Parameter for max wasm code size

CosmWasm · Nov 6, 2020 · d4824f3 · d4824f3
1 parent e55cc9f
commit d4824f3
Show file tree

Hide file tree

Showing 10 changed files with 192 additions and 140 deletions.
diff --git a/x/wasm/internal/keeper/genesis_test.go b/x/wasm/internal/keeper/genesis_test.go
@@ -59,7 +59,7 @@ func TestGenesisExportImport(t *testing.T) {
 		srcKeeper.importContractState(srcCtx, contractAddr, stateModels)
 	}
 	var wasmParams types.Params
-	f.Fuzz(&wasmParams)
+	f.NilChance(0).Fuzz(&wasmParams)
 	srcKeeper.setParams(srcCtx, wasmParams)
 
 	// export
@@ -369,7 +369,8 @@ func TestImportContractWithCodeHistoryReset(t *testing.T) {
 		"code_upload_access": {
 			"permission": "Everybody"
 		},
-		"instantiate_default_permission": "Everybody"
+		"instantiate_default_permission": "Everybody",
+		"max_wasm_code_size": 500000
 	},
   "codes": [
     {

diff --git a/x/wasm/internal/keeper/ioutil.go b/x/wasm/internal/keeper/ioutil.go
@@ -14,13 +14,13 @@ import (
 // and https://github.com/golang/go/blob/master/src/net/http/sniff.go#L186
 var gzipIdent = []byte("\x1F\x8B\x08")
 
-// limit max bytes read to prevent gzip bombs
-const maxSize = 400 * 1024
-
 // uncompress returns gzip uncompressed content or given src when not gzip.
-func uncompress(src []byte) ([]byte, error) {
-	if len(src) < 3 {
+func uncompress(src []byte, limit uint64) ([]byte, error) {
+	switch n := uint64(len(src)); {
+	case n < 3:
 		return src, nil
+	case n > limit:
+		return nil, types.ErrLimit
 	}
 	if !bytes.Equal(gzipIdent, src[0:3]) {
 		return src, nil
@@ -31,7 +31,7 @@ func uncompress(src []byte) ([]byte, error) {
 	}
 	zr.Multistream(false)
 	defer zr.Close()
-	return ioutil.ReadAll(LimitReader(zr, maxSize))
+	return ioutil.ReadAll(LimitReader(zr, int64(limit)))
 }
 
 // LimitReader returns a Reader that reads from r

diff --git a/x/wasm/internal/keeper/ioutil_test.go b/x/wasm/internal/keeper/ioutil_test.go
@@ -21,7 +21,8 @@ func TestUncompress(t *testing.T) {
 	wasmGzipped, err := ioutil.ReadFile("./testdata/hackatom.wasm.gzip")
 	require.NoError(t, err)
 
-	_, _ = wasmRaw, wasmGzipped
+	const maxSize = 400_000
+
 	specs := map[string]struct {
 		src       []byte
 		expError  error
@@ -44,8 +45,8 @@ func TestUncompress(t *testing.T) {
 			expResult: []byte{0x1, 0x2},
 		},
 		"handle big input slice": {
-			src:       []byte(strings.Repeat("a", maxSize+1)),
-			expResult: []byte(strings.Repeat("a", maxSize+1)),
+			src:      []byte(strings.Repeat("a", maxSize+1)),
+			expError: types.ErrLimit,
 		},
 		"handle gzip identifier only": {
 			src:      gzipIdent,
@@ -74,15 +75,14 @@ func TestUncompress(t *testing.T) {
 	}
 	for msg, spec := range specs {
 		t.Run(msg, func(t *testing.T) {
-			r, err := uncompress(spec.src)
+			r, err := uncompress(spec.src, maxSize)
 			require.True(t, errors.Is(spec.expError, err), "exp %v got %+v", spec.expError, err)
 			if spec.expError != nil {
 				return
 			}
 			assert.Equal(t, spec.expResult, r)
 		})
 	}
-
 }
 
 func asGzip(src []byte) []byte {

diff --git a/x/wasm/internal/keeper/keeper.go b/x/wasm/internal/keeper/keeper.go
@@ -110,6 +110,12 @@ func (k Keeper) getInstantiateAccessConfig(ctx sdk.Context) types.AccessType {
 	return a
 }
 
