From 5444d6200207cfa841446f860fa1c59a8e68e240 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Wed, 17 Apr 2024 08:18:22 -0700 Subject: [PATCH 1/5] Fix access(account) bug in contract update validator --- internal/migrate/staging_validator.go | 28 +++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/internal/migrate/staging_validator.go b/internal/migrate/staging_validator.go index 11decd165..1605e7914 100644 --- a/internal/migrate/staging_validator.go +++ b/internal/migrate/staging_validator.go @@ -46,6 +46,11 @@ type stagingValidator struct { flow flowkit.Services state *flowkit.State + // Location of the source code that is used for the update + sourceCodeLocation common.Location + // Location of the target contract that is being updated + targetLocation common.AddressLocation + // Cache for account contract names so we don't have to fetch them multiple times accountContractNames map[common.Address][]string // All resolved contract code @@ -192,8 +197,9 @@ func (v *stagingValidator) parseAndCheckContract( // Only checking contracts, so no need to consider script standard library return util.NewStandardLibrary().BaseValueActivation }, - LocationHandler: v.resolveLocation, - ImportHandler: v.resolveImport, + LocationHandler: v.resolveLocation, + ImportHandler: v.resolveImport, + MemberAccountAccessHandler: v.resolveAccountAccess, }, ) if err != nil { @@ -381,6 +387,24 @@ func (v *stagingValidator) resolveLocation( return resolvedLocations, nil } +func (v *stagingValidator) resolveAccountAccess(checker *sema.Checker, memberLocation common.Location) bool { + checkerLocation, ok := checker.Location.(common.StringLocation) + if !ok { + return false + } + + memberAddressLocation, ok := memberLocation.(common.AddressLocation) + if !ok { + return false + } + + if checkerLocation == v.sourceCodeLocation && memberAddressLocation.Address == v.targetLocation.Address { + return true + } + + return false +} + func (v *stagingValidator) resolveAddressContractNames(address common.Address) ([]string, error) { // Check if the contract names are already cached if names, ok := v.accountContractNames[address]; ok { From e8eb7c9b8ef038864643aaf7f846c70f918c0560 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Wed, 17 Apr 2024 08:19:19 -0700 Subject: [PATCH 2/5] set locations --- internal/migrate/staging_validator.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/migrate/staging_validator.go b/internal/migrate/staging_validator.go index 1605e7914..06c9488af 100644 --- a/internal/migrate/staging_validator.go +++ b/internal/migrate/staging_validator.go @@ -104,6 +104,9 @@ func (v *stagingValidator) ValidateContractUpdate( // Code of the updated contract updatedCode []byte, ) error { + v.sourceCodeLocation = sourceCodeLocation + v.targetLocation = location + // Resolve all system contract code & add to cache v.loadSystemContracts() From b43eb8c0e3c29b581a80a494619e22eccec8199a Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Wed, 17 Apr 2024 08:32:01 -0700 Subject: [PATCH 3/5] add comment --- internal/migrate/staging_validator.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/migrate/staging_validator.go b/internal/migrate/staging_validator.go index 06c9488af..794c624f1 100644 --- a/internal/migrate/staging_validator.go +++ b/internal/migrate/staging_validator.go @@ -401,6 +401,8 @@ func (v *stagingValidator) resolveAccountAccess(checker *sema.Checker, memberLoc return false } + // If the source code of the update is being checked, we should check account access based on the + // targetted network location of the contract & not the source code location if checkerLocation == v.sourceCodeLocation && memberAddressLocation.Address == v.targetLocation.Address { return true } From 739c595038f17643ab862e0ef40125fcd7f181aa Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Wed, 17 Apr 2024 08:36:32 -0700 Subject: [PATCH 4/5] fix typo --- internal/migrate/staging_validator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/migrate/staging_validator.go b/internal/migrate/staging_validator.go index 794c624f1..82c81b387 100644 --- a/internal/migrate/staging_validator.go +++ b/internal/migrate/staging_validator.go @@ -402,7 +402,7 @@ func (v *stagingValidator) resolveAccountAccess(checker *sema.Checker, memberLoc } // If the source code of the update is being checked, we should check account access based on the - // targetted network location of the contract & not the source code location + // targeted network location of the contract & not the source code location if checkerLocation == v.sourceCodeLocation && memberAddressLocation.Address == v.targetLocation.Address { return true } From 97c69f7efa4ee904350c45e6c00101c92fd69f58 Mon Sep 17 00:00:00 2001 From: Jordan Ribbink Date: Wed, 17 Apr 2024 14:42:18 -0700 Subject: [PATCH 5/5] add nil check & test --- internal/migrate/staging_validator.go | 10 ++-- internal/migrate/staging_validator_test.go | 61 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/internal/migrate/staging_validator.go b/internal/migrate/staging_validator.go index 82c81b387..ba4d1c9e6 100644 --- a/internal/migrate/staging_validator.go +++ b/internal/migrate/staging_validator.go @@ -391,6 +391,10 @@ func (v *stagingValidator) resolveLocation( } func (v *stagingValidator) resolveAccountAccess(checker *sema.Checker, memberLocation common.Location) bool { + if checker == nil { + return false + } + checkerLocation, ok := checker.Location.(common.StringLocation) if !ok { return false @@ -403,11 +407,7 @@ func (v *stagingValidator) resolveAccountAccess(checker *sema.Checker, memberLoc // If the source code of the update is being checked, we should check account access based on the // targeted network location of the contract & not the source code location - if checkerLocation == v.sourceCodeLocation && memberAddressLocation.Address == v.targetLocation.Address { - return true - } - - return false + return checkerLocation == v.sourceCodeLocation && memberAddressLocation.Address == v.targetLocation.Address } func (v *stagingValidator) resolveAddressContractNames(address common.Address) ([]string, error) { diff --git a/internal/migrate/staging_validator_test.go b/internal/migrate/staging_validator_test.go index 48db6e70f..fd2e5070b 100644 --- a/internal/migrate/staging_validator_test.go +++ b/internal/migrate/staging_validator_test.go @@ -288,4 +288,65 @@ func Test_StagingValidator(t *testing.T) { err := validator.ValidateContractUpdate(location, sourceCodeLocation, []byte(newContract)) require.NoError(t, err) }) + + t.Run("resolves account access correctly", func(t *testing.T) { + location := common.NewAddressLocation(nil, common.Address{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, "Test") + sourceCodeLocation := common.StringLocation("./Test.cdc") + oldContract := ` + import ImpContract from 0x01 + pub contract Test { + pub fun test() {} + }` + newContract := ` + import ImpContract from 0x01 + access(all) contract Test { + access(all) fun test() {} + init() { + ImpContract.test() + } + }` + impContract := ` + access(all) contract ImpContract { + access(account) fun test() {} + init() {} + }` + mockScriptResultString, err := cadence.NewString(impContract) + require.NoError(t, err) + + mockAccount := &flow.Account{ + Address: flow.HexToAddress("01"), + Balance: 1000, + Keys: nil, + Contracts: map[string][]byte{ + "Test": []byte(oldContract), + }, + } + + // setup mocks + require.NoError(t, rw.WriteFile(sourceCodeLocation.String(), []byte(newContract), 0o644)) + srv.GetAccount.Run(func(args mock.Arguments) { + require.Equal(t, flow.HexToAddress("01"), args.Get(1).(flow.Address)) + }).Return(mockAccount, nil) + srv.Network.Return(config.Network{ + Name: "testnet", + }, nil) + srv.ExecuteScript.Run(func(args mock.Arguments) { + script := args.Get(1).(flowkit.Script) + + assert.Equal(t, templates.GenerateGetStagedContractCodeScript(MigrationContractStagingAddress("testnet")), script.Code) + + assert.Equal(t, 2, len(script.Args)) + actualContractAddressArg, actualContractNameArg := script.Args[0], script.Args[1] + + contractName, _ := cadence.NewString("ImpContract") + contractAddr := cadence.NewAddress(flow.HexToAddress("01")) + assert.Equal(t, contractName, actualContractNameArg) + assert.Equal(t, contractAddr, actualContractAddressArg) + }).Return(cadence.NewOptional(mockScriptResultString), nil) + + // validate + validator := newStagingValidator(srv.Mock, state) + err = validator.ValidateContractUpdate(location, sourceCodeLocation, []byte(newContract)) + require.NoError(t, err) + }) }