Skip to content

Commit acd37f8

Browse files
matiumatiu
authored
Merge pull request bitpay#2310 from micahriggan/fix/string-limits
Validating addresses and putting a length limit on wallet name
2 parents cc8e090 + fd019fc commit acd37f8

File tree

3 files changed

+12
-1
lines changed

3 files changed

+12
-1
lines changed

packages/bitcore-node/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@
7676
"dependencies": {
7777
"JSONStream": "~1.3.1",
7878
"async": "^2.5.0",
79+
"crypto-wallet-core": "^8.5.1",
7980
"bitcore-client": "^8.5.1",
8081
"bitcore-lib": "^8.5.1",
8182
"bitcore-lib-cash": "^8.5.1",

packages/bitcore-node/src/routes/api/wallet.ts

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import { ChainNetwork } from '../../types/ChainNetwork';
44
import { IWallet } from '../../models/wallet';
55
import { RequestHandler } from 'express-serve-static-core';
66
import { ChainStateProvider } from '../../providers/chain-state';
7+
import { Validation } from 'crypto-wallet-core';
78
import logger from '../../logger';
89
import { MongoBound } from '../../models/base';
910
const router = Router({ mergeParams: true });
@@ -85,6 +86,9 @@ router.post('/', async function(req, res) {
8586
if (existingWallet) {
8687
return res.status(200).send('Wallet already exists');
8788
}
89+
if (name.length > 255) {
90+
return res.status(413).send('String length exceeds limit');
91+
}
8892
let result = await ChainStateProvider.createWallet({
8993
chain,
9094
network,
@@ -155,6 +159,11 @@ router.post('/:pubKey', authenticate, async (req: AuthenticatedRequest, res) =>
155159
let keepAlive;
156160
try {
157161
let addresses = addressLines.map(({ address }) => address);
162+
for (const address of addresses) {
163+
if (!Validation.validateAddress(chain, network, address)) {
164+
return res.status(413).send('Invalid address');
165+
}
166+
}
158167
res.status(200);
159168
keepAlive = setInterval(() => {
160169
res.write('\n');

packages/bitcore-node/test/integration/websocket.integration.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ const network = 'regtest';
1414
const chainConfig = config.chains[chain][network];
1515
const creds = chainConfig.rpc;
1616
const rpc = new AsyncRPC(creds.username, creds.password, creds.host, creds.port);
17-
const anAddress = 'mkzAfSHtmTh5Xsc352jf6TBPj55Lne5g21';
17+
let anAddress;
1818

1919
function getSocket() {
2020
const socket = io.connect(
@@ -51,6 +51,7 @@ describe('Websockets', function() {
5151
it('should get a new block when one is generated', async () => {
5252
await p2pWorker.start();
5353

54+
anAddress = await rpc.getnewaddress('');
5455
await rpc.call('generatetoaddress', [5, anAddress]);
5556
await p2pWorker.syncDone();
5657
const beforeGenTip = await BlockStorage.getLocalTip({ chain, network });

0 commit comments

Comments
 (0)