Skip to content
This repository has been archived by the owner on Jun 11, 2024. It is now read-only.

Insufficient data validation in Validators module #8476

Closed
shuse2 opened this issue May 22, 2023 · 1 comment
Closed

Insufficient data validation in Validators module #8476

shuse2 opened this issue May 22, 2023 · 1 comment
Labels
status: invalid

Comments

@shuse2
Copy link
Collaborator

shuse2 commented May 22, 2023

Expected behavior

Input to the validators method and endpoint should be validated although in the mainchain protocol, it is indirectly validated in the commands which calls the methods.

Actual behavior

Some length checks in https://github.com/LiskHQ/lisk-sdk/blob/89e7504ef5eb6183aefe576a93be3d6052e56038/framework/src/modules/validators/method.ts or https://github.com/LiskHQ/lisk-sdk/blob/89e7504ef5eb6183aefe576a93be3d6052e56038/framework/src/modules/validators/endpoint.ts#L30 are missing

Steps to reproduce

N/A

Which version(s) does this affect? (Environment, OS, etc...)

6.0.0-beta.1-
@shuse2 shuse2 changed the title Insu cient data validation in Validators module Insufficient data validation in Validators module May 22, 2023
@Madhulearn Madhulearn added this to the Sprint 97 milestone Jun 5, 2023
@Madhulearn Madhulearn mentioned this issue Jun 6, 2023
Closed
@shuse2 shuse2 self-assigned this Jun 12, 2023
@shuse2
Copy link
Collaborator Author

shuse2 commented Jun 12, 2023

in the validator method and endpoint, popVerify is called in the internal method and it will return false if the size does not match.
Therefore, it is not required to check upfront

@shuse2 shuse2 removed this from the Sprint 97 milestone Jun 12, 2023
@shuse2 shuse2 removed their assignment Jun 12, 2023
@shuse2 shuse2 closed this as not planned Won't fix, can't repro, duplicate, stale Jun 13, 2023
@Madhulearn Madhulearn modified the milestone: Sprint 97 Jun 18, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status: invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shuse2 @Madhulearn