Skip to content

Commit

Permalink
Merge pull request #6500 from onflow/bastian/port-internal-6967
Browse files Browse the repository at this point in the history
  • Loading branch information
turbolent authored Sep 27, 2024
2 parents 918f95a + 55352fb commit bb12f14
Show file tree
Hide file tree
Showing 11 changed files with 253 additions and 9 deletions.
5 changes: 5 additions & 0 deletions cmd/util/cmd/generate-authorization-fixes/cmd_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ var _ reporters.ReportWriter = &testReportWriter{}
func TestGenerateAuthorizationFixes(t *testing.T) {
t.Parallel()

// This test no longer works because publishing authorized capabilities is no longer allowed.
// The migration and test are kept for historical reasons.

t.Skip()

const chainID = flow.Emulator
chain := chainID.Chain()

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ func newEntitlementSetAuthorizationFromTypeIDs(
func TestFixAuthorizationsMigration(t *testing.T) {
t.Parallel()

// This test no longer works because publishing authorized capabilities is no longer allowed.
// The migration and test are kept for historical reasons.

t.Skip()

const chainID = flow.Emulator
chain := chainID.Chain()

Expand Down
35 changes: 35 additions & 0 deletions fvm/environment/facade_env.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"github.com/onflow/cadence/runtime/ast"
"github.com/onflow/cadence/runtime/common"
"github.com/onflow/cadence/runtime/interpreter"
"github.com/onflow/cadence/runtime/sema"

"github.com/onflow/flow-go/fvm/storage"
"github.com/onflow/flow-go/fvm/storage/snapshot"
Expand Down Expand Up @@ -343,3 +344,37 @@ func (env *facadeEnvironment) RecoverProgram(program *ast.Program, location comm
location,
)
}

func (env *facadeEnvironment) ValidateAccountCapabilitiesGet(
_ *interpreter.Interpreter,
_ interpreter.LocationRange,
_ interpreter.AddressValue,
_ interpreter.PathValue,
wantedBorrowType *sema.ReferenceType,
_ *sema.ReferenceType,
) (bool, error) {
_, hasEntitlements := wantedBorrowType.Authorization.(sema.EntitlementSetAccess)
if hasEntitlements {
// TODO: maybe abort
//return false, interpreter.GetCapabilityError{
// LocationRange: locationRange,
//}
return false, nil
}
return true, nil
}

func (env *facadeEnvironment) ValidateAccountCapabilitiesPublish(
_ *interpreter.Interpreter,
_ interpreter.LocationRange,
_ interpreter.AddressValue,
_ interpreter.PathValue,
capabilityBorrowType *interpreter.ReferenceStaticType,
) (bool, error) {
_, isEntitledCapability := capabilityBorrowType.Authorization.(interpreter.EntitlementSetAuthorization)
if isEntitledCapability {
// TODO: maybe abort
return false, nil
}
return true, nil
}
56 changes: 56 additions & 0 deletions fvm/environment/mock/environment.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

143 changes: 143 additions & 0 deletions fvm/fvm_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package fvm_test

import (
"context"
"crypto/rand"
"encoding/hex"
"fmt"
Expand All @@ -19,6 +20,8 @@ import (
"github.com/onflow/cadence/runtime"
"github.com/onflow/cadence/runtime/common"
cadenceErrors "github.com/onflow/cadence/runtime/errors"
"github.com/onflow/cadence/runtime/interpreter"
"github.com/onflow/cadence/runtime/sema"
"github.com/onflow/cadence/runtime/tests/utils"
"github.com/onflow/crypto"
"github.com/stretchr/testify/assert"
Expand All @@ -39,6 +42,7 @@ import (
"github.com/onflow/flow-go/fvm/storage/snapshot/mock"
"github.com/onflow/flow-go/fvm/storage/testutils"
"github.com/onflow/flow-go/fvm/systemcontracts"
"github.com/onflow/flow-go/fvm/tracing"
"github.com/onflow/flow-go/model/flow"
"github.com/onflow/flow-go/utils/unittest"
)
Expand Down Expand Up @@ -3086,3 +3090,142 @@ func TestEVM(t *testing.T) {
}),
)
}

func TestAccountCapabilitiesGetEntitledRejection(t *testing.T) {

// Note: This cannot be tested anymore using a transaction,
// because publish method also aborts when trying to publish an entitled capability.
// Therefore, test the functionality of the `ValidateAccountCapabilitiesGet` function.

