Merge pull request #3860 from filecoin-project/refactor/chaos-caller-validation2

2020-09-21 12:55:39 +01:00 · 2020-09-21 12:55:39 +01:00 · d3ddd3bff9
commit d3ddd3bff9
parent 0d2c8196c6 d9f2b909ac
5 changed files with 278 additions and 14 deletions
--- a/conformance/chaos/actor.go
+++ b/conformance/chaos/actor.go
@ -7,8 +7,6 @@ import (
 	"github.com/filecoin-project/specs-actors/actors/builtin"
 	"github.com/filecoin-project/specs-actors/actors/runtime"
 	"github.com/ipfs/go-cid"
-
-	typegen "github.com/whyrusleeping/cbor-gen"
 )

 //go:generate go run ./gen
@ -31,10 +29,14 @@ type Actor struct{}
 type CallerValidationBranch int64

 const (
+	// CallerValidationBranchNone causes no caller validation to take place.
 	CallerValidationBranchNone CallerValidationBranch = iota
+	// CallerValidationBranchTwice causes Runtime.ValidateImmediateCallerAcceptAny to be called twice.
 	CallerValidationBranchTwice
-	CallerValidationBranchAddrNilSet
-	CallerValidationBranchTypeNilSet
+	// CallerValidationBranchIsAddress causes caller validation against CallerValidationArgs.Addrs.
+	CallerValidationBranchIsAddress
+	// CallerValidationBranchIsType causes caller validation against CallerValidationArgs.Types.
+	CallerValidationBranchIsType
 )

 // MutateStateBranch is an enum used to select the type of state mutation to attempt.
@ -123,23 +125,29 @@ func (a Actor) Constructor(_ runtime.Runtime, _ *abi.EmptyValue) *abi.EmptyValue
 	panic("constructor should not be called; the Chaos actor is a singleton actor")
 }

+// CallerValidationArgs are the arguments to Actor.CallerValidation.
+type CallerValidationArgs struct {
+	Branch CallerValidationBranch
+	Addrs  []address.Address
+	Types  []cid.Cid
+}
+
 // CallerValidation violates VM call validation constraints.
 //
 //  CallerValidationBranchNone performs no validation.
 //  CallerValidationBranchTwice validates twice.
-//  CallerValidationBranchAddrNilSet validates against an empty caller
-//  address set.
-//  CallerValidationBranchTypeNilSet validates against an empty caller type set.
-func (a Actor) CallerValidation(rt runtime.Runtime, branch *typegen.CborInt) *abi.EmptyValue {
-	switch CallerValidationBranch(*branch) {
+//  CallerValidationBranchIsAddress validates caller against CallerValidationArgs.Addrs.
+//  CallerValidationBranchIsType validates caller against CallerValidationArgs.Types.
+func (a Actor) CallerValidation(rt runtime.Runtime, args *CallerValidationArgs) *abi.EmptyValue {
+	switch args.Branch {
 	case CallerValidationBranchNone:
 	case CallerValidationBranchTwice:
 		rt.ValidateImmediateCallerAcceptAny()
 		rt.ValidateImmediateCallerAcceptAny()
-	case CallerValidationBranchAddrNilSet:
-		rt.ValidateImmediateCallerIs()
-	case CallerValidationBranchTypeNilSet:
-		rt.ValidateImmediateCallerType()
+	case CallerValidationBranchIsAddress:
+		rt.ValidateImmediateCallerIs(args.Addrs...)
+	case CallerValidationBranchIsType:
+		rt.ValidateImmediateCallerType(args.Types...)
 	default:
 		panic("invalid branch passed to CallerValidation")
 	}
--- a/conformance/chaos/actor_test.go
+++ b/conformance/chaos/actor_test.go
@ -4,11 +4,13 @@ import (
 	"context"
 	"testing"

+	"github.com/filecoin-project/go-address"
 	"github.com/filecoin-project/go-state-types/abi"
 	"github.com/filecoin-project/go-state-types/exitcode"
 	"github.com/filecoin-project/specs-actors/actors/builtin"
 	"github.com/filecoin-project/specs-actors/support/mock"
 	atesting "github.com/filecoin-project/specs-actors/support/testing"
+	"github.com/ipfs/go-cid"
 )

 func TestSingleton(t *testing.T) {
@ -25,6 +27,86 @@ func TestSingleton(t *testing.T) {
 	rt.Verify()
 }

