From 173c629fe6cb74063c0e9389cecedc01f94441a2 Mon Sep 17 00:00:00 2001 From: Sally MacFarlane Date: Tue, 19 Feb 2019 14:48:16 +1000 Subject: [PATCH] enforce accounts must start with 0x (#900) --- .../permissioning/AccountWhitelistController.java | 3 +++ .../AccountWhitelistControllerTest.java | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java b/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java index 19fd54cbc2..b1acdafc90 100644 --- a/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java +++ b/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java @@ -151,6 +151,9 @@ private boolean containsInvalidAccount(final List accounts) { static boolean isValidAccountString(final String account) { try { + if (account == null || !account.startsWith("0x")) { + return false; + } BytesValue bytesValue = BytesValue.fromHexString(account); return bytesValue.size() == ACCOUNT_BYTES_SIZE; } catch (NullPointerException | IndexOutOfBoundsException | IllegalArgumentException e) { diff --git a/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistControllerTest.java b/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistControllerTest.java index 74f9a75d6a..0a7803e769 100644 --- a/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistControllerTest.java +++ b/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistControllerTest.java @@ -218,6 +218,19 @@ public void reloadAccountWhitelistWithErrorReadingConfigFileShouldKeepOldWhiteli .containsExactly("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"); } + @Test + public void accountThatDoesNotStartWith0xIsNotValid() { + assertThat(AccountWhitelistController.isValidAccountString("bob")).isFalse(); + assertThat( + AccountWhitelistController.isValidAccountString( + "b9b81ee349c3807e46bc71aa2632203c5b462032")) + .isFalse(); + assertThat( + AccountWhitelistController.isValidAccountString( + "0xb9b81ee349c3807e46bc71aa2632203c5b462032")) + .isTrue(); + } + private Path createPermissionsFileWithAccount(final String account) throws IOException { final String nodePermissionsFileContent = "accounts-whitelist=[\"" + account + "\"]"; final Path permissionsFile = Files.createTempFile("account_permissions", "");