ENT-6588 Restrict database operations platform flag (#7053)

* ENT-6588 Restrict database operations platform flag Put the restricting of database operations in `RestrictedConnection` and `RestrictedEntityManager` behind a platform version flag. `RESTRICTED_DATABASE_OPERATIONS = 7` was added to signify this. If the version is less than 7, then the database operations will not be restricted. A warning is logged to indicate that they are using potentially dangerous methods. If the version is 7 or greater, then the database operations are restricted and throw an error if called.
2025-06-12 20:28:18 +00:00 · 2022-02-08 10:06:44 +00:00
parent 5c052e9273
commit fa739fc467
9 changed files with 559 additions and 124 deletions
--- a/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/persistence/RestrictedConnectionFlowTest.kt
+++ b/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/persistence/RestrictedConnectionFlowTest.kt
@ -4,14 +4,15 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.InitiatingFlow
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.core.utilities.getOrThrow
 import net.corda.nodeapi.internal.persistence.RestrictedConnection
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.enclosedCordapp
 import org.assertj.core.api.Assertions
 import org.junit.After
-import org.junit.Before
 import org.junit.Test
 import kotlin.test.assertTrue

@ -38,40 +39,63 @@ class RestrictedConnectionFlowTest {
    }

    @InitiatingFlow
-    class TestCloseMethodIsBlocked : FlowLogic<Unit>() {
+    class TestClearWarningsMethodIsBlocked : FlowLogic<Unit>() {
        @Suspendable
        override fun call() {
            val connection = serviceHub.jdbcSession()
-            connection.close()
+            connection.clearWarnings()
        }
    }

-    @Before
-    fun init() {
-        mockNetwork = MockNetwork(MockNetworkParameters())
-        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
-    }
-
    @After
    fun done() {
        mockNetwork.stopNodes()
    }

    @Test(timeout=300_000)
-    fun testIfItIsRestrictedConnection() {
+    fun `restricted connection is returned from ServiceHub#jdbcSession`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = PLATFORM_VERSION))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
        assertTrue { aliceNode.startFlow(TestIfItIsRestrictedConnection()).get() }
        mockNetwork.runNetwork()
    }

    @Test(timeout=300_000)
-    fun testMethodsAreBlocked() {
+    fun `restricted methods are blocked when the target platform is the current corda version`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = PLATFORM_VERSION))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
                .isThrownBy { aliceNode.startFlow(TestAutoCommitMethodIsBlocked()).getOrThrow() }
-                .withMessageContaining("This method cannot be called via ServiceHub.jdbcSession.")
+                .withMessageContaining("ServiceHub.jdbcSession.setAutoCommit is restricted and cannot be called")

        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
-                .isThrownBy { aliceNode.startFlow(TestCloseMethodIsBlocked()).getOrThrow() }
-                .withMessageContaining("This method cannot be called via ServiceHub.jdbcSession.")
+                .isThrownBy { aliceNode.startFlow(TestClearWarningsMethodIsBlocked()).getOrThrow() }
+                .withMessageContaining("ServiceHub.jdbcSession.clearWarnings is restricted and cannot be called")
+
+        mockNetwork.runNetwork()
+    }
+
+    @Test(timeout=300_000)
+    fun `restricted methods are blocked when the target platform is 7`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = 7))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
+        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
+            .isThrownBy { aliceNode.startFlow(TestAutoCommitMethodIsBlocked()).getOrThrow() }
+            .withMessageContaining("ServiceHub.jdbcSession.setAutoCommit is restricted and cannot be called")
+
+        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
+            .isThrownBy { aliceNode.startFlow(TestClearWarningsMethodIsBlocked()).getOrThrow() }
+            .withMessageContaining("ServiceHub.jdbcSession.clearWarnings is restricted and cannot be called")
+
+        mockNetwork.runNetwork()
+    }
+
+    @Test(timeout=300_000)
+    fun `restricted methods are not blocked when the target platform is 6`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = 6))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
+        aliceNode.startFlow(TestAutoCommitMethodIsBlocked()).getOrThrow()
+        aliceNode.startFlow(TestClearWarningsMethodIsBlocked()).getOrThrow()

        mockNetwork.runNetwork()
    }
--- a/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/persistence/RestrictedEntityManagerFlowTest.kt
+++ b/node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/persistence/RestrictedEntityManagerFlowTest.kt
@ -4,14 +4,15 @@ import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.InitiatingFlow
 import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.PLATFORM_VERSION
 import net.corda.core.utilities.getOrThrow
 import net.corda.nodeapi.internal.persistence.RestrictedEntityManager
 import net.corda.testing.node.MockNetwork
 import net.corda.testing.node.MockNetworkParameters
 import net.corda.testing.node.StartedMockNode
+import net.corda.testing.node.internal.enclosedCordapp
 import org.assertj.core.api.Assertions
 import org.junit.After
-import org.junit.Before
 import org.junit.Test
 import kotlin.test.assertTrue