t.Run("entitled capability", func(t *testing.T) {

env := environment.NewScriptEnv(
context.TODO(),
tracing.NewMockTracerSpan(),
environment.DefaultEnvironmentParams(),
nil,
)

valid, err := env.ValidateAccountCapabilitiesGet(
nil,
interpreter.EmptyLocationRange,
interpreter.AddressValue(common.ZeroAddress),
interpreter.NewUnmeteredPathValue(common.PathDomainPublic, "dummy_value"),
sema.NewReferenceType(
nil,
sema.NewEntitlementSetAccess(
[]*sema.EntitlementType{
sema.MutateType,
},
sema.Conjunction,
),
sema.IntType,
),
nil,
)
assert.NoError(t, err)
assert.False(t, valid)
})

t.Run("non-entitled capability", func(t *testing.T) {

env := environment.NewScriptEnv(
context.TODO(),
tracing.NewMockTracerSpan(),
environment.DefaultEnvironmentParams(),
nil,
)

valid, err := env.ValidateAccountCapabilitiesGet(
nil,
interpreter.EmptyLocationRange,
interpreter.AddressValue(common.ZeroAddress),
interpreter.NewUnmeteredPathValue(common.PathDomainPublic, "dummy_value"),
sema.NewReferenceType(
nil,
sema.UnauthorizedAccess,
sema.IntType,
),
nil,
)
assert.NoError(t, err)
assert.True(t, valid)
})
}

func TestAccountCapabilitiesPublishEntitledRejection(t *testing.T) {

t.Run("entitled capability", newVMTest().
run(func(
t *testing.T,
vm fvm.VM,
chain flow.Chain,
ctx fvm.Context,
snapshotTree snapshot.SnapshotTree,
) {

serviceAddress := chain.ServiceAddress()
txBody := flow.NewTransactionBody().
SetScript([]byte(`
transaction {
prepare(signer: auth(Capabilities, Storage) &Account) {
signer.storage.save(42, to: /storage/number)
let cap = signer.capabilities.storage.issue<auth(Insert) &Int>(/storage/number)
signer.capabilities.publish(cap, at: /public/number)
}
}
`)).
AddAuthorizer(serviceAddress).
SetProposalKey(serviceAddress, 0, 0).
SetPayer(serviceAddress)

err := testutil.SignTransactionAsServiceAccount(txBody, 0, chain)
require.NoError(t, err)

_, output, err := vm.Run(
ctx,
fvm.Transaction(txBody, 0),
snapshotTree)

require.NoError(t, err)
require.ErrorAs(t, output.Err, &interpreter.EntitledCapabilityPublishingError{})
}),
)

t.Run("non entitled capability", newVMTest().
run(func(
t *testing.T,
vm fvm.VM,
chain flow.Chain,
ctx fvm.Context,
snapshotTree snapshot.SnapshotTree,
) {

serviceAddress := chain.ServiceAddress()
txBody := flow.NewTransactionBody().
SetScript([]byte(`
transaction {
prepare(signer: auth(Capabilities, Storage) &Account) {
signer.storage.save(42, to: /storage/number)
let cap = signer.capabilities.storage.issue<&Int>(/storage/number)
signer.capabilities.publish(cap, at: /public/number)
}
}
`)).
AddAuthorizer(serviceAddress).
SetProposalKey(serviceAddress, 0, 0).
SetPayer(serviceAddress)

err := testutil.SignTransactionAsServiceAccount(txBody, 0, chain)
require.NoError(t, err)

_, output, err := vm.Run(
ctx,
fvm.Transaction(txBody, 0),
snapshotTree)

