Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Disallow unregistered classes in JSON RPC interface and match by name #1820

Merged
merged 5 commits into from
Aug 28, 2023

Conversation

spalladino
Copy link
Collaborator

@spalladino spalladino commented Aug 25, 2023

Prevents from accidentally passing an unregistered class in the autogenerated JSON RPC client and server. Picks the converter to use for serialisation based on constructor name if function equality match fails (since constructor name match may fail in minimised browser bundles).

We were bit by this when the PrivateKey class was registered in the client, but due to a duplicated module, the PrivateKey class registered was not the same as the one passed as an argument. This caused the object not to be properly serialised, which due to #1819 was not picked up on the server side, and caused all sort of issues.

Fixes #1826

@spalladino spalladino changed the title fix: Do not allow unregistered classes in JSON RPC interface fix: Disallow unregistered classes in JSON RPC interface and match by name Aug 25, 2023
@spalladino spalladino force-pushed the palla/no-unregistered-classes-in-json-rpc branch from 105e042 to ff1cd9f Compare August 25, 2023 23:14
@spalladino spalladino requested a review from PhilWindle August 25, 2023 23:15
@spalladino spalladino enabled auto-merge (squash) August 25, 2023 23:27
@spalladino spalladino disabled auto-merge August 26, 2023 12:08
@spalladino spalladino requested a review from spypsy August 27, 2023 01:12
@spypsy
Copy link
Member

spypsy commented Aug 28, 2023

@spalladino seems some of our objects were still failing the check, I've added an update to traverse prototype chain

@spalladino
Copy link
Collaborator Author

@spypsy interesting, thanks for the fix! Any insight into why this is needed? All I found was a stackoverflow comment that if the object being serialised comes from a different realm, then the original check doesn't work, but I'm not seeing thow that applies here.

@spalladino spalladino enabled auto-merge (squash) August 28, 2023 14:19
@spypsy
Copy link
Member

spypsy commented Aug 28, 2023

Not sure why it was happening tbh. Seemed to be Contract ABI objects that had the issue in the test I tried out at least

@ludamad
Copy link
Collaborator

ludamad commented Aug 28, 2023

Only comment is wonder at this point whether a utility could have hid this finicky stuff, but LGTM

@spalladino spalladino merged commit 35b8170 into master Aug 28, 2023
@spalladino spalladino deleted the palla/no-unregistered-classes-in-json-rpc branch August 28, 2023 21:13
PhilWindle pushed a commit that referenced this pull request Aug 30, 2023
🤖 I have created a new Aztec Packages release
---


##
[0.1.0-alpha48](v0.1.0-alpha47...v0.1.0-alpha48)
(2023-08-30)


### Features

* Add ARM build for Mac + cleanup artifacts
([#1837](#1837))
([270a4ae](270a4ae))
* broadcasting 'public key' and 'partial address' as L1 calldata
([#1801](#1801))
([78d6444](78d6444)),
closes
[#1778](#1778)
* Check sandbox version matches CLI's
([#1849](#1849))
([7279730](7279730))
* **docs:** adding some nitpick suggestions before sandbox release
([#1859](#1859))
([c1144f7](c1144f7))
* More reliable getTxReceipt api.
([#1793](#1793))
([ad16b22](ad16b22))
* **noir:** use `#[aztec(private)]` and `#[aztec(public)` attributes
([#1735](#1735))
([89756fa](89756fa))
* Recursive fn calls to spend more notes.
([#1779](#1779))
([94053e4](94053e4))
* Simulate enqueued public functions and locate failing constraints on
them
([#1853](#1853))
([a065fd5](a065fd5))
* Update safe_math and move to libraries
([#1803](#1803))
([b10656d](b10656d))
* Write debug-level log to local file in Sandbox
([#1846](#1846))
([0317e93](0317e93)),
closes
[#1605](#1605)


### Bug Fixes

* Conditionally compile base64 command for bb binary
([#1851](#1851))
([be97185](be97185))
* default color to light mode
([#1847](#1847))
([4fc8d39](4fc8d39))
* Disallow unregistered classes in JSON RPC interface and match by name
([#1820](#1820))
([35b8170](35b8170))
* Set side effect counter on contract reads
([#1870](#1870))
([1d8881e](1d8881e)),
closes
[#1588](#1588)
* Truncate SRS size to the amount of points that we have downloaded
([#1862](#1862))
([0a7058c](0a7058c))


### Miscellaneous

* add browser test to canary flow
([#1808](#1808))
([7f4fa43](7f4fa43))
* **ci:** fix output name in release please workflow
([#1858](#1858))
([857821f](857821f))
* CLI tests
([#1786](#1786))
([2987065](2987065)),
closes
[#1450](#1450)
* compile minimal WASM binary needed for blackbox functions
([#1824](#1824))
([76a30b8](76a30b8))
* fixed linter errors for `ecc`, `numeric` and `common` modules
([#1714](#1714))
([026273b](026273b))
* Refactor Cli interface to be more unix-like
([#1833](#1833))
([28d722e](28d722e))
* sync bb master
([#1842](#1842))
([2c1ff72](2c1ff72))
* sync bb master
([#1852](#1852))
([f979878](f979878))
* sync bb master
([#1866](#1866))
([e681a49](e681a49))
* typescript script names should be consistent
([#1843](#1843))
([eff8fe7](eff8fe7))
* use 2^19 as `MAX_CIRCUIT_SIZE` for NodeJS CLI
([#1834](#1834))
([c573282](c573282))


### Documentation

* Account contract tutorial
([#1772](#1772))
([0faefba](0faefba))
* Wallet dev docs
([#1746](#1746))
([9b4281d](9b4281d)),
closes
[#1744](#1744)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

JSON RPC converter fails to serialise classes from duplicated modules
3 participants