Merge pull request #38 from ainblockchain/feature/platfowner/valid_path

Feature/platfowner/valid path

Author: platfowner

chain-util.js

@@ -65,7 +65,6 @@ class ChainUtil {
     if (!path) {
       return [];
     }
-    path = path.replace(/^"(.*)"$/, '$1');
     return path.split('/').filter((node) => {
       return !!node;
     });
@@ -75,7 +74,15 @@ class ChainUtil {
     if (!Array.isArray(parsedPath) || !parsedPath.length) {
       return '/';
     }
-    return (parsedPath[0].startsWith('/') ? '' : '/') + parsedPath.join('/');
+    let formatted = '';
+    for (const label of parsedPath) {
+      if (ChainUtil.isString(label)) {
+        formatted += '/' + label;
+      } else {
+        formatted += '/' + JSON.stringify(label);
+      }
+    }
+    return (formatted.startsWith('/') ? '' : '/') + formatted;
   }
 
   static transactionFailed(response) {

db/index.js

@@ -7,6 +7,7 @@ const ChainUtil = require('../chain-util');
 const Transaction = require('../tx-pool/transaction');
 const StateNode = require('./state-node');
 const {
+  isValidPathForStates,
   isValidJsObjectForStates,
   jsObjectToStateTree,
   stateTreeToJsObject,
@@ -218,11 +219,15 @@ class DB {
   // TODO(seo): Consider making set operation and native function run tightly bound, i.e., revert
   //            the former if the latter fails.
   setValue(valuePath, value, address, timestamp, transaction) {
-    const {isValid, invalidPath} = isValidJsObjectForStates(value);
-    if (!isValid) {
-      return {code: 6, error_message: `Invalid object for states: ${invalidPath}`};
+    const isValidObj = isValidJsObjectForStates(value);
+    if (!isValidObj.isValid) {
+      return {code: 6, error_message: `Invalid object for states: ${isValidObj.invalidPath}`};
     }
     const parsedPath = ChainUtil.parsePath(valuePath);
+    const isValidPath = isValidPathForStates(parsedPath);
+    if (!isValidPath.isValid) {
+      return {code: 7, error_message: `Invalid path: ${isValidPath.invalidPath}`};
+    }
     if (!this.getPermissionForValue(parsedPath, value, address, timestamp)) {
       return {code: 2, error_message: `No .write permission on: ${valuePath}`};
     }
@@ -258,11 +263,15 @@ class DB {
   }
 
   setFunction(functionPath, functionInfo, address) {
-    const {isValid, invalidPath} = isValidJsObjectForStates(functionInfo);
-    if (!isValid) {
-      return {code: 6, error_message: `Invalid object for states: ${invalidPath}`};
+    const isValidObj = isValidJsObjectForStates(functionInfo);
+    if (!isValidObj.isValid) {
+      return {code: 6, error_message: `Invalid object for states: ${isValidObj.invalidPath}`};
     }
     const parsedPath = ChainUtil.parsePath(functionPath);
+    const isValidPath = isValidPathForStates(parsedPath);
+    if (!isValidPath.isValid) {
+      return {code: 7, error_message: `Invalid path: ${isValidPath.invalidPath}`};
+    }
     if (!this.getPermissionForFunction(parsedPath, address)) {
       return {code: 3, error_message: `No write_function permission on: ${functionPath}`};
     }
@@ -276,11 +285,15 @@ class DB {
   // TODO(seo): Add rule config sanitization logic (e.g. dup path variables,
   //            multiple path variables).
   setRule(rulePath, rule, address) {
-    const {isValid, invalidPath} = isValidJsObjectForStates(rule);
-    if (!isValid) {
-      return {code: 6, error_message: `Invalid object for states: ${invalidPath}`};
+    const isValidObj = isValidJsObjectForStates(rule);
+    if (!isValidObj.isValid) {
+      return {code: 6, error_message: `Invalid object for states: ${isValidObj.invalidPath}`};
     }
     const parsedPath = ChainUtil.parsePath(rulePath);
+    const isValidPath = isValidPathForStates(parsedPath);
+    if (!isValidPath.isValid) {
+      return {code: 7, error_message: `Invalid path: ${isValidPath.invalidPath}`};
+    }
     if (!this.getPermissionForRule(parsedPath, address)) {
       return {code: 3, error_message: `No write_rule permission on: ${rulePath}`};
     }
@@ -292,11 +305,15 @@ class DB {
 
   // TODO(seo): Add owner config sanitization logic.
   setOwner(ownerPath, owner, address) {
-    const {isValid, invalidPath} = isValidJsObjectForStates(owner);
-    if (!isValid) {
-      return {code: 6, error_message: `Invalid object for states: ${invalidPath}`};
+    const isValidObj = isValidJsObjectForStates(owner);
+    if (!isValidObj.isValid) {
+      return {code: 6, error_message: `Invalid object for states: ${isValidObj.invalidPath}`};
     }
     const parsedPath = ChainUtil.parsePath(ownerPath);
+    const isValidPath = isValidPathForStates(parsedPath);
+    if (!isValidPath.isValid) {
+      return {code: 7, error_message: `Invalid path: ${isValidPath.invalidPath}`};
+    }
     if (!this.getPermissionForOwner(parsedPath, address)) {
       return {code: 4, error_message: `No write_owner or branch_owner permission on: ${ownerPath}`};
     }

db/state-util.js

@@ -1,6 +1,29 @@
 const StateNode = require('./state-node');
 const ChainUtil = require('../chain-util');
 
