Add signer/writable de/escalation tests (bp #14726) (#14738)

* Add signer/writable de/escalation tests (#14726) (cherry picked from commit aa96ad042b) # Conflicts: # programs/bpf/tests/programs.rs * resolve conflicts * nudge Co-authored-by: Jack May <jack@solana.com>
2021-01-21 21:35:58 +00:00
parent 53ea18d3b3
commit 47cf0726f9
7 changed files with 296 additions and 296 deletions
--- a/programs/bpf/rust/invoked/src/instruction.rs
+++ b/programs/bpf/rust/invoked/src/instruction.rs
@@ -13,6 +13,9 @@ pub const VERIFY_WRITER: u8 = 4;
 pub const VERIFY_PRIVILEGE_ESCALATION: u8 = 5;
 pub const NESTED_INVOKE: u8 = 6;
 pub const RETURN_OK: u8 = 7;
+pub const VERIFY_PRIVILEGE_DEESCALATION: u8 = 8;
+pub const VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: u8 = 9;
+pub const VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: u8 = 10;

 pub fn create_instruction(
    program_id: Pubkey,
--- a/programs/bpf/rust/invoked/src/processor.rs
+++ b/programs/bpf/rust/invoked/src/processor.rs
@@ -161,7 +161,41 @@ fn process_instruction(
            assert!(!accounts[ARGUMENT_INDEX].is_writable);
        }
        VERIFY_PRIVILEGE_ESCALATION => {
-            msg!("Success");
+            msg!("Should never get here!");
+        }
+        VERIFY_PRIVILEGE_DEESCALATION => {
+            msg!("verify privilege deescalation");
+            const INVOKED_ARGUMENT_INDEX: usize = 0;
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+        }
+        VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER => {
+            msg!("verify privilege deescalation escalation signer");
+            const INVOKED_PROGRAM_INDEX: usize = 0;
+            const INVOKED_ARGUMENT_INDEX: usize = 1;
+
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+            let invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[(accounts[INVOKED_ARGUMENT_INDEX].key, true, false)],
+                vec![VERIFY_PRIVILEGE_ESCALATION],
+            );
+            invoke(&invoked_instruction, accounts)?;
+        }
+        VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE => {
+            msg!("verify privilege deescalation escalation writable");
+            const INVOKED_PROGRAM_INDEX: usize = 0;
+            const INVOKED_ARGUMENT_INDEX: usize = 1;
+
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+            assert!(!accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+            let invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[(accounts[INVOKED_ARGUMENT_INDEX].key, false, true)],
+                vec![VERIFY_PRIVILEGE_ESCALATION],
+            );
+            invoke(&invoked_instruction, accounts)?;
        }
        NESTED_INVOKE => {
            msg!("nested invoke");