From a93aee8daf0df4a0a7509cf93ce14f76ae0e800a Mon Sep 17 00:00:00 2001 From: Marco Peereboom Date: Tue, 7 Jan 2025 13:07:50 +0000 Subject: [PATCH] Fix hackerone findings (#15) * Remove dead code. Found by hackerone #2888114 * go mod tidy removes unused SQL junk Hackerone 2888131 --- core/hvm/dbobj.go | 12 -- core/hvm/interopdb.go | 447 ------------------------------------------ go.mod | 2 - go.sum | 9 - 4 files changed, 470 deletions(-) delete mode 100644 core/hvm/dbobj.go delete mode 100644 core/hvm/interopdb.go diff --git a/core/hvm/dbobj.go b/core/hvm/dbobj.go deleted file mode 100644 index a7b67af0cf..0000000000 --- a/core/hvm/dbobj.go +++ /dev/null @@ -1,12 +0,0 @@ -package hvm - -type output struct { - txid []byte - index uint32 - value uint64 - spendScript []byte - address string - scriptsig []byte - spent bool - spendtx []byte -} diff --git a/core/hvm/interopdb.go b/core/hvm/interopdb.go deleted file mode 100644 index e10f145bf5..0000000000 --- a/core/hvm/interopdb.go +++ /dev/null @@ -1,447 +0,0 @@ -package hvm - -import ( - "database/sql" - "fmt" - "github.com/ethereum/go-ethereum/log" - "github.com/jmoiron/sqlx" - _ "github.com/lib/pq" -) - -type HvmDb interface { - GetBtcAddrUtxos(addr string, pg uint32, pgsize uint32) ([]DbOutput, error) - GetBtcAddrBal(addr string) (uint64, error) - GetTxByTxid(txid []byte) (*FullTransaction, error) - GetLastHeader() (*BlockHeader, error) - GetHeader(height uint32) (*BlockHeader, error) -} - -type PGHvmDb struct { - pguri string - db *sqlx.DB -} - -func (p *PGHvmDb) DB() *sqlx.DB { - return p.db -} - -func NewPGHvmDb(pguri string) *PGHvmDb { - hvmdb := PGHvmDb{ - pguri: pguri, - } - - return &hvmdb -} - -func (h *PGHvmDb) Connect() error { - db, err := sqlx.Connect("postgres", h.pguri) - - if err != nil { - return err - } - - if err := db.Ping(); err != nil { - log.Error("Unable to ping hVM database!") - return err - } - - h.db = db - return nil -} - -func (h *PGHvmDb) GetHeader(height uint32) (*BlockHeader, error) { - blockQuery := fmt.Sprintf("SELECT * FROM blocks WHERE height=%d", height) - - blockRows, err := h.db.Queryx(blockQuery) - if err != nil { - log.Warn("unable to fetch block data from blocks table", "height", height) - return nil, err - } - defer blockRows.Close() - - dbBlock := DbBlock{} - if blockRows.Next() { - err := blockRows.StructScan(&dbBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from blocks table looking block", "height", height) - return nil, nil // TODO: Err - } - - secondBlockQuery := fmt.Sprintf("SELECT * FROM blocks WHERE height=%d", height-1) - - secondBlockRows, err := h.db.Queryx(secondBlockQuery) - if err != nil { - log.Warn("unable to fetch previous block data from table", "height", height) - return nil, err - } - defer secondBlockRows.Close() - - dbSecondBlock := DbBlock{} - if secondBlockRows.Next() { - err := secondBlockRows.StructScan(&dbSecondBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from previous block data from table", "height", height) - return nil, nil // TODO: Err - } - - block := BlockHeader{ - Height: dbBlock.Height, - Hash: dbBlock.Hash, - Version: 0, // Temp - PrevHash: dbSecondBlock.Hash, - MerkleRoot: dbBlock.MerkleRoot, - Timestamp: dbBlock.Timestamp, - NBits: 0, // Temp - Nonce: 0, // Temp - } - - return &block, nil -} - -func (h *PGHvmDb) GetLastHeader() (*BlockHeader, error) { - tipBlockQuery := fmt.Sprintf("SELECT * FROM blocks ORDER BY height DESC LIMIT 1") - - tipBlockRows, err := h.db.Queryx(tipBlockQuery) - if err != nil { - log.Warn("unable to fetch tip block data from blocks table") - return nil, err - } - defer tipBlockRows.Close() - - dbTipBlock := DbBlock{} - if tipBlockRows.Next() { - err := tipBlockRows.StructScan(&dbTipBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from blocks table looking for tip") - return nil, nil // TODO: Err - } - - secondBlockQuery := fmt.Sprintf("SELECT * FROM blocks ORDER BY height DESC LIMIT 1 OFFSET 1") - - secondBlockRows, err := h.db.Queryx(secondBlockQuery) - if err != nil { - log.Warn("unable to fetch 2nd block data from blocks table") - return nil, err - } - defer secondBlockRows.Close() - - dbSecondBlock := DbBlock{} - if secondBlockRows.Next() { - err := secondBlockRows.StructScan(&dbSecondBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from blocks table looking for 2nd block") - return nil, nil // TODO: Err - } - - block := BlockHeader{ - Height: dbTipBlock.Height, - Hash: dbTipBlock.Hash, - Version: 0, // Temp - PrevHash: dbSecondBlock.Hash, - MerkleRoot: dbTipBlock.MerkleRoot, - Timestamp: dbTipBlock.Timestamp, - NBits: 0, // Temp - Nonce: 0, // Temp - } - - return &block, nil -} - -func (h *PGHvmDb) GetTxByTxid(txid []byte) (*FullTransaction, error) { - // TODO: Extract these queries to helper methods so they can be reused for other HVM queries - dbTxQuery := fmt.Sprintf("SELECT * FROM txes WHERE txid=DECODE('%x', 'hex')", txid) - - dbTxRows, err := h.db.Queryx(dbTxQuery) - if err != nil { - log.Warn("unable to fetch transaction data from txes table", "transaction", fmt.Sprintf("%x", txid)) - return nil, err - } - defer dbTxRows.Close() - - dbTx := DbTransaction{} - if dbTxRows.Next() { - err := dbTxRows.StructScan(&dbTx) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from txes table", "transaction", fmt.Sprintf("%x", txid), "err", err) - return nil, nil // TODO: Err - } - - contBlockQuery := fmt.Sprintf("SELECT * FROM blocks WHERE hash=DECODE('%x', 'hex')", dbTx.Block) - - contBlockRows, err := h.db.Queryx(contBlockQuery) - if err != nil { - log.Warn("unable to fetch containing block data from blocks table", "block", - fmt.Sprintf("%x", dbTx.Block), "tx", fmt.Sprintf("%x", txid)) - return nil, err - } - defer contBlockRows.Close() - - dbContBlock := DbBlock{} - if contBlockRows.Next() { - err := contBlockRows.StructScan(&dbContBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from blocks table looking for containing block", - "transaction", fmt.Sprintf("%x", txid), "err", err) - return nil, nil // TODO: Err - } - - // TODO: Better query, or keep separate entry for tip in db - tipBlockQuery := fmt.Sprintf("SELECT * FROM blocks ORDER BY height DESC LIMIT 1") - - tipBlockRows, err := h.db.Queryx(tipBlockQuery) - if err != nil { - log.Warn("unable to fetch tip block data from blocks table") - return nil, err - } - defer tipBlockRows.Close() - - dbTipBlock := DbBlock{} - if tipBlockRows.Next() { - err := tipBlockRows.StructScan(&dbTipBlock) - if err != nil { - return nil, nil // TODO: Error handling - } - } else { - log.Warn("Error scanning query from blocks table looking for tip") - return nil, nil // TODO: Err - } - - inputsQuery := fmt.Sprintf("SELECT * FROM outputs WHERE spendtx=DECODE('%x', 'hex') ORDER BY spendindex ASC", txid) - - inputRows, err := h.db.Queryx(inputsQuery) - if err != nil { - log.Warn("unable to fetch outputs spent by transaction", "transaction", fmt.Sprintf("%x", txid)) - } - defer inputRows.Close() - - var inputs []Input - for inputRows.Next() { - o := DbOutput{} - err := inputRows.StructScan(&o) - if err != nil { - log.Warn("Error scanning query for inputs from outputs table", "transaction", fmt.Sprintf("%x", txid), "err", err) - return nil, err - } - - sequence := uint32(0) - if o.Sequence.Valid { - sequence = uint32(o.Sequence.Int64) - } - - input := Input{ - Coinbase: false, // TODO: Implement in db, currently no Coinbase inputs returned - Txid: o.Txid, // Input references TxID of origination transaction - SourceIndex: o.OutputIndex, - ScriptSig: o.ScriptSig, - Sequence: sequence, - Value: o.Value, - } - - inputs = append(inputs, input) - } - - outputsQuery := fmt.Sprintf("SELECT * FROM outputs WHERE txid=DECODE('%x', 'hex') ORDER BY outputindex ASC", txid) - - outputRows, err := h.db.Queryx(outputsQuery) - if err != nil { - log.Warn("unable to fetch outputs created by transaction", "transaction", fmt.Sprintf("%x", txid)) - } - defer outputRows.Close() - - var outputs []Output - for outputRows.Next() { - o := DbOutput{} - err := outputRows.StructScan(&o) - if err != nil { - log.Warn("Error scanning query for outputs from outputs table", "transaction", fmt.Sprintf("%x", txid), "err", err) - return nil, err - } - - spendIndex := uint32(0) // TODO: Max value and throw error if not changed - if o.SpendIndex.Valid { - spendIndex = uint32(o.SpendIndex.Int32) - } - - output := Output{ - Txid: o.Txid, - OutputIndex: o.OutputIndex, - Value: o.Value, - Spent: o.Spent, - SpendScript: o.SpendScript, - SpendIndex: spendIndex, - Address: &o.Address.String, - SpendTx: o.SpendTx, - } - - outputs = append(outputs, output) - } - - // TODO: Error handling if inputs or outputs have 0 rows - - transaction := FullTransaction{ - Txid: dbTx.Txid, - Size: dbTx.Size, - VSize: dbTx.VSize, - Version: dbTx.Version, - NLockTime: dbTx.NLockTime, - Block: dbTx.Block, - BlockIndex: dbContBlock.Height, - Confirmations: dbTipBlock.Height - dbContBlock.Height, - Inputs: inputs, - Outputs: outputs, - } - - return &transaction, nil -} - -type balResp struct { - sum uint64 `db:"sum"` -} - -func (h *PGHvmDb) GetBtcAddrUtxos(addr string, pg uint32, pgsize uint32) ([]DbOutput, error) { - // TODO: Review pagination efficiency - query := fmt.Sprintf("SELECT * FROM outputs WHERE address='%s' AND spent=false ORDER BY createBlock DESC, txindex DESC LIMIT %d OFFSET %d", addr, pgsize, pg*pgsize) - rows, err := h.db.Queryx(query) - if err != nil { - return nil, err - } - defer rows.Close() - - var utxos []DbOutput - for rows.Next() { - o := DbOutput{} - err := rows.StructScan(&o) - if err != nil { - log.Warn("unable to read a database row while getting UTXOs for BTC address %s, err: %v", addr, err) - return nil, nil // TODO: Error handling - } - - if o.Spent == false { - utxos = append(utxos, o) - } - } - - return utxos, nil -} - -type Sum struct { - Sum uint64 `db:"sum"` -} - -func (h *PGHvmDb) GetBtcAddrBal(addr string) (uint64, error) { - query := fmt.Sprintf("SELECT COALESCE(SUM(value), 0) as sum FROM outputs WHERE address='%s' AND spent=false", addr) - - rows, err := h.db.Queryx(query) - if err != nil { - return 0, err - } - defer rows.Close() - - sum := Sum{} - if rows.Next() { - err := rows.StructScan(&sum) - if err != nil { - return 0, nil // TODO: Error handling - } - - return sum.Sum, nil - } - - return 0, nil -} - -type BlockHeader struct { - Height uint32 - Hash []byte - Version uint32 - PrevHash []byte - MerkleRoot []byte - Timestamp uint32 - NBits uint32 - Nonce uint32 -} - -type DbBlock struct { - Hash []byte `db:"hash"` - Height uint32 `db:"height"` - MerkleRoot []byte `db:"merkleroot"` - Timestamp uint32 `db:"timestamp"` - NumTx uint32 `db:"numtx"` -} - -type Input struct { - Coinbase bool // TODO: Implement in DB - Txid []byte - SourceIndex uint32 - ScriptSig []byte - Sequence uint32 - Value uint64 -} - -type DbOutput struct { - Txid []byte `db:"txid"` - OutputIndex uint32 `db:"outputindex"` - TxIndex uint32 `db:"txindex"` - Value uint64 `db:"value"` - Spent bool `db:"spent"` - SpendScript []byte `db:"spendscript"` - CreateBlock uint32 `db:"createblock"` - Address sql.NullString `db:"address"` - ScriptSig []byte `db:"scriptsig"` - Witness []byte `db:"witness"` - SpendTx []byte `db:"spendtx"` - SpendIndex sql.NullInt32 `db:"spendindex"` - Sequence sql.NullInt64 `db:"sequence"` -} - -type Output struct { - Txid []byte - OutputIndex uint32 - Value uint64 - Spent bool - SpendScript []byte - SpendIndex uint32 - Address *string - SpendTx []byte -} - -type FullTransaction struct { - Txid []byte - Size uint32 - VSize uint32 - Version uint32 - NLockTime uint32 - Block []byte - BlockIndex uint32 - Confirmations uint32 - Inputs []Input - Outputs []Output -} - -type DbTransaction struct { - Txid []byte `db:"txid"` - Size uint32 `db:"size"` - VSize uint32 `db:"vsize"` - Version uint32 `db:"version"` - NLockTime uint32 `db:"nlocktime"` - Block []byte `db:"block"` - Index uint32 `db:"index"` -} diff --git a/go.mod b/go.mod index 4464198603..5723d40f9e 100644 --- a/go.mod +++ b/go.mod @@ -50,11 +50,9 @@ require ( github.com/influxdata/influxdb1-client v0.0.0-20220302092344-a9ab5670611c github.com/jackpal/go-nat-pmp v1.0.2 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 - github.com/jmoiron/sqlx v1.3.5 github.com/julienschmidt/httprouter v1.3.0 github.com/karalabe/usb v0.0.2 github.com/kylelemons/godebug v1.1.0 - github.com/lib/pq v1.10.9 github.com/mattn/go-colorable v0.1.13 github.com/mattn/go-isatty v0.0.17 github.com/naoina/toml v0.1.2-0.20170918210437-9fafd6967416 diff --git a/go.sum b/go.sum index 4167f30ee5..78c632f046 100644 --- a/go.sum +++ b/go.sum @@ -240,8 +240,6 @@ github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-sourcemap/sourcemap v2.1.3+incompatible h1:W1iEw64niKVGogNgBN3ePyLFfuisuzeidWPMPWmECqU= github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg= -github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= @@ -349,8 +347,6 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= -github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -396,9 +392,6 @@ github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4F github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k= github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c= github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8= -github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= -github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed h1:036IscGBfJsFIgJQzlui7nK1Ncm0tp2ktmPj8xO4N/0= github.com/lufia/plan9stats v0.0.0-20231016141302-07b5767bb0ed/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k= github.com/lunixbochs/vtclean v0.0.0-20160125035106-4fbf7632a2c6/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= @@ -428,8 +421,6 @@ github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg= -github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/mediocregopher/mediocre-go-lib v0.0.0-20181029021733-cb65787f37ed/go.mod h1:dSsfyI2zABAdhcbvkXqgxOxrCsbYeHCPgrZkku60dSg= github.com/mediocregopher/radix/v3 v3.3.0/go.mod h1:EmfVyvspXz1uZEyPBMyGK+kjWiKQGvsUt6O3Pj+LDCQ=