+func (k Keeper) GetMaxWasmCodeSize(ctx sdk.Context) uint64 {
+	var a uint64
+	k.paramSpace.Get(ctx, types.ParamStoreKeyMaxWasmCodeSize, &a)
+	return a
+}
+
 // GetParams returns the total set of wasm parameters.
 func (k Keeper) GetParams(ctx sdk.Context) types.Params {
 	var params types.Params
@@ -130,7 +136,7 @@ func (k Keeper) create(ctx sdk.Context, creator sdk.AccAddress, wasmCode []byte,
 	if !authZ.CanCreateCode(k.getUploadAccessConfig(ctx), creator) {
 		return 0, sdkerrors.Wrap(sdkerrors.ErrUnauthorized, "can not create code")
 	}
-	wasmCode, err = uncompress(wasmCode)
+	wasmCode, err = uncompress(wasmCode, k.GetMaxWasmCodeSize(ctx))
 	if err != nil {
 		return 0, sdkerrors.Wrap(types.ErrCreateFailed, err.Error())
 	}
@@ -155,7 +161,7 @@ func (k Keeper) create(ctx sdk.Context, creator sdk.AccAddress, wasmCode []byte,
 }
 
 func (k Keeper) importCode(ctx sdk.Context, codeID uint64, codeInfo types.CodeInfo, wasmCode []byte) error {
-	wasmCode, err := uncompress(wasmCode)
+	wasmCode, err := uncompress(wasmCode, k.GetMaxWasmCodeSize(ctx))
 	if err != nil {
 		return sdkerrors.Wrap(types.ErrCreateFailed, err.Error())
 	}

diff --git a/x/wasm/internal/keeper/keeper_test.go b/x/wasm/internal/keeper/keeper_test.go
@@ -80,6 +80,7 @@ func TestCreateStoresInstantiatePermission(t *testing.T) {
 			keeper.setParams(ctx, types.Params{
 				CodeUploadAccess:             types.AllowEverybody,
 				InstantiateDefaultPermission: spec.srcPermission,
+				MaxWasmCodeSize:              types.DefaultMaxWasmCodeSize,
 			})
 			fundAccounts(t, ctx, accKeeper, bankKeeper, myAddr, deposit)
 

diff --git a/x/wasm/internal/keeper/proposal_integration_test.go b/x/wasm/internal/keeper/proposal_integration_test.go
@@ -18,7 +18,11 @@ import (
 func TestStoreCodeProposal(t *testing.T) {
 	ctx, keepers := CreateTestInput(t, false, "staking", nil, nil)
 	govKeeper, wasmKeeper := keepers.GovKeeper, keepers.WasmKeeper
-	wasmKeeper.setParams(ctx, types.Params{CodeUploadAccess: types.AllowNobody, InstantiateDefaultPermission: types.AccessTypeNobody})
+	wasmKeeper.setParams(ctx, types.Params{
+		CodeUploadAccess:             types.AllowNobody,
+		InstantiateDefaultPermission: types.AccessTypeNobody,
+		MaxWasmCodeSize:              types.DefaultMaxWasmCodeSize,
+	})
 	wasmCode, err := ioutil.ReadFile("./testdata/hackatom.wasm")
 	require.NoError(t, err)
 
@@ -55,7 +59,11 @@ func TestStoreCodeProposal(t *testing.T) {
 func TestInstantiateProposal(t *testing.T) {
 	ctx, keepers := CreateTestInput(t, false, "staking", nil, nil)
 	govKeeper, wasmKeeper := keepers.GovKeeper, keepers.WasmKeeper
-	wasmKeeper.setParams(ctx, types.Params{CodeUploadAccess: types.AllowNobody, InstantiateDefaultPermission: types.AccessTypeNobody})
+	wasmKeeper.setParams(ctx, types.Params{
+		CodeUploadAccess:             types.AllowNobody,
+		InstantiateDefaultPermission: types.AccessTypeNobody,
+		MaxWasmCodeSize:              types.DefaultMaxWasmCodeSize,
+	})
 