+function hasReservedChar(label) {
+  const pathReservedRegex = /[\/\.\*\$#\{\}\[\]\x00-\x1F\x7F]/gm;
+  return ChainUtil.isString(label) ? pathReservedRegex.test(label) : false;
+}
+
+function isValidPathForStates(fullPath) {
+  let isValid = true;
+  const path = [];
+  for (const label of fullPath) {
+    path.push(label);
+    if (ChainUtil.isString(label)) {
+      if (label === '' || hasReservedChar(label)) {
+        isValid = false;
+        break;
+      }
+    } else {
+      isValid = false;
+      break;
+    }
+  }
+  return { isValid, invalidPath: isValid ? '' : ChainUtil.formatPath(path) };
+}
+
 function isValidJsObjectForStatesRecursive(obj, path) {
   if (ChainUtil.isDict(obj)) {
     if (ChainUtil.isEmptyNode(obj)) {
@@ -79,6 +102,8 @@ function makeCopyOfStateTree(root) {
 }
 
 module.exports = {
+  hasReservedChar,
+  isValidPathForStates,
   isValidJsObjectForStates,
   jsObjectToStateTree,
   stateTreeToJsObject,

test/chain-util.test.js

@@ -10,6 +10,8 @@ describe("ChainUtil", () => {
       expect(ChainUtil.numberOrZero(undefined)).to.equal(0);
       expect(ChainUtil.numberOrZero(Infinity)).to.equal(0);
       expect(ChainUtil.numberOrZero(NaN)).to.equal(0);
+      expect(ChainUtil.numberOrZero(true)).to.equal(0);
+      expect(ChainUtil.numberOrZero(false)).to.equal(0);
       expect(ChainUtil.numberOrZero('')).to.equal(0);
       expect(ChainUtil.numberOrZero('abc')).to.equal(0);
       expect(ChainUtil.numberOrZero({})).to.equal(0);
@@ -41,6 +43,22 @@ describe("ChainUtil", () => {
   })
 
   describe("formatPath", () => {
+    it("when abnormal input", () => {
+      assert.deepEqual(ChainUtil.formatPath([null]), '/null');
+      assert.deepEqual(ChainUtil.formatPath([undefined]), '/undefined');
+      assert.deepEqual(ChainUtil.formatPath([Infinity]), '/null');
+      assert.deepEqual(ChainUtil.formatPath([NaN]), '/null');
+      assert.deepEqual(ChainUtil.formatPath([true]), '/true');
+      assert.deepEqual(ChainUtil.formatPath([false]), '/false');
+      assert.deepEqual(ChainUtil.formatPath([0]), '/0');
+      assert.deepEqual(ChainUtil.formatPath(['']), '/');
+      assert.deepEqual(ChainUtil.formatPath(['', '', '']), '///');
+      assert.deepEqual(ChainUtil.formatPath([{}]), '/{}');
+      assert.deepEqual(ChainUtil.formatPath([{a: 'A'}]), '/{"a":"A"}');
+      assert.deepEqual(ChainUtil.formatPath([[]]), '/[]');
+      assert.deepEqual(ChainUtil.formatPath([['a']]), '/["a"]');
+    })
+
     it("when normal input", () => {
       assert.deepEqual(ChainUtil.formatPath(['a', 'b', 'c']), '/a/b/c');
     })

test/db.test.js

@@ -899,7 +899,7 @@ describe("DB operations", () => {
 
     it("when creating new path in database", () => {
       const newValue = 12345
-      node.db.setValue("test/new/unchartered/nested/path", newValue)
+      expect(node.db.setValue("test/new/unchartered/nested/path", newValue)).to.equal(true)
       expect(node.db.getValue("test/new/unchartered/nested/path")).to.equal(newValue)
     })
 
@@ -910,6 +910,53 @@ describe("DB operations", () => {
       });
       expect(node.db.getValue("test/unchartered/nested/path2")).to.equal(null)
     })
+
+    it("when writing with invalid path", () => {
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/.", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/."
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/*", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/*"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/$", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/$"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/#", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/#"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/{", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/{"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/}", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/}"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/[", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/["
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/]", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/]"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/\x00", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/\x00"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/\x1F", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/\x1F"
+      });
+      assert.deepEqual(node.db.setValue("test/new/unchartered/nested/\x7F", 12345), {
+        "code": 7,
+        "error_message": "Invalid path: /test/new/unchartered/nested/\x7F"
+      });
+    })
   })
 
   describe("incValue operations", () => {
@@ -970,6 +1017,13 @@ describe("DB operations", () => {
       });
       expect(node.db.getFunction("test/new2/unchartered/nested/path2")).to.equal(null)
     })
+
+    it("when writing with invalid path", () => {
+      assert.deepEqual(node.db.setRule("/test/test_function/some/path/.", "some function config"), {
+        "code": 7,
+        "error_message": "Invalid path: /test/test_function/some/path/."
+      });
+    })
   })
 
   describe("setRule operations", () => {
@@ -986,6 +1040,13 @@ describe("DB operations", () => {
       });
       expect(node.db.getRule("/test/test_rule/some/path2")).to.equal(null)
     })
+
+    it("when writing with invalid path", () => {
+      assert.deepEqual(node.db.setRule("/test/test_rule/some/path/.", "some rule config"), {
+        "code": 7,
+        "error_message": "Invalid path: /test/test_rule/some/path/."
+      });
+    })
   })
 
   describe("setOwner operations", () => {
@@ -1002,6 +1063,13 @@ describe("DB operations", () => {
       });
       expect(node.db.getOwner("/test/test_owner/some/path2")).to.equal(null)
     })
+
+    it("when writing with invalid path", () => {
+      assert.deepEqual(node.db.setRule("/test/test_owner/some/path/.", "some owner config"), {
+        "code": 7,
+        "error_message": "Invalid path: /test/test_owner/some/path/."
+      });
+    })
   })
 
   describe("set operations", () => {