mirror/prysm-pulse
1
0
Fork 0
mirror of https://gitlab.com/pulsechaincom/prysm-pulse.git synced 2024-12-22 03:30:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

handle slice out of range (#13568)

Browse Source 
* handle slice out of range

* adding some tests
This commit is contained in:
james-prysm 2024-02-01 10:59:40 -06:00 committed by GitHub
parent 9a9990605c
commit 2dad245bc8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
validator/rpc/intercepter.go
View File

@ -46,7 +46,13 @@ func (s *Server) JwtHttpInterceptor(next http.Handler) http.Handler {
http.Error(w, "unauthorized: no Authorization header passed. Please use an Authorization header with the jwt created in the prysm wallet", http.StatusUnauthorized)
return
}
token := strings.Split(reqToken, "Bearer ")[1]
tokenParts := strings.Split(reqToken, "Bearer ")
if len(tokenParts) != 2 {
http.Error(w, "Invalid token format", http.StatusBadRequest)
return
}
token := tokenParts[1]
_, err := jwt.Parse(token, s.validateJWT)
if err != nil {
http.Error(w, fmt.Errorf("forbidden: could not parse JWT token: %v", err).Error(), http.StatusForbidden)

37
validator/rpc/intercepter_test.go
View File

@ -107,6 +107,43 @@ func TestServer_JwtHttpInterceptor(t *testing.T) {
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusOK, rr.Code)
})
t.Run("wrong jwt format was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
token, err := createTokenString(jwtKey)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer"+token) // no space was added // Replace with a valid JWT token
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusBadRequest, rr.Code)
})
t.Run("wrong jwt no bearer format was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
token, err := createTokenString(jwtKey)
require.NoError(t, err)
req.Header.Set("Authorization", token) // Replace with a valid JWT token
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusBadRequest, rr.Code)
})
t.Run("broken jwt token format was sent", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/eth/v1/keystores", nil)
require.NoError(t, err)
token, err := createTokenString(jwtKey)
require.NoError(t, err)
req.Header.Set("Authorization", "Bearer "+token[0:2]+" "+token[2:]) // Replace with a valid JWT token
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusForbidden, rr.Code)
})
t.Run("web endpoint needs jwt token", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, "/api/v2/validator/beacon/status", nil)
require.NoError(t, err)
testHandler.ServeHTTP(rr, req)
require.Equal(t, http.StatusUnauthorized, rr.Code)
})
t.Run("initialize does not need jwt", func(t *testing.T) {
rr := httptest.NewRecorder()
req, err := http.NewRequest(http.MethodGet, api.WebUrlPrefix+"initialize", nil)