@ -25,7 +26,7 @@ class RestrictedEntityManagerFlowTest {
        @Suspendable
        override fun call() : Boolean {
            var result = false
-            serviceHub.withEntityManager() {
+            serviceHub.withEntityManager {
                result = this is RestrictedEntityManager
            }
            return result
@ -33,11 +34,11 @@ class RestrictedEntityManagerFlowTest {
    }

    @InitiatingFlow
-    class TestCloseMethodIsBlocked : FlowLogic<Unit>() {
+    class TestGetMetamodelMethodIsBlocked : FlowLogic<Unit>() {
        @Suspendable
        override fun call() {
-            serviceHub.withEntityManager() {
-                this.close()
+            serviceHub.withEntityManager {
+                this.metamodel
            }
        }
    }
@ -46,38 +47,61 @@ class RestrictedEntityManagerFlowTest {
    class TestJoinTransactionMethodIsBlocked : FlowLogic<Unit>() {
        @Suspendable
        override fun call() {
-            serviceHub.withEntityManager() {
+            serviceHub.withEntityManager {
                this.joinTransaction()
            }
        }
    }

-    @Before
-    fun init() {
-        mockNetwork = MockNetwork(MockNetworkParameters())
-        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
-    }
-
    @After
    fun done() {
        mockNetwork.stopNodes()
    }

    @Test(timeout=300_000)
-    fun testIfItIsRestrictedConnection() {
+    fun `restricted connection is returned from ServiceHub#withEntityManager`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = PLATFORM_VERSION))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
        assertTrue { aliceNode.startFlow(TestIfItIsRestrictedEntityManager()).get() }
        mockNetwork.runNetwork()
    }

    @Test(timeout=300_000)
-    fun testMethodsAreBlocked() {
+    fun `restricted methods are blocked when the target platform is the current corda version`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = PLATFORM_VERSION))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
-                .isThrownBy { aliceNode.startFlow(TestCloseMethodIsBlocked()).getOrThrow() }
-                .withMessageContaining("This method cannot be called via ServiceHub.withEntityManager.")
+                .isThrownBy { aliceNode.startFlow(TestGetMetamodelMethodIsBlocked()).getOrThrow() }
+                .withMessageContaining("ServiceHub.withEntityManager.getMetamodel is restricted and cannot be called")

        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
                .isThrownBy { aliceNode.startFlow(TestJoinTransactionMethodIsBlocked()).getOrThrow() }
-                .withMessageContaining("This method cannot be called via ServiceHub.withEntityManager.")
+                .withMessageContaining("ServiceHub.withEntityManager.joinTransaction is restricted and cannot be called")
+
+        mockNetwork.runNetwork()
+    }
+
+    @Test(timeout=300_000)
+    fun `restricted methods are blocked when the target platform is 7`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = 7))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
+        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
+            .isThrownBy { aliceNode.startFlow(TestGetMetamodelMethodIsBlocked()).getOrThrow() }
+            .withMessageContaining("ServiceHub.withEntityManager.getMetamodel is restricted and cannot be called")
+
+        Assertions.assertThatExceptionOfType(UnsupportedOperationException::class.java)
+            .isThrownBy { aliceNode.startFlow(TestJoinTransactionMethodIsBlocked()).getOrThrow() }
+            .withMessageContaining("ServiceHub.withEntityManager.joinTransaction is restricted and cannot be called")
+
+        mockNetwork.runNetwork()
+    }
+
+    @Test(timeout=300_000)
+    fun `restricted methods are not blocked when the target platform is 6`() {
+        mockNetwork = MockNetwork(MockNetworkParameters(listOf(enclosedCordapp().copy(targetPlatformVersion = 6))))
+        aliceNode = mockNetwork.createPartyNode(CordaX500Name("Alice", "London", "GB"))
+        aliceNode.startFlow(TestGetMetamodelMethodIsBlocked()).getOrThrow()
+        aliceNode.startFlow(TestJoinTransactionMethodIsBlocked()).getOrThrow()

        mockNetwork.runNetwork()
    }