improvements for assets ticket/full_name checking and for password validation

2024-10-30 14:10:24 +01:00 · 2024-10-30 14:10:24 +01:00 · 0fe6631e50
commit 0fe6631e50
parent 69284ae297
4 changed files with 22 additions and 8 deletions
--- a/src/currency_core/currency_format_utils.cpp
+++ b/src/currency_core/currency_format_utils.cpp
@ -3633,13 +3633,13 @@ namespace currency
    return true;
  }
  //------------------------------------------------------------------
+  #define PASSWORD_REGEXP  R"([A-Za-z0-9~!?@#$%^&*_+|{}\[\]()<>:;"'\-=\\/.,]{0,40})"
  bool validate_password(const std::string& password)
  {
-    static const std::string allowed_password_symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!?@#$%^&*_+|{}[]()<>:;\"'-=\\/.,";
-    size_t n = password.find_first_not_of(allowed_password_symbols, 0);
-    return n == std::string::npos;
+    // OLD: static const std::string allowed_password_symbols = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!?@#$%^&*_+|{}[]()<>:;\"'-=\\/.,";
+    static std::regex password_regexp(PASSWORD_REGEXP);
+    return std::regex_match(password, password_regexp);
  }
-
  //------------------------------------------------------------------
 #define ANTI_OVERFLOW_AMOUNT       1000000
 #define GET_PERECENTS_BIG_NUMBERS(per, total) (per/ANTI_OVERFLOW_AMOUNT)*100 / (total/ANTI_OVERFLOW_AMOUNT) 
@ -4466,8 +4466,8 @@ namespace currency
    }
  }
  //------------------------------------------------------------------
-#define ASSET_TICKER_REGEXP     "[A-Za-z0-9]{1,14}"
-#define ASSET_FULL_NAME_REGEXP  "[A-Za-z0-9.,:!?\\-() ]{0,400}"
+#define ASSET_TICKER_REGEXP     R"([A-Za-z0-9]{1,14})"
+#define ASSET_FULL_NAME_REGEXP  R"([A-Za-z0-9.,:!?\-() ]{0,400})"
  bool validate_asset_ticker(const std::string& ticker)
  {
    static std::regex asset_ticker_regexp(ASSET_TICKER_REGEXP);
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@ -591,6 +591,12 @@ bool simple_wallet::try_connect_to_daemon()
 //----------------------------------------------------------------------------------------------------
 bool simple_wallet::new_wallet(const string &wallet_file, const std::string& password, bool create_auditable_wallet)
 {
+  if (!currency::validate_password(password))
+  {
+    fail_msg_writer() << R"(Provided password contains invalid characters. Only letters, numbers and ~!?@#$%^&*_+|{}[]()<>:;"'-=\/., symbols are allowed.)" << ENDL;
+    return false;
+  }
+
  m_wallet_file = wallet_file;

  m_wallet.reset(new tools::wallet2());
@ -2090,6 +2096,13 @@ bool simple_wallet::deploy_new_asset(const std::vector<std::string> &args)
    fail_msg_writer() << "Failed to load json file with asset specification: " << args[0];
    return true;
  }
+
+  if (!validate_asset_ticker_and_full_name(adb))
+  {
+    fail_msg_writer() << "ticker or full_name are invalid (perhaps they contain invalid symbols)";
+    return true;
+  }
+
  tx_destination_entry td = AUTO_VAL_INIT(td);
  td.addr.push_back(m_wallet->get_account().get_public_address());
  td.amount = adb.current_supply;
@ -3474,7 +3487,7 @@ int main(int argc, char* argv[])
    //runs wallet with console interface
    sw->set_offline_mode(offline_mode);
    r = sw->init(vm);
-    CHECK_AND_ASSERT_MES(r, 1, "Failed to initialize wallet");
+    CHECK_AND_ASSERT_MES(r, EXIT_FAILURE, "Failed to initialize wallet");
    if (command_line::get_arg(vm, arg_generate_new_wallet).size() || command_line::get_arg(vm, arg_generate_new_auditable_wallet).size())
      return EXIT_FAILURE;

--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@ -5544,6 +5544,7 @@ void wallet2::fill_adb_version_based_onhardfork(currency::asset_descriptor_base&
 void wallet2::deploy_new_asset(const currency::asset_descriptor_base& asset_info, const std::vector<currency::tx_destination_entry>& destinations, currency::finalized_tx& ft, crypto::public_key& new_asset_id)
 {
  WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(asset_info.decimal_point <= 18, "too big decimal point: " << (int)asset_info.decimal_point);
+  WLT_THROW_IF_FALSE_WALLET_CMN_ERR_EX(validate_asset_ticker_and_full_name(asset_info), "ticker or full_name are invalid (perhaps they contain invalid symbols)");

  asset_descriptor_operation asset_reg_info{};
  fill_ado_version_based_onhardfork(asset_reg_info);
--- a/tests/core_tests/multiassets_test.cpp
+++ b/tests/core_tests/multiassets_test.cpp
@ -900,7 +900,7 @@ bool asset_emission_and_unconfirmed_balance::c1(currency::core& c, size_t ev_ind

  asset_descriptor_base adb{};
  adb.total_max_supply = UINT64_MAX;
-  adb.full_name = "2**64";
+  adb.full_name = "2 xx 64";
  adb.ticker = "2POWER64";

  std::vector<currency::tx_destination_entry> destinations;