Fixes and additional checks for Natspec Popup authentication

10 years ago · 4ad3ab2174
8 changed files with 56 additions and 42 deletions
--- a/alethzero/MainWin.cpp
+++ b/alethzero/MainWin.cpp
@ -37,7 +37,7 @@
 #include <liblll/Compiler.h>
 #include <liblll/CodeFragment.h>
 #include <libsolidity/Scanner.h>
-#include <libsolidity/CompilerStack.h>
+#include <libsolidity/AST.h>
 #include <libsolidity/SourceReferenceFormatter.h>
 #include <libevm/VM.h>
 #include <libevm/VMFactory.h>
@ -1642,6 +1642,22 @@ bool Main::sourceIsSolidity(std::string const& _source)
 	return (_source.substr(0, 8) == "contract" || _source.substr(0, 5) == "//sol");
 }

+string const Main::getFunctionHashes(dev::solidity::CompilerStack const &_compiler,
+									 string const& _contractName)
+{
+	string ret = "";
+	auto const& contract = _compiler.getContractDefinition(_contractName);
+	auto interfaceFunctions = contract.getInterfaceFunctions();
+
+	for (auto const& it: interfaceFunctions)
+	{
+		ret += it.first.abridged();
+		ret += " :";
+		ret += it.second->getName() + "\n";
+	}
+	return ret;
+}
+
 void Main::on_data_textChanged()
 {
 	m_pcWarp.clear();
@ -1664,7 +1680,7 @@ void Main::on_data_textChanged()
 				solidity = "<h4>Solidity</h4>";
 				solidity += "<pre>" + QString::fromStdString(compiler.getInterface()).replace(QRegExp("\\s"), "").toHtmlEscaped() + "</pre>";
 				solidity += "<pre>" + QString::fromStdString(compiler.getSolidityInterface()).toHtmlEscaped() + "</pre>";
-				solidity += "<pre>" + QString::fromStdString(compiler.getFunctionHashes()).toHtmlEscaped() + "</pre>";
+				solidity += "<pre>" + QString::fromStdString(getFunctionHashes(compiler)).toHtmlEscaped() + "</pre>";
 			}
 			catch (dev::Exception const& exception)
 			{
--- a/alethzero/MainWin.h
+++ b/alethzero/MainWin.h
@ -36,6 +36,7 @@
 #include <libethereum/Executive.h>
 #include <libqethereum/QEthereum.h>
 #include <libwebthree/WebThree.h>
+#include <libsolidity/CompilerStack.h>

 #include "NatspecHandler.h"

@ -232,6 +233,9 @@ private:

 	/// Attempts to infer that @c _source contains Solidity code
 	bool sourceIsSolidity(std::string const& _source);
+	/// @eturns all method hashes of a Solidity contract in a string
+	std::string const getFunctionHashes(dev::solidity::CompilerStack const &_compiler,
+										std::string const& _contractName = "");

 	std::unique_ptr<Ui::Main> ui;

--- a/alethzero/NatspecHandler.cpp
+++ b/alethzero/NatspecHandler.cpp
@ -26,41 +26,49 @@
 #include <libethereum/Defaults.h>
 #include <libdevcore/Common.h>
 #include <libdevcore/CommonData.h>
+#include <libdevcore/Exceptions.h>
 #include <libdevcore/Log.h>
 #include <libdevcrypto/SHA3.h>


 using namespace dev;
 using namespace dev::eth;
+using namespace std;

 NatspecHandler::NatspecHandler()
 {
-	std::string path = Defaults::dbPath();
+	string path = Defaults::dbPath();
 	boost::filesystem::create_directories(path);
 	ldb::Options o;
 	o.create_if_missing = true;
 	ldb::DB::Open(o, path + "/natspec", &m_db);
 }

-void NatspecHandler::add(dev::h256 const& _contractHash, std::string const& _doc)
+NatspecHandler::~NatspecHandler()
+{
+	delete m_db;
+}
+
+void NatspecHandler::add(dev::h256 const& _contractHash, string const& _doc)
 {
 	bytes k = _contractHash.asBytes();
-	std::string v = _doc;
+	string v = _doc;
 	m_db->Put(m_writeOptions, ldb::Slice((char const*)k.data(), k.size()), ldb::Slice((char const*)v.data(), v.size()));
 }

-std::string NatspecHandler::retrieve(dev::h256 const& _contractHash) const
+string NatspecHandler::retrieve(dev::h256 const& _contractHash) const
 {
 	bytes k = _contractHash.asBytes();
-	std::string ret;
+	string ret;
 	m_db->Get(m_readOptions, ldb::Slice((char const*)k.data(), k.size()), &ret);
 	return ret;
 }

-std::string NatspecHandler::getUserNotice(std::string const& json, const dev::bytes& _transactionData)
+string NatspecHandler::getUserNotice(string const& json, dev::bytes const& _transactionData)
 {
-	Json::Value natspec, userNotice;
-	std::string retStr;
+	Json::Value natspec;
+	Json::Value userNotice;
+	string retStr;
 	m_reader.parse(json, natspec);
 	bytes transactionFunctionPart(_transactionData.begin(), _transactionData.begin() + 4);
 	FixedHash<4> transactionFunctionHash(transactionFunctionPart);
@ -68,11 +76,19 @@ std::string NatspecHandler::getUserNotice(std::string const& json, const dev::by
 	Json::Value methods = natspec["methods"];
 	for (Json::ValueIterator it= methods.begin(); it != methods.end(); ++it)
 	{
-		std::string functionSig = it.key().asString();
+		Json::Value keyValue = it.key();
+		if (!keyValue.isString())
+			BOOST_THROW_EXCEPTION(Exception() << errinfo_comment("Illegal Natspec JSON detected"));
+
+		string functionSig = keyValue.asString();
 		FixedHash<4> functionHash(dev::sha3(functionSig));