require.NoError(t, err)
require.NoError(t, output.Err)
}),
)
}
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ require (
github.com/multiformats/go-multiaddr-dns v0.3.1
github.com/multiformats/go-multihash v0.2.3
github.com/onflow/atree v0.8.0-rc.6
github.com/onflow/cadence v1.0.0-preview.52
github.com/onflow/cadence v1.0.0
github.com/onflow/crypto v0.25.2
github.com/onflow/flow v0.3.4
github.com/onflow/flow-core-contracts/lib/go/contracts v1.3.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2168,8 +2168,8 @@ github.com/onflow/atree v0.8.0-rc.6/go.mod h1:yccR+LR7xc1Jdic0mrjocbHvUD7lnVvg8/
github.com/onflow/boxo v0.0.0-20240201202436-f2477b92f483 h1:LpiQhTAfM9CAmNVEs0n//cBBgCg+vJSiIxTHYUklZ84=
github.com/onflow/boxo v0.0.0-20240201202436-f2477b92f483/go.mod h1:pIZgTWdm3k3pLF9Uq6MB8JEcW07UDwNJjlXW1HELW80=
github.com/onflow/cadence v1.0.0-M3/go.mod h1:odXGZZ/wGNA5mwT8bC9v8u8EXACHllB2ABSZK65TGL8=
github.com/onflow/cadence v1.0.0-preview.52 h1:hZ92e6lL2+PQa3C1i5jJh0zZYFdW89+X1MS0Bkd6Ayo=
github.com/onflow/cadence v1.0.0-preview.52/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/cadence v1.0.0 h1:bvT75F2LZJvDCBmmajAv7QLISK6Qp30FAKcSwqNNH+o=
github.com/onflow/cadence v1.0.0/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/crypto v0.25.0/go.mod h1:C8FbaX0x8y+FxWjbkHy0Q4EASCDR9bSPWZqlpCLYyVI=
github.com/onflow/crypto v0.25.2 h1:GjHunqVt+vPcdqhxxhAXiMIF3YiLX7gTuTR5O+VG2ns=
github.com/onflow/crypto v0.25.2/go.mod h1:fY7eLqUdMKV8EGOw301unP8h7PvLVy8/6gVR++/g0BY=
Expand Down
2 changes: 1 addition & 1 deletion insecure/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ require (
github.com/multiformats/go-varint v0.0.7 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/onflow/atree v0.8.0-rc.6 // indirect
github.com/onflow/cadence v1.0.0-preview.52 // indirect
github.com/onflow/cadence v1.0.0 // indirect
github.com/onflow/flow-core-contracts/lib/go/contracts v1.3.1 // indirect
github.com/onflow/flow-core-contracts/lib/go/templates v1.3.1 // indirect
github.com/onflow/flow-ft/lib/go/contracts v1.0.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions insecure/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2158,8 +2158,8 @@ github.com/onflow/atree v0.6.1-0.20230711151834-86040b30171f/go.mod h1:xvP61FoOs
github.com/onflow/atree v0.8.0-rc.6 h1:GWgaylK24b5ta2Hq+TvyOF7X5tZLiLzMMn7lEt59fsA=
github.com/onflow/atree v0.8.0-rc.6/go.mod h1:yccR+LR7xc1Jdic0mrjocbHvUD7lnVvg8/Ct1AA5zBo=
github.com/onflow/cadence v1.0.0-M3/go.mod h1:odXGZZ/wGNA5mwT8bC9v8u8EXACHllB2ABSZK65TGL8=
github.com/onflow/cadence v1.0.0-preview.52 h1:hZ92e6lL2+PQa3C1i5jJh0zZYFdW89+X1MS0Bkd6Ayo=
github.com/onflow/cadence v1.0.0-preview.52/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/cadence v1.0.0 h1:bvT75F2LZJvDCBmmajAv7QLISK6Qp30FAKcSwqNNH+o=
github.com/onflow/cadence v1.0.0/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/crypto v0.25.0/go.mod h1:C8FbaX0x8y+FxWjbkHy0Q4EASCDR9bSPWZqlpCLYyVI=
github.com/onflow/crypto v0.25.2 h1:GjHunqVt+vPcdqhxxhAXiMIF3YiLX7gTuTR5O+VG2ns=
github.com/onflow/crypto v0.25.2/go.mod h1:fY7eLqUdMKV8EGOw301unP8h7PvLVy8/6gVR++/g0BY=
Expand Down
2 changes: 1 addition & 1 deletion integration/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ require (
github.com/ipfs/go-ds-badger2 v0.1.3
github.com/ipfs/go-ds-pebble v0.3.1
github.com/libp2p/go-libp2p v0.32.2
github.com/onflow/cadence v1.0.0-preview.52
github.com/onflow/cadence v1.0.0
github.com/onflow/crypto v0.25.2
github.com/onflow/flow-core-contracts/lib/go/contracts v1.3.1
github.com/onflow/flow-core-contracts/lib/go/templates v1.3.1
Expand Down
4 changes: 2 additions & 2 deletions integration/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2142,8 +2142,8 @@ github.com/onflow/atree v0.6.1-0.20230711151834-86040b30171f/go.mod h1:xvP61FoOs
github.com/onflow/atree v0.8.0-rc.6 h1:GWgaylK24b5ta2Hq+TvyOF7X5tZLiLzMMn7lEt59fsA=
github.com/onflow/atree v0.8.0-rc.6/go.mod h1:yccR+LR7xc1Jdic0mrjocbHvUD7lnVvg8/Ct1AA5zBo=
github.com/onflow/cadence v1.0.0-M3/go.mod h1:odXGZZ/wGNA5mwT8bC9v8u8EXACHllB2ABSZK65TGL8=
github.com/onflow/cadence v1.0.0-preview.52 h1:hZ92e6lL2+PQa3C1i5jJh0zZYFdW89+X1MS0Bkd6Ayo=
github.com/onflow/cadence v1.0.0-preview.52/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/cadence v1.0.0 h1:bvT75F2LZJvDCBmmajAv7QLISK6Qp30FAKcSwqNNH+o=
github.com/onflow/cadence v1.0.0/go.mod h1:7wvvecnAZtYOspLOS3Lh+FuAmMeSrXhAWiycC3kQ1UU=
github.com/onflow/crypto v0.25.0/go.mod h1:C8FbaX0x8y+FxWjbkHy0Q4EASCDR9bSPWZqlpCLYyVI=
github.com/onflow/crypto v0.25.2 h1:GjHunqVt+vPcdqhxxhAXiMIF3YiLX7gTuTR5O+VG2ns=
github.com/onflow/crypto v0.25.2/go.mod h1:fY7eLqUdMKV8EGOw301unP8h7PvLVy8/6gVR++/g0BY=
Expand Down

0 comments on commit bb12f14

Please sign in to comment.