From caf63d9cac9a195a8d991c6ce08d7561c47debd8 Mon Sep 17 00:00:00 2001 From: Jacob Gadikian Date: Tue, 27 May 2025 21:57:53 +0700 Subject: [PATCH 1/2] tests --- x/wasm/types/tx_test.go | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/x/wasm/types/tx_test.go b/x/wasm/types/tx_test.go index 6f237b11a6..1aebf76a2c 100644 --- a/x/wasm/types/tx_test.go +++ b/x/wasm/types/tx_test.go @@ -1,9 +1,10 @@ package types import ( - "bytes" - "strings" - "testing" + "bytes" + "strings" + "testing" + "fmt" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -78,6 +79,35 @@ func TestStoreCodeValidation(t *testing.T) { }) } } +// TestRawContractMessageVulnerabilities demonstrates known JSON handling vulnerabilities +func TestRawContractMessageVulnerabilities(t *testing.T) { + // Field length vulnerability: large string values are accepted without limit + var sb strings.Builder + const largeSize = 1 << 20 + sb.Grow(largeSize + 16) + sb.WriteString(`{"foo":"`) + sb.WriteString(strings.Repeat("a", largeSize)) + sb.WriteString(`"}`) + msgLarge := RawContractMessage([]byte(sb.String())) + require.NoError(t, msgLarge.ValidateBasic(), "large JSON field should be accepted") + + // Depth vulnerability: deeply nested JSON is accepted without depth checks + nested := "{}" + const depth = 10000 + for i := 0; i < depth; i++ { + nested = fmt.Sprintf("{\"a\":%s}", nested) + } + msgDeep := RawContractMessage([]byte(nested)) + require.NoError(t, msgDeep.ValidateBasic(), "deeply nested JSON should be accepted") + + // Numeric boundary vulnerability: extremely large numbers are accepted syntactically + msgNum := RawContractMessage([]byte(`{"num":123456789012345678901234567890}`)) + require.NoError(t, msgNum.ValidateBasic(), "JSON with large numeric values should be accepted") + + // Special character injection: control characters in strings are accepted if valid escape + msgSpecial := RawContractMessage([]byte(`{"ctrl":"\u0000"}`)) + require.NoError(t, msgSpecial.ValidateBasic(), "JSON with special Unicode escapes should be accepted") +} func TestInstantiateContractValidation(t *testing.T) { // proper address size From a45d0bc639ed2d033bd70009586eaa6594228c98 Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Tue, 27 May 2025 15:00:13 +0000 Subject: [PATCH 2/2] [autofix.ci] apply automated fixes --- x/wasm/types/tx_test.go | 55 +++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/x/wasm/types/tx_test.go b/x/wasm/types/tx_test.go index 1aebf76a2c..fc8a741311 100644 --- a/x/wasm/types/tx_test.go +++ b/x/wasm/types/tx_test.go @@ -1,10 +1,10 @@ package types import ( - "bytes" - "strings" - "testing" - "fmt" + "bytes" + "fmt" + "strings" + "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -79,34 +79,35 @@ func TestStoreCodeValidation(t *testing.T) { }) } } + // TestRawContractMessageVulnerabilities demonstrates known JSON handling vulnerabilities func TestRawContractMessageVulnerabilities(t *testing.T) { - // Field length vulnerability: large string values are accepted without limit - var sb strings.Builder - const largeSize = 1 << 20 - sb.Grow(largeSize + 16) - sb.WriteString(`{"foo":"`) - sb.WriteString(strings.Repeat("a", largeSize)) - sb.WriteString(`"}`) - msgLarge := RawContractMessage([]byte(sb.String())) - require.NoError(t, msgLarge.ValidateBasic(), "large JSON field should be accepted") + // Field length vulnerability: large string values are accepted without limit + var sb strings.Builder + const largeSize = 1 << 20 + sb.Grow(largeSize + 16) + sb.WriteString(`{"foo":"`) + sb.WriteString(strings.Repeat("a", largeSize)) + sb.WriteString(`"}`) + msgLarge := RawContractMessage([]byte(sb.String())) + require.NoError(t, msgLarge.ValidateBasic(), "large JSON field should be accepted") - // Depth vulnerability: deeply nested JSON is accepted without depth checks - nested := "{}" - const depth = 10000 - for i := 0; i < depth; i++ { - nested = fmt.Sprintf("{\"a\":%s}", nested) - } - msgDeep := RawContractMessage([]byte(nested)) - require.NoError(t, msgDeep.ValidateBasic(), "deeply nested JSON should be accepted") + // Depth vulnerability: deeply nested JSON is accepted without depth checks + nested := "{}" + const depth = 10000 + for i := 0; i < depth; i++ { + nested = fmt.Sprintf("{\"a\":%s}", nested) + } + msgDeep := RawContractMessage([]byte(nested)) + require.NoError(t, msgDeep.ValidateBasic(), "deeply nested JSON should be accepted") - // Numeric boundary vulnerability: extremely large numbers are accepted syntactically - msgNum := RawContractMessage([]byte(`{"num":123456789012345678901234567890}`)) - require.NoError(t, msgNum.ValidateBasic(), "JSON with large numeric values should be accepted") + // Numeric boundary vulnerability: extremely large numbers are accepted syntactically + msgNum := RawContractMessage([]byte(`{"num":123456789012345678901234567890}`)) + require.NoError(t, msgNum.ValidateBasic(), "JSON with large numeric values should be accepted") - // Special character injection: control characters in strings are accepted if valid escape - msgSpecial := RawContractMessage([]byte(`{"ctrl":"\u0000"}`)) - require.NoError(t, msgSpecial.ValidateBasic(), "JSON with special Unicode escapes should be accepted") + // Special character injection: control characters in strings are accepted if valid escape + msgSpecial := RawContractMessage([]byte(`{"ctrl":"\u0000"}`)) + require.NoError(t, msgSpecial.ValidateBasic(), "JSON with special Unicode escapes should be accepted") } func TestInstantiateContractValidation(t *testing.T) {