 	wasmCode, err := ioutil.ReadFile("./testdata/hackatom.wasm")
 	require.NoError(t, err)
@@ -107,7 +115,11 @@ func TestInstantiateProposal(t *testing.T) {
 func TestMigrateProposal(t *testing.T) {
 	ctx, keepers := CreateTestInput(t, false, "staking", nil, nil)
 	govKeeper, wasmKeeper := keepers.GovKeeper, keepers.WasmKeeper
-	wasmKeeper.setParams(ctx, types.Params{CodeUploadAccess: types.AllowNobody, InstantiateDefaultPermission: types.AccessTypeNobody})
+	wasmKeeper.setParams(ctx, types.Params{
+		CodeUploadAccess:             types.AllowNobody,
+		InstantiateDefaultPermission: types.AccessTypeNobody,
+		MaxWasmCodeSize:              types.DefaultMaxWasmCodeSize,
+	})
 
 	wasmCode, err := ioutil.ReadFile("./testdata/hackatom.wasm")
 	require.NoError(t, err)
@@ -236,7 +248,11 @@ func TestAdminProposals(t *testing.T) {
 		t.Run(msg, func(t *testing.T) {
 			ctx, keepers := CreateTestInput(t, false, "staking", nil, nil)
 			govKeeper, wasmKeeper := keepers.GovKeeper, keepers.WasmKeeper
-			wasmKeeper.setParams(ctx, types.Params{CodeUploadAccess: types.AllowNobody, InstantiateDefaultPermission: types.AccessTypeNobody})
+			wasmKeeper.setParams(ctx, types.Params{
+				CodeUploadAccess:             types.AllowNobody,
+				InstantiateDefaultPermission: types.AccessTypeNobody,
+				MaxWasmCodeSize:              types.DefaultMaxWasmCodeSize,
+			})
 
 			codeInfoFixture := types.CodeInfoFixture(types.WithSHA256CodeHash(wasmCode))
 			require.NoError(t, wasmKeeper.importCode(ctx, 1, codeInfoFixture, wasmCode))

diff --git a/x/wasm/internal/types/params.go b/x/wasm/internal/types/params.go
@@ -15,10 +15,13 @@ import (
 const (
 	// DefaultParamspace for params keeper
 	DefaultParamspace = ModuleName
+	// DefaultMaxWasmCodeSize limit max bytes read to prevent gzip bombs
+	DefaultMaxWasmCodeSize = 600 * 1024
 )
 
 var ParamStoreKeyUploadAccess = []byte("uploadAccess")
 var ParamStoreKeyInstantiateAccess = []byte("instantiateAccess")
+var ParamStoreKeyMaxWasmCodeSize = []byte("maxWasmCodeSize")
 
 var AllAccessTypes = []AccessType{
 	AccessTypeNobody,
@@ -95,6 +98,7 @@ func DefaultParams() Params {
 	return Params{
 		CodeUploadAccess:             AllowEverybody,
 		InstantiateDefaultPermission: AccessTypeEverybody,
+		MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 	}
 }
 
@@ -108,6 +112,7 @@ func (p *Params) ParamSetPairs() paramtypes.ParamSetPairs {
 	return paramtypes.ParamSetPairs{
 		paramtypes.NewParamSetPair(ParamStoreKeyUploadAccess, &p.CodeUploadAccess, validateAccessConfig),
 		paramtypes.NewParamSetPair(ParamStoreKeyInstantiateAccess, &p.InstantiateDefaultPermission, validateAccessType),
+		paramtypes.NewParamSetPair(ParamStoreKeyMaxWasmCodeSize, &p.MaxWasmCodeSize, validateMaxWasmCodeSize),
 	}
 }
 
@@ -119,6 +124,9 @@ func (p Params) ValidateBasic() error {
 	if err := validateAccessConfig(p.CodeUploadAccess); err != nil {
 		return errors.Wrap(err, "upload access")
 	}
+	if err := validateMaxWasmCodeSize(p.MaxWasmCodeSize); err != nil {
+		return errors.Wrap(err, "max wasm code size")
+	}
 	return nil
 }
 
