ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-21 05:53:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

[CORDA-2294]: Improved exception thrown by AttachmentsClassLoader when attachment uploader is not trusted. (#4373)

Browse Source
This commit is contained in:
Michele Sollecito 2018-12-06 11:19:40 +00:00 committed by GitHub
parent ad48301149
commit 2833013119
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/kotlin/net/corda/core/serialization/MissingAttachmentsException.kt
View File

@ -7,4 +7,7 @@ import net.corda.core.crypto.SecureHash
/** Thrown during deserialization to indicate that an attachment needed to construct the [WireTransaction] is not found. */ /** Thrown during deserialization to indicate that an attachment needed to construct the [WireTransaction] is not found. */
@KeepForDJVM @KeepForDJVM
@CordaSerializable @CordaSerializable
class MissingAttachmentsException(val ids: List<SecureHash>) : CordaException() class MissingAttachmentsException(val ids: List<SecureHash>, message: String?) : CordaException(message) {
constructor(ids: List<SecureHash>) : this(ids, null)
}

6
core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
View File

@ -9,6 +9,7 @@ import net.corda.core.internal.VisibleForTesting
import net.corda.core.internal.createSimpleCache import net.corda.core.internal.createSimpleCache
import net.corda.core.internal.isUploaderTrusted import net.corda.core.internal.isUploaderTrusted
import net.corda.core.internal.toSynchronised import net.corda.core.internal.toSynchronised
import net.corda.core.serialization.MissingAttachmentsException
import net.corda.core.serialization.SerializationFactory import net.corda.core.serialization.SerializationFactory
import net.corda.core.serialization.internal.AttachmentURLStreamHandlerFactory.toUrl import net.corda.core.serialization.internal.AttachmentURLStreamHandlerFactory.toUrl
import net.corda.core.utilities.contextLogger import net.corda.core.utilities.contextLogger
@ -29,8 +30,9 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
URLClassLoader(attachments.map(::toUrl).toTypedArray(), parent) { URLClassLoader(attachments.map(::toUrl).toTypedArray(), parent) {
init { init {
require(attachments.mapNotNull { it as? ContractAttachment }.all { isUploaderTrusted(it.uploader) }) { val untrusted = attachments.mapNotNull { it as? ContractAttachment }.filterNot { isUploaderTrusted(it.uploader) }.map(ContractAttachment::id)
"Attempting to load Contract Attachments downloaded from the network" if(untrusted.isNotEmpty()) {
throw MissingAttachmentsException(untrusted, "Attempting to load Contract Attachments downloaded from the network")
} }
requireNoDuplicates(attachments) requireNoDuplicates(attachments)
} }

2
docs/source/changelog.rst
View File

@ -26,6 +26,8 @@ Unreleased
* Fixed a bug resulting in poor vault query performance and incorrect results when sorting. * Fixed a bug resulting in poor vault query performance and incorrect results when sorting.
* Improved exception thrown by `AttachmentsClassLoader` when an attachment cannot be used because its uploader is not trusted.
* Marked the ``Attachment`` interface as ``@DoNotImplement`` because it is not meant to be extended by CorDapp developers. If you have already * Marked the ``Attachment`` interface as ``@DoNotImplement`` because it is not meant to be extended by CorDapp developers. If you have already
done so, please get in contact on the usual communication channels. done so, please get in contact on the usual communication channels.