gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add signer/writable de/escalation tests (#14726)

Browse Source
This commit is contained in:
Jack May
2021-01-21 01:19:46 -08:00
committed by GitHub
parent 04ce33a04e
commit aa96ad042b
7 changed files with 342 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
programs/bpf/c/src/invoke/invoke.c
View File

@ -15,6 +15,8 @@ static const uint8_t TEST_ALLOC_ACCESS_VIOLATION = 8;
static const uint8_t TEST_INSTRUCTION_DATA_TOO_LARGE = 9;
static const uint8_t TEST_INSTRUCTION_META_TOO_LARGE = 10;
static const uint8_t TEST_RETURN_ERROR = 11;
static const uint8_t TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER = 12;
static const uint8_t TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE = 13;
static const int MINT_INDEX = 0;
static const int ARGUMENT_INDEX = 1;
@ -228,6 +230,20 @@ extern uint64_t entrypoint(const uint8_t *input) {
10 + 5 - 1 - 1 - 1 - 1);
}
sol_log("Test privilege deescalation");
{
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
SolAccountMeta arguments[] = {
{accounts[INVOKED_ARGUMENT_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_DEESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
}
sol_log("Verify data values are retained and updated");
for (int i = 0; i < accounts[ARGUMENT_INDEX].data_len; i++) {
sol_assert(accounts[ARGUMENT_INDEX].data[i] == i);
@ -436,6 +452,38 @@ extern uint64_t entrypoint(const uint8_t *input) {
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts));
break;
}
case TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: {
sol_log("Test privilege deescalation escalation signer");
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
SolAccountMeta arguments[] = {
{accounts[INVOKED_PROGRAM_INDEX].key, false, false},
{accounts[INVOKED_ARGUMENT_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
break;
}
case TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: {
sol_log("Test privilege deescalation escalation writable");
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(true == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
SolAccountMeta arguments[] = {
{accounts[INVOKED_PROGRAM_INDEX].key, false, false},
{accounts[INVOKED_ARGUMENT_INDEX].key, false, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
break;
}
default:
sol_panic();
}

3
programs/bpf/c/src/invoked/instruction.h
View File

@ -12,3 +12,6 @@ const uint8_t VERIFY_WRITER = 4;
const uint8_t VERIFY_PRIVILEGE_ESCALATION = 5;
const uint8_t NESTED_INVOKE = 6;
const uint8_t RETURN_OK = 7;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION = 8;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER = 9;
const uint8_t VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE = 10;

49
programs/bpf/c/src/invoked/invoked.c
View File

@ -5,6 +5,8 @@
#include <solana_sdk.h>
extern uint64_t entrypoint(const uint8_t *input) {
sol_log("Invoked C program");
SolAccountInfo accounts[4];
SolParameters params = (SolParameters){.ka = accounts};
@ -157,9 +159,54 @@ extern uint64_t entrypoint(const uint8_t *input) {
break;
}
case VERIFY_PRIVILEGE_ESCALATION: {
sol_log("Success");
sol_log("Should never get here!");
break;
}
case VERIFY_PRIVILEGE_DEESCALATION: {
sol_log("verify privilege deescalation");
static const int INVOKED_ARGUMENT_INDEX = 0;
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
break;
}
case VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: {
sol_log("verify privilege deescalation escalation signer");
static const int INVOKED_PROGRAM_INDEX = 0;
static const int INVOKED_ARGUMENT_INDEX = 1;
sol_assert(sol_deserialize(input, &params, 2));
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
SolAccountMeta arguments[] = {
{accounts[INVOKED_ARGUMENT_INDEX].key, true, false}};
uint8_t data[] = {VERIFY_PRIVILEGE_ESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
break;
}
case VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: {
sol_log("verify privilege deescalation escalation writable");
static const int INVOKED_PROGRAM_INDEX = 0;
static const int INVOKED_ARGUMENT_INDEX = 1;
sol_assert(sol_deserialize(input, &params, 2));
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_signer);
sol_assert(false == accounts[INVOKED_ARGUMENT_INDEX].is_writable);
SolAccountMeta arguments[] = {
{accounts[INVOKED_ARGUMENT_INDEX].key, false, true}};
uint8_t data[] = {VERIFY_PRIVILEGE_ESCALATION};
const SolInstruction instruction = {accounts[INVOKED_PROGRAM_INDEX].key,
arguments, SOL_ARRAY_SIZE(arguments),
data, SOL_ARRAY_SIZE(data)};
sol_assert(SUCCESS ==
sol_invoke(&instruction, accounts, SOL_ARRAY_SIZE(accounts)));
break;
}
case NESTED_INVOKE: {
sol_log("invoke");