@@ -146,6 +154,17 @@ func validateAccessType(i interface{}) error {
 	return sdkerrors.Wrapf(ErrInvalid, "unknown type: %q", a)
 }
 
+func validateMaxWasmCodeSize(i interface{}) error {
+	a, ok := i.(uint64)
+	if !ok {
+		return sdkerrors.Wrapf(ErrInvalid, "type: %T", i)
+	}
+	if a == 0 {
+		return sdkerrors.Wrap(ErrInvalid, "must be greater 0")
+	}
+	return nil
+}
+
 func (v AccessConfig) ValidateBasic() error {
 	switch v.Permission {
 	case AccessTypeUndefined:

diff --git a/x/wasm/internal/types/params_test.go b/x/wasm/internal/types/params_test.go
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"testing"
 
+	"github.com/cosmos/cosmos-sdk/codec"
+	codectypes "github.com/cosmos/cosmos-sdk/codec/types"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -26,63 +28,81 @@ func TestValidateParams(t *testing.T) {
 			src: Params{
 				CodeUploadAccess:             AllowNobody,
 				InstantiateDefaultPermission: AccessTypeNobody,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 		},
 		"all good with everybody": {
 			src: Params{
 				CodeUploadAccess:             AllowEverybody,
 				InstantiateDefaultPermission: AccessTypeEverybody,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 		},
 		"all good with only address": {
 			src: Params{
 				CodeUploadAccess:             AccessTypeOnlyAddress.With(anyAddress),
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 		},
 		"reject empty type in instantiate permission": {
 			src: Params{
 				CodeUploadAccess: AllowNobody,
+				MaxWasmCodeSize:  DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
 		},
 		"reject unknown type in instantiate": {
 			src: Params{
 				CodeUploadAccess:             AllowNobody,
 				InstantiateDefaultPermission: 1111,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
 		},
 		"reject invalid address in only address": {
 			src: Params{
 				CodeUploadAccess:             AccessConfig{Permission: AccessTypeOnlyAddress, Address: invalidAddress},
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
 		},
 		"reject CodeUploadAccess Everybody with obsolete address": {
 			src: Params{
 				CodeUploadAccess:             AccessConfig{Permission: AccessTypeEverybody, Address: anyAddress},
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
 		},
 		"reject CodeUploadAccess Nobody with obsolete address": {
 			src: Params{
 				CodeUploadAccess:             AccessConfig{Permission: AccessTypeNobody, Address: anyAddress},
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
 		},
 		"reject empty CodeUploadAccess": {
 			src: Params{
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
 			},
 			expErr: true,
-		}, "reject undefined permission in CodeUploadAccess": {
+		},
+		"reject undefined permission in CodeUploadAccess": {
 			src: Params{
 				CodeUploadAccess:             AccessConfig{Permission: AccessTypeUndefined},
 				InstantiateDefaultPermission: AccessTypeOnlyAddress,
+				MaxWasmCodeSize:              DefaultMaxWasmCodeSize,
+			},
+			expErr: true,
+		},
+		"reject empty max wasm code size": {
+			src: Params{
+				CodeUploadAccess:             AllowNobody,
+				InstantiateDefaultPermission: AccessTypeNobody,
 			},
 			expErr: true,
 		},
@@ -147,14 +167,18 @@ func TestParamsUnmarshalJson(t *testing.T) {
 
 		"defaults": {
 			src: `{"code_upload_access": {"permission": "Everybody"},
-				"instantiate_default_permission": "Everybody"}`,
+				"instantiate_default_permission": "Everybody",
+				"max_wasm_code_size": 614400}`,
 			exp: DefaultParams(),
 		},
 	}
 	for msg, spec := range specs {
 		t.Run(msg, func(t *testing.T) {
 			var val Params
-			err := ModuleCdc.UnmarshalJSON([]byte(spec.src), &val)
+			interfaceRegistry := codectypes.NewInterfaceRegistry()
+			marshaler := codec.NewProtoCodec(interfaceRegistry)
+
+			err := marshaler.UnmarshalJSON([]byte(spec.src), &val)
 			require.NoError(t, err)
 			assert.Equal(t, spec.exp, val)
 		})