fix: Disallow unregistered classes in JSON RPC interface and match by name #1820
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spalladino
changed the title
spalladino
force-pushed
the
palla/no-unregistered-classes-in-json-rpc
branch
from
105e042
to
ff1cd9f
Compare
spypsy
reviewed
Aug 26, 2023
|
@spalladino seems some of our objects were still failing the check, I've added an update to traverse prototype chain |
|
@spypsy interesting, thanks for the fix! Any insight into why this is needed? All I found was a stackoverflow comment that if the object being serialised comes from a different realm, then the original check doesn't work, but I'm not seeing thow that applies here. |
|
Not sure why it was happening tbh. Seemed to be Contract ABI objects that had the issue in the test I tried out at least |
|
Only comment is wonder at this point whether a utility could have hid this finicky stuff, but LGTM |
ludamad
approved these changes
Aug 28, 2023
PhilWindle
pushed a commit
that referenced
this pull request
Aug 30, 2023
🤖 I have created a new Aztec Packages release --- ## [0.1.0-alpha48](v0.1.0-alpha47...v0.1.0-alpha48) (2023-08-30) ### Features * Add ARM build for Mac + cleanup artifacts ([#1837](#1837)) ([270a4ae](270a4ae)) * broadcasting 'public key' and 'partial address' as L1 calldata ([#1801](#1801)) ([78d6444](78d6444)), closes [#1778](#1778) * Check sandbox version matches CLI's ([#1849](#1849)) ([7279730](7279730)) * **docs:** adding some nitpick suggestions before sandbox release ([#1859](#1859)) ([c1144f7](c1144f7)) * More reliable getTxReceipt api. ([#1793](#1793)) ([ad16b22](ad16b22)) * **noir:** use `#[aztec(private)]` and `#[aztec(public)` attributes ([#1735](#1735)) ([89756fa](89756fa)) * Recursive fn calls to spend more notes. ([#1779](#1779)) ([94053e4](94053e4)) * Simulate enqueued public functions and locate failing constraints on them ([#1853](#1853)) ([a065fd5](a065fd5)) * Update safe_math and move to libraries ([#1803](#1803)) ([b10656d](b10656d)) * Write debug-level log to local file in Sandbox ([#1846](#1846)) ([0317e93](0317e93)), closes [#1605](#1605) ### Bug Fixes * Conditionally compile base64 command for bb binary ([#1851](#1851)) ([be97185](be97185)) * default color to light mode ([#1847](#1847)) ([4fc8d39](4fc8d39)) * Disallow unregistered classes in JSON RPC interface and match by name ([#1820](#1820)) ([35b8170](35b8170)) * Set side effect counter on contract reads ([#1870](#1870)) ([1d8881e](1d8881e)), closes [#1588](#1588) * Truncate SRS size to the amount of points that we have downloaded ([#1862](#1862)) ([0a7058c](0a7058c)) ### Miscellaneous * add browser test to canary flow ([#1808](#1808)) ([7f4fa43](7f4fa43)) * **ci:** fix output name in release please workflow ([#1858](#1858)) ([857821f](857821f)) * CLI tests ([#1786](#1786)) ([2987065](2987065)), closes [#1450](#1450) * compile minimal WASM binary needed for blackbox functions ([#1824](#1824)) ([76a30b8](76a30b8)) * fixed linter errors for `ecc`, `numeric` and `common` modules ([#1714](#1714)) ([026273b](026273b)) * Refactor Cli interface to be more unix-like ([#1833](#1833)) ([28d722e](28d722e)) * sync bb master ([#1842](#1842)) ([2c1ff72](2c1ff72)) * sync bb master ([#1852](#1852)) ([f979878](f979878)) * sync bb master ([#1866](#1866)) ([e681a49](e681a49)) * typescript script names should be consistent ([#1843](#1843)) ([eff8fe7](eff8fe7)) * use 2^19 as `MAX_CIRCUIT_SIZE` for NodeJS CLI ([#1834](#1834)) ([c573282](c573282)) ### Documentation * Account contract tutorial ([#1772](#1772)) ([0faefba](0faefba)) * Wallet dev docs ([#1746](#1746)) ([9b4281d](9b4281d)), closes [#1744](#1744) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prevents from accidentally passing an unregistered class in the autogenerated JSON RPC client and server. Picks the converter to use for serialisation based on constructor name if function equality match fails (since constructor name match may fail in minimised browser bundles).
We were bit by this when the
PrivateKeyclass was registered in the client, but due to a duplicated module, thePrivateKeyclass registered was not the same as the one passed as an argument. This caused the object not to be properly serialised, which due to #1819 was not picked up on the server side, and caused all sort of issues.Fixes #1826