+func TestCallerValidationNone(t *testing.T) {
+	receiver := atesting.NewIDAddr(t, 100)
+	builder := mock.NewBuilder(context.Background(), receiver)
+
+	rt := builder.Build(t)
+	var a Actor
+
+	rt.Call(a.CallerValidation, &CallerValidationArgs{Branch: CallerValidationBranchNone})
+	rt.Verify()
+}
+
+func TestCallerValidationIs(t *testing.T) {
+	caller := atesting.NewIDAddr(t, 100)
+	receiver := atesting.NewIDAddr(t, 101)
+	builder := mock.NewBuilder(context.Background(), receiver)
+
+	rt := builder.Build(t)
+	rt.SetCaller(caller, builtin.AccountActorCodeID)
+	var a Actor
+
+	caddrs := []address.Address{atesting.NewIDAddr(t, 101)}
+
+	rt.ExpectValidateCallerAddr(caddrs...)
+	// FIXME: https://github.com/filecoin-project/specs-actors/pull/1155
+	rt.ExpectAbort(exitcode.ErrForbidden, func() {
+		rt.Call(a.CallerValidation, &CallerValidationArgs{
+			Branch: CallerValidationBranchIsAddress,
+			Addrs:  caddrs,
+		})
+	})
+	rt.Verify()
+
+	rt.ExpectValidateCallerAddr(caller)
+	rt.Call(a.CallerValidation, &CallerValidationArgs{
+		Branch: CallerValidationBranchIsAddress,
+		Addrs:  []address.Address{caller},
+	})
+	rt.Verify()
+}
+
+func TestCallerValidationType(t *testing.T) {
+	caller := atesting.NewIDAddr(t, 100)
+	receiver := atesting.NewIDAddr(t, 101)
+	builder := mock.NewBuilder(context.Background(), receiver)
+
+	rt := builder.Build(t)
+	rt.SetCaller(caller, builtin.AccountActorCodeID)
+	var a Actor
+
+	rt.ExpectValidateCallerType(builtin.CronActorCodeID)
+	// FIXME: https://github.com/filecoin-project/specs-actors/pull/1155
+	rt.ExpectAbort(exitcode.ErrForbidden, func() {
+		rt.Call(a.CallerValidation, &CallerValidationArgs{
+			Branch: CallerValidationBranchIsType,
+			Types:  []cid.Cid{builtin.CronActorCodeID},
+		})
+	})
+	rt.Verify()
+
+	rt.ExpectValidateCallerType(builtin.AccountActorCodeID)
+	rt.Call(a.CallerValidation, &CallerValidationArgs{
+		Branch: CallerValidationBranchIsType,
+		Types:  []cid.Cid{builtin.AccountActorCodeID},
+	})
+	rt.Verify()
+}
+
+func TestCallerValidationInvalidBranch(t *testing.T) {
+	receiver := atesting.NewIDAddr(t, 100)
+	builder := mock.NewBuilder(context.Background(), receiver)
+
+	rt := builder.Build(t)
+	var a Actor
+
+	rt.ExpectAssertionFailure("invalid branch passed to CallerValidation", func() {
+		rt.Call(a.CallerValidation, &CallerValidationArgs{Branch: -1})
+	})
+	rt.Verify()
+}
+
 func TestDeleteActor(t *testing.T) {
 	receiver := atesting.NewIDAddr(t, 100)
 	beneficiary := atesting.NewIDAddr(t, 101)
@ -118,6 +200,20 @@ func TestMutateStateReadonly(t *testing.T) {
 	rt.Verify()
 }

+func TestMutateStateInvalidBranch(t *testing.T) {
+	receiver := atesting.NewIDAddr(t, 100)
+	builder := mock.NewBuilder(context.Background(), receiver)
+
+	rt := builder.Build(t)
+	var a Actor
+
+	rt.ExpectValidateCallerAny()
+	rt.ExpectAssertionFailure("unknown mutation type", func() {
+		rt.Call(a.MutateState, &MutateStateArgs{Branch: -1})
+	})
+	rt.Verify()
+}
+
 func TestAbortWith(t *testing.T) {
 	receiver := atesting.NewIDAddr(t, 100)
 	builder := mock.NewBuilder(context.Background(), receiver)
--- a/conformance/chaos/cbor_gen.go
+++ b/conformance/chaos/cbor_gen.go
@ -6,8 +6,10 @@ import (
 	"fmt"
 	"io"

+	address "github.com/filecoin-project/go-address"
 	abi "github.com/filecoin-project/go-state-types/abi"
 	exitcode "github.com/filecoin-project/go-state-types/exitcode"
+	cid "github.com/ipfs/go-cid"
 	cbg "github.com/whyrusleeping/cbor-gen"
 	xerrors "golang.org/x/xerrors"
 )
@ -115,6 +117,163 @@ func (t *State) UnmarshalCBOR(r io.Reader) error {
 	return nil
 }

