Add signer/writable de/escalation tests (#14726)

2021-01-21 01:19:46 -08:00
parent 04ce33a04e
commit aa96ad042b
7 changed files with 342 additions and 341 deletions
--- a/programs/bpf/rust/invoke/src/lib.rs
+++ b/programs/bpf/rust/invoke/src/lib.rs
@ -27,6 +27,8 @@ const TEST_ALLOC_ACCESS_VIOLATION: u8 = 8;
 const TEST_INSTRUCTION_DATA_TOO_LARGE: u8 = 9;
 const TEST_INSTRUCTION_META_TOO_LARGE: u8 = 10;
 const TEST_RETURN_ERROR: u8 = 11;
+const TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER: u8 = 12;
+const TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE: u8 = 13;

 // const MINT_INDEX: usize = 0;
 const ARGUMENT_INDEX: usize = 1;
@ -306,6 +308,18 @@ fn process_instruction(
                );
            }

+            msg!("Test privilege deescalation");
+            {
+                assert!(accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+                assert!(accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+                let invoked_instruction = create_instruction(
+                    *accounts[INVOKED_PROGRAM_INDEX].key,
+                    &[(accounts[INVOKED_ARGUMENT_INDEX].key, false, false)],
+                    vec![VERIFY_PRIVILEGE_DEESCALATION],
+                );
+                invoke(&invoked_instruction, accounts)?;
+            }
+
            msg!("Verify data values are retained and updated");
            {
                let data = accounts[ARGUMENT_INDEX].try_borrow_data()?;
@ -492,6 +506,34 @@ fn process_instruction(
            );
            let _ = invoke(&instruction, accounts);
        }
+        TEST_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER => {
+            msg!("Test privilege deescalation escalation signer");
+            assert!(accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+            assert!(accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+            let invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[
+                    (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
+                    (accounts[INVOKED_ARGUMENT_INDEX].key, false, false),
+                ],
+                vec![VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_SIGNER],
+            );
+            invoke(&invoked_instruction, accounts)?;
+        }
+        TEST_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE => {
+            msg!("Test privilege deescalation escalation writable");
+            assert!(accounts[INVOKED_ARGUMENT_INDEX].is_signer);
+            assert!(accounts[INVOKED_ARGUMENT_INDEX].is_writable);
+            let invoked_instruction = create_instruction(
+                *accounts[INVOKED_PROGRAM_INDEX].key,
+                &[
+                    (accounts[INVOKED_PROGRAM_INDEX].key, false, false),
+                    (accounts[INVOKED_ARGUMENT_INDEX].key, false, false),
+                ],
+                vec![VERIFY_PRIVILEGE_DEESCALATION_ESCALATION_WRITABLE],
+            );
+            invoke(&invoked_instruction, accounts)?;
+        }
        _ => panic!(),
    }