Fix/block new filters (#4271)

* Add filters functions * Fix: forbid new filters for requests * Merge devel fix
2024-12-22 03:30:37 +00:00 · 2022-05-26 12:16:11 +03:00 · 2022-05-26 12:16:11 +03:00 · 5c055b9697
commit 5c055b9697
parent 66248c4bfb
4 changed files with 26 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -72,3 +72,5 @@ libmdbx/build/*
 tests/testdata/*

 go.work
+
+/goerli
--- a/cmd/rpcdaemon/commands/eth_filters.go
+++ b/cmd/rpcdaemon/commands/eth_filters.go
@ -5,9 +5,7 @@ import (
 	"fmt"

 	filters2 "github.com/ledgerwatch/erigon/cmd/rpcdaemon/rpcservices"
-
 	"github.com/ledgerwatch/erigon/common"
-
 	"github.com/ledgerwatch/erigon/common/debug"
 	"github.com/ledgerwatch/erigon/common/hexutil"
 	"github.com/ledgerwatch/erigon/core/types"
@ -70,11 +68,11 @@ func (api *APIImpl) NewFilter(_ context.Context, crit filters.FilterCriteria) (c
 	go func() {
 		for {
 			select {
-			case log, ok := <-logs:
+			case lg, ok := <-logs:
 				if !ok {
 					return
 				}
-				api.filters.AddLogs(id, log)
+				api.filters.AddLogs(id, lg)
 			default:
 			}
 		}
--- a/rpc/allow_list.go
+++ b/rpc/allow_list.go
@ -33,3 +33,15 @@ func (a *AllowList) MarshalJSON() ([]byte, error) {
 	}
 	return json.Marshal(keys)
 }
+
+type ForbiddenList map[string]struct{}
+
+func newForbiddenList() ForbiddenList {
+	return ForbiddenList{
+		"eth_newFilter":                   struct{}{},
+		"eth_newPendingTransactionFilter": struct{}{},
+		"eth_newBlockFilter":              struct{}{},
+		"eth_getFilterChanges":            struct{}{},
+		"eth_uninstallFilter":             struct{}{},
+	}
+}
--- a/rpc/handler.go
+++ b/rpc/handler.go
@ -64,7 +64,8 @@ type handler struct {
 	log            log.Logger
 	allowSubscribe bool

-	allowList AllowList // a list of explicitly allowed methods, if empty -- everything is allowed
+	allowList     AllowList // a list of explicitly allowed methods, if empty -- everything is allowed
+	forbiddenList ForbiddenList

 	subLock             sync.Mutex
 	serverSubs          map[ID]*Subscription
@ -78,6 +79,7 @@ type callProc struct {

 func newHandler(connCtx context.Context, conn jsonWriter, idgen func() ID, reg *serviceRegistry, allowList AllowList, maxBatchConcurrency uint) *handler {
 	rootCtx, cancelRoot := context.WithCancel(connCtx)
+	forbiddenList := newForbiddenList()
 	h := &handler{
 		reg:            reg,
 		idgen:          idgen,
@ -90,9 +92,11 @@ func newHandler(connCtx context.Context, conn jsonWriter, idgen func() ID, reg *
 		serverSubs:     make(map[ID]*Subscription),
 		log:            log.Root(),
 		allowList:      allowList,
+		forbiddenList:  forbiddenList,

 		maxBatchConcurrency: maxBatchConcurrency,
 	}
+
 	if conn.remoteAddr() != "" {
 		h.log = h.log.New("conn", conn.remoteAddr())
 	}
@ -360,9 +364,14 @@ func (h *handler) handleCallMsg(ctx *callProc, msg *jsonrpcMessage, stream *json
 }

 func (h *handler) isMethodAllowedByGranularControl(method string) bool {
+	_, isForbidden := h.forbiddenList[method]
 	if len(h.allowList) == 0 {
+		if isForbidden {
+			return false
+		}
 		return true
 	}
+
 	_, ok := h.allowList[method]
 	return ok
 }