fix: fix to prevent accepting file name (Finschia#690)

* fix: fix to prevent accepting file name * Update a download file name and add test cases (#1) * Update short/long usage and change filename * Add query_test * Add test cases * fix: go.mod * docs: update CHANGELOG.md Co-authored-by: Toshimasa Nasu <[email protected]>
ulbqb · Oct 12, 2022 · 8b8c01b · 8b8c01b
1 parent 9ef6557
commit 8b8c01b
Show file tree

Hide file tree

Showing 4 changed files with 459 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -75,7 +75,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * (x/foundation) [\#693](https://github.com/line/lbm-sdk/pull/693) add pool to the state of x/foundation
 * (x/wasm,distribution) [\#696](https://github.com/line/lbm-sdk/pull/696) x/wasm,distribution - add checking a file size before reading it
 * (x/foundation) [\#698](https://github.com/line/lbm-sdk/pull/698) update x/group relevant logic in x/foundation
-* (x) [\#691](https://github.com/line/lbm-sdk/pull/691) change AccAddressFromBech32 to MustAccAddressFromBech32
+* (x/auth,bank,foundation,wasm) [\#691](https://github.com/line/lbm-sdk/pull/691) change AccAddressFromBech32 to MustAccAddressFromBech32
+* (x/wasm)  [\#690](https://github.com/line/lbm-sdk/pull/690) fix to prevent accepting file name
 
 ### Bug Fixes
 * (x/wasm) [\#453](https://github.com/line/lbm-sdk/pull/453) modify wasm grpc query api path

diff --git a/go.mod b/go.mod
@@ -120,6 +120,7 @@ require (
 	github.com/sasha-s/go-deadlock v0.2.1-0.20190427202633-1595213edefa // indirect
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/stretchr/objx v0.4.0 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/tendermint/tendermint v0.34.19 // indirect
 	github.com/zondax/hid v0.9.0 // indirect

diff --git a/x/wasm/client/cli/query.go b/x/wasm/client/cli/query.go
@@ -146,11 +146,11 @@ func GetCmdListContractByCode() *cobra.Command {
 // GetCmdQueryCode returns the bytecode for a given contract
 func GetCmdQueryCode() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:     "code [code_id] [output filename]",
-		Short:   "Downloads wasm bytecode for given code id",
-		Long:    "Downloads wasm bytecode for given code id",
+		Use:     "code [code_id]",
+		Short:   "Downloads wasm bytecode for given code id to the current directory",
+		Long:    "Downloads wasm bytecode for given code id to the current directory as `contract-[code_id].wasm`",
 		Aliases: []string{"source-code", "source"},
-		Args:    cobra.ExactArgs(2),
+		Args:    cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			clientCtx, err := client.GetClientQueryContext(cmd)
 			if err != nil {
@@ -176,8 +176,9 @@ func GetCmdQueryCode() *cobra.Command {
 				return fmt.Errorf("contract not found")
 			}
 
-			fmt.Printf("Downloading wasm code to %s\n", args[1])
-			return os.WriteFile(args[1], res.Data, 0600)
+			fileName := "contract-" + strconv.FormatUint(codeID, 10) + ".wasm"
+			fmt.Printf("Downloading wasm code to %s\n", fileName)
+			return os.WriteFile(fileName, res.Data, 0600)
 		},
 	}
 	flags.AddQueryFlagsToCmd(cmd)