From f0551adf5a82b6b6816153047a1ba3e3ab757037 Mon Sep 17 00:00:00 2001 From: j75689 Date: Mon, 24 Jul 2023 08:11:34 +0800 Subject: [PATCH 1/3] fix: limit pagination to protect the node would not be Query DoS --- types/query/pagination.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/types/query/pagination.go b/types/query/pagination.go index 0c670b50e6..8d00d10bec 100644 --- a/types/query/pagination.go +++ b/types/query/pagination.go @@ -40,6 +40,9 @@ func ParsePagination(pageReq *PageRequest) (page, limit int, err error) { return 1, 0, status.Error(codes.InvalidArgument, "limit must greater than 0") } else if limit == 0 { limit = DefaultLimit + } else if limit > DefaultLimit { + // limit to protect the node would not be Query DoS + limit = DefaultLimit } page = offset/limit + 1 @@ -74,6 +77,9 @@ func Paginate( // count total results when the limit is zero/not supplied countTotal = true + } else if limit > DefaultLimit { + // limit to protect the node would not be Query DoS + limit = DefaultLimit } if len(key) != 0 { From a3b1e63e25109dd5c29f1b1a568333fa5fab1c6b Mon Sep 17 00:00:00 2001 From: j75689 Date: Mon, 24 Jul 2023 08:40:34 +0800 Subject: [PATCH 2/3] chore: fix lint --- types/query/pagination.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/types/query/pagination.go b/types/query/pagination.go index 8d00d10bec..730741afc5 100644 --- a/types/query/pagination.go +++ b/types/query/pagination.go @@ -38,9 +38,7 @@ func ParsePagination(pageReq *PageRequest) (page, limit int, err error) { if limit < 0 { return 1, 0, status.Error(codes.InvalidArgument, "limit must greater than 0") - } else if limit == 0 { - limit = DefaultLimit - } else if limit > DefaultLimit { + } else if limit > DefaultLimit || limit == 0 { // limit to protect the node would not be Query DoS limit = DefaultLimit } From d6c4b648c5aa6c758d0aae24dca2accaf99b177b Mon Sep 17 00:00:00 2001 From: j75689 Date: Mon, 24 Jul 2023 09:39:01 +0800 Subject: [PATCH 3/3] chore: fix testcase --- types/query/pagination_test.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/types/query/pagination_test.go b/types/query/pagination_test.go index 49a09619a4..4228b0cde9 100644 --- a/types/query/pagination_test.go +++ b/types/query/pagination_test.go @@ -234,11 +234,20 @@ func (s *paginationTestSuite) TestReversePagination() { s.Require().NotNil(res1.Pagination.NextKey) s.T().Log("verify paginate with custom limit and countTotal, Reverse false") - pageReq = &query.PageRequest{Limit: 150} + pageReq = &query.PageRequest{Limit: 100} request = types.NewQueryAllBalancesRequest(addr1, pageReq) res1, err = queryClient.AllBalances(gocontext.Background(), request) s.Require().NoError(err) - s.Require().Equal(res1.Balances.Len(), 150) + s.Require().Equal(res1.Balances.Len(), 100) + s.Require().NotNil(res1.Pagination.NextKey) + s.Require().Equal(res1.Pagination.Total, uint64(0)) + + s.T().Log("verify paginate with custom limit and countTotal, Reverse false") + pageReq = &query.PageRequest{Limit: 50, Offset: 100} + request = types.NewQueryAllBalancesRequest(addr1, pageReq) + res1, err = queryClient.AllBalances(gocontext.Background(), request) + s.Require().NoError(err) + s.Require().Equal(res1.Balances.Len(), 50) s.Require().NotNil(res1.Pagination.NextKey) s.Require().Equal(res1.Pagination.Total, uint64(0))