+var lengthBufCallerValidationArgs = []byte{131}
+
+func (t *CallerValidationArgs) MarshalCBOR(w io.Writer) error {
+	if t == nil {
+		_, err := w.Write(cbg.CborNull)
+		return err
+	}
+	if _, err := w.Write(lengthBufCallerValidationArgs); err != nil {
+		return err
+	}
+
+	scratch := make([]byte, 9)
+
+	// t.Branch (chaos.CallerValidationBranch) (int64)
+	if t.Branch >= 0 {
+		if err := cbg.WriteMajorTypeHeaderBuf(scratch, w, cbg.MajUnsignedInt, uint64(t.Branch)); err != nil {
+			return err
+		}
+	} else {
+		if err := cbg.WriteMajorTypeHeaderBuf(scratch, w, cbg.MajNegativeInt, uint64(-t.Branch-1)); err != nil {
+			return err
+		}
+	}
+
+	// t.Addrs ([]address.Address) (slice)
+	if len(t.Addrs) > cbg.MaxLength {
+		return xerrors.Errorf("Slice value in field t.Addrs was too long")
+	}
+
+	if err := cbg.WriteMajorTypeHeaderBuf(scratch, w, cbg.MajArray, uint64(len(t.Addrs))); err != nil {
+		return err
+	}
+	for _, v := range t.Addrs {
+		if err := v.MarshalCBOR(w); err != nil {
+			return err
+		}
+	}
+
+	// t.Types ([]cid.Cid) (slice)
+	if len(t.Types) > cbg.MaxLength {
+		return xerrors.Errorf("Slice value in field t.Types was too long")
+	}
+
+	if err := cbg.WriteMajorTypeHeaderBuf(scratch, w, cbg.MajArray, uint64(len(t.Types))); err != nil {
+		return err
+	}
+	for _, v := range t.Types {
+		if err := cbg.WriteCidBuf(scratch, w, v); err != nil {
+			return xerrors.Errorf("failed writing cid field t.Types: %w", err)
+		}
+	}
+	return nil
+}
+
+func (t *CallerValidationArgs) UnmarshalCBOR(r io.Reader) error {
+	*t = CallerValidationArgs{}
+
+	br := cbg.GetPeeker(r)
+	scratch := make([]byte, 8)
+
+	maj, extra, err := cbg.CborReadHeaderBuf(br, scratch)
+	if err != nil {
+		return err
+	}
+	if maj != cbg.MajArray {
+		return fmt.Errorf("cbor input should be of type array")
+	}
+
+	if extra != 3 {
+		return fmt.Errorf("cbor input had wrong number of fields")
+	}
+
+	// t.Branch (chaos.CallerValidationBranch) (int64)
+	{
+		maj, extra, err := cbg.CborReadHeaderBuf(br, scratch)
+		var extraI int64
+		if err != nil {
+			return err
+		}
+		switch maj {
+		case cbg.MajUnsignedInt:
+			extraI = int64(extra)
+			if extraI < 0 {
+				return fmt.Errorf("int64 positive overflow")
+			}
+		case cbg.MajNegativeInt:
+			extraI = int64(extra)
+			if extraI < 0 {
+				return fmt.Errorf("int64 negative oveflow")
+			}
+			extraI = -1 - extraI
+		default:
+			return fmt.Errorf("wrong type for int64 field: %d", maj)
+		}
+
+		t.Branch = CallerValidationBranch(extraI)
+	}
+	// t.Addrs ([]address.Address) (slice)
+
+	maj, extra, err = cbg.CborReadHeaderBuf(br, scratch)
+	if err != nil {
+		return err
+	}
+
+	if extra > cbg.MaxLength {
+		return fmt.Errorf("t.Addrs: array too large (%d)", extra)
+	}
+
+	if maj != cbg.MajArray {
+		return fmt.Errorf("expected cbor array")
+	}
+
+	if extra > 0 {
+		t.Addrs = make([]address.Address, extra)
+	}
+
+	for i := 0; i < int(extra); i++ {
+
+		var v address.Address
+		if err := v.UnmarshalCBOR(br); err != nil {
+			return err
+		}
+
+		t.Addrs[i] = v
+	}
+
+	// t.Types ([]cid.Cid) (slice)
+
+	maj, extra, err = cbg.CborReadHeaderBuf(br, scratch)
+	if err != nil {
+		return err
+	}
+
+	if extra > cbg.MaxLength {
+		return fmt.Errorf("t.Types: array too large (%d)", extra)
+	}
+
+	if maj != cbg.MajArray {
+		return fmt.Errorf("expected cbor array")
+	}
+
+	if extra > 0 {
+		t.Types = make([]cid.Cid, extra)
+	}
+
+	for i := 0; i < int(extra); i++ {
+
+		c, err := cbg.ReadCid(br)
+		if err != nil {
+			return xerrors.Errorf("reading cid field t.Types failed: %w", err)
+		}
+		t.Types[i] = c
+	}
+
+	return nil
+}
+
 var lengthBufCreateActorArgs = []byte{132}

 func (t *CreateActorArgs) MarshalCBOR(w io.Writer) error {
--- a/conformance/chaos/gen/gen.go
+++ b/conformance/chaos/gen/gen.go
@ -9,6 +9,7 @@ import (
 func main() {
 	if err := gen.WriteTupleEncodersToFile("./cbor_gen.go", "chaos",
 		chaos.State{},
+		chaos.CallerValidationArgs{},
 		chaos.CreateActorArgs{},
 		chaos.ResolveAddressResponse{},
 		chaos.SendArgs{},
--- a/extern/test-vectors
+++ b/extern/test-vectors
@ -1 +1 @@
-Subproject commit 7d3becbeb5b932baed419c43390595b5e5cece12
+Subproject commit 6bea015edddde116001a4251dce3c4a9966c25d9