ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 04:57:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[CORDA-2294]: Improved exception thrown by AttachmentsClassLoader when attachment uploader is not trusted. (#4373)

Browse Source
This commit is contained in:
Michele Sollecito 2018-12-06 11:19:40 +00:00 committed by GitHub
parent ad48301149
commit 2833013119
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/kotlin/net/corda/core/serialization/MissingAttachmentsException.kt
View File

@ -7,4 +7,7 @@ import net.corda.core.crypto.SecureHash
/** Thrown during deserialization to indicate that an attachment needed to construct the [WireTransaction] is not found. */
@KeepForDJVM
@CordaSerializable
class MissingAttachmentsException(val ids: List<SecureHash>) : CordaException()
class MissingAttachmentsException(val ids: List<SecureHash>, message: String?) : CordaException(message) {
constructor(ids: List<SecureHash>) : this(ids, null)
}

6
core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
View File

@ -9,6 +9,7 @@ import net.corda.core.internal.VisibleForTesting
import net.corda.core.internal.createSimpleCache
import net.corda.core.internal.isUploaderTrusted
import net.corda.core.internal.toSynchronised
import net.corda.core.serialization.MissingAttachmentsException
import net.corda.core.serialization.SerializationFactory
import net.corda.core.serialization.internal.AttachmentURLStreamHandlerFactory.toUrl
import net.corda.core.utilities.contextLogger
@ -29,8 +30,9 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
URLClassLoader(attachments.map(::toUrl).toTypedArray(), parent) {
init {
require(attachments.mapNotNull { it as? ContractAttachment }.all { isUploaderTrusted(it.uploader) }) {
"Attempting to load Contract Attachments downloaded from the network"
val untrusted = attachments.mapNotNull { it as? ContractAttachment }.filterNot { isUploaderTrusted(it.uploader) }.map(ContractAttachment::id)
if(untrusted.isNotEmpty()) {
throw MissingAttachmentsException(untrusted, "Attempting to load Contract Attachments downloaded from the network")
}
requireNoDuplicates(attachments)
}

2
docs/source/changelog.rst
View File

@ -26,6 +26,8 @@ Unreleased
* Fixed a bug resulting in poor vault query performance and incorrect results when sorting.
* Improved exception thrown by `AttachmentsClassLoader` when an attachment cannot be used because its uploader is not trusted.
* Marked the ``Attachment`` interface as ``@DoNotImplement`` because it is not meant to be extended by CorDapp developers. If you have already
done so, please get in contact on the usual communication channels.