-		if (functionHash == transactionFunctionHash) {
-			return (*it)["notice"].asString();
+		if (functionHash == transactionFunctionHash)
+		{
+			Json::Value val = (*it)["notice"];
+			if (!val.isString())
+				BOOST_THROW_EXCEPTION(Exception() << errinfo_comment("Illegal Natspec JSON detected"));
+			return val.asString();
 		}
 	}

@ -80,7 +96,7 @@ std::string NatspecHandler::getUserNotice(std::string const& json, const dev::by
 	return "";
 }

-std::string NatspecHandler::getUserNotice(dev::h256 const& _contractHash, dev::bytes const& _transactionData)
+string NatspecHandler::getUserNotice(dev::h256 const& _contractHash, dev::bytes const& _transactionData)
 {
 	return getUserNotice(retrieve(_contractHash), _transactionData);
 }
--- a/alethzero/NatspecHandler.h
+++ b/alethzero/NatspecHandler.h
@ -35,6 +35,7 @@ class NatspecHandler
 {
  public:
 	NatspecHandler();
+	~NatspecHandler();

 	/// Stores locally in a levelDB a key value pair of contract code hash to natspec documentation
 	void add(dev::h256 const& _contractHash, std::string const& _doc);
--- a/alethzero/OurWebThreeStubServer.cpp
+++ b/alethzero/OurWebThreeStubServer.cpp
@ -44,7 +44,6 @@ std::string OurWebThreeStubServer::shh_newIdentity()

 bool OurWebThreeStubServer::showAuthenticationPopup(std::string const& _title, std::string const& _text) const
 {
-	// otherwise it's a transaction to a contract for which we have the natspec
 	QMessageBox userInput;
 	userInput.setText(QString::fromStdString(_title));
 	userInput.setInformativeText(QString::fromStdString(_text + "\n Do you wish to allow this?"));
--- a/libethereum/Defaults.h
+++ b/libethereum/Defaults.h
@ -23,7 +23,6 @@

 #include <libdevcore/Common.h>

-
 namespace dev
 {
 namespace eth
--- a/libsolidity/CompilerStack.cpp
+++ b/libsolidity/CompilerStack.cpp
@ -137,12 +137,12 @@ bytes const& CompilerStack::getBytecode(string const& _contractName) const
 	return getContract(_contractName).bytecode;
 }

-bytes const& CompilerStack::getRuntimeBytecode(std::string const& _contractName) const
+bytes const& CompilerStack::getRuntimeBytecode(string const& _contractName) const
 {
 	return getContract(_contractName).runtimeBytecode;
 }

-dev::h256 CompilerStack::getContractCodeHash(std::string const& _contractName) const
+dev::h256 CompilerStack::getContractCodeHash(string const& _contractName) const
 {
 	return dev::sha3(getRuntimeBytecode(_contractName));
 }
@ -192,24 +192,6 @@ string const& CompilerStack::getMetadata(string const& _contractName, Documentat
 	return *(*doc);
 }

-std::string const CompilerStack::getFunctionHashes(std::string const& _contractName)
-{
-	if (!m_parseSuccessful)
-		BOOST_THROW_EXCEPTION(CompilerError() << errinfo_comment("Parsing was not successful."));
-
-	std::string ret = "";
-	Contract const& contract = getContract(_contractName);
-	auto interfaceFunctions = contract.contract->getInterfaceFunctions();
-
-	for (auto const& it: interfaceFunctions)
-	{
-		ret += it.first.abridged();
-		ret += " :";
-		ret += it.second->getName() + "\n";
-	}
-	return ret;
-}
-
 Scanner const& CompilerStack::getScanner(string const& _sourceName) const
 {
 	return *getSource(_sourceName).scanner;
--- a/libsolidity/CompilerStack.h
+++ b/libsolidity/CompilerStack.h
@ -76,11 +76,11 @@ public:
 	/// @returns the compiled bytecode
 	bytes const& compile(std::string const& _sourceCode, bool _optimize = false);

-	/// Gets the assembled bytecode for a contract
+	/// @returns the assembled bytecode for a contract.
 	bytes const& getBytecode(std::string const& _contractName = "") const;
-	/// Get the runtime context's bytecode for a contract
+	/// @returns the runtime context's bytecode for a contract.
 	bytes const& getRuntimeBytecode(std::string const& _contractName = "") const;
-	/// Get the runtime context's code hash for a contract
+	/// @returns the runtime bytecode for the contract, i.e. the code that is returned by the constructor.
 	dev::h256 getContractCodeHash(std::string const& _contractName = "") const;

 	/// Streams a verbose version of the assembly to @a _outStream.
@ -99,9 +99,6 @@ public:
 	/// Can be one of 4 types defined at @c DocumentationType
 	std::string const& getMetadata(std::string const& _contractName, DocumentationType _type) const;

-	/// Convenience function to return all contract method hashes in a string
-	std::string const getFunctionHashes(std::string const& _contractName = "");
-
 	/// @returns the previously used scanner, useful for counting lines during error reporting.
 	Scanner const& getScanner(std::string const& _sourceName = "") const;
 	/// @returns the parsed source unit with the supplied name.