e35180f · e35180f
1 parent cf07d0e
commit e35180f
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/internal/pkg/gateway/commitstatus.go b/internal/pkg/gateway/commitstatus.go
@@ -33,6 +33,16 @@ func (gs *Server) CommitStatus(ctx context.Context, signedRequest *gp.SignedComm
 		return nil, status.Errorf(codes.InvalidArgument, "invalid status request: %v", err)
 	}
 
+	// Validate the request has valid channel id and transaction id
+	switch {
+	case request.GetIdentity() == nil:
+		return nil, status.Error(codes.InvalidArgument, "request must have valid identity")
+	case request.GetChannelId() == "":
+		return nil, status.Error(codes.InvalidArgument, "request must have valid channel ID")
+	case request.GetTransactionId() == "":
+		return nil, status.Error(codes.InvalidArgument, "request must have valid transaction ID")
+	}
+
 	signedData := &protoutil.SignedData{
 		Data:      signedRequest.GetRequest(),
 		Identity:  request.GetIdentity(),