LCOV - code coverage report
Current view: top level - src/rpc - request.cpp (source / functions) Coverage Total Hit
Test: fuzz_coverage.info Lines: 4.0 % 126 5
Test Date: 2024-11-04 04:15:01 Functions: 11.1 % 9 1
Branches: 2.4 % 252 6

             Branch data     Line data    Source code
       1                 :             : // Copyright (c) 2010 Satoshi Nakamoto
       2                 :             : // Copyright (c) 2009-2022 The Bitcoin Core developers
       3                 :             : // Distributed under the MIT software license, see the accompanying
       4                 :             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       5                 :             : 
       6                 :             : #include <rpc/request.h>
       7                 :             : 
       8                 :             : #include <common/args.h>
       9                 :             : #include <logging.h>
      10                 :             : #include <random.h>
      11                 :             : #include <rpc/protocol.h>
      12                 :             : #include <util/fs.h>
      13                 :             : #include <util/fs_helpers.h>
      14                 :             : #include <util/strencodings.h>
      15                 :             : 
      16                 :             : #include <fstream>
      17                 :             : #include <stdexcept>
      18                 :             : #include <string>
      19                 :             : #include <vector>
      20                 :             : 
      21                 :             : /**
      22                 :             :  * JSON-RPC protocol.  Bitcoin speaks version 1.0 for maximum compatibility,
      23                 :             :  * but uses JSON-RPC 1.1/2.0 standards for parts of the 1.0 standard that were
      24                 :             :  * unspecified (HTTP errors and contents of 'error').
      25                 :             :  *
      26                 :             :  * 1.0 spec: http://json-rpc.org/wiki/specification
      27                 :             :  * 1.2 spec: http://jsonrpc.org/historical/json-rpc-over-http.html
      28                 :             :  *
      29                 :             :  * If the server receives a request with the JSON-RPC 2.0 marker `{"jsonrpc": "2.0"}`
      30                 :             :  * then Bitcoin will respond with a strictly specified response.
      31                 :             :  * It will only return an HTTP error code if an actual HTTP error is encountered
      32                 :             :  * such as the endpoint is not found (404) or the request is not formatted correctly (500).
      33                 :             :  * Otherwise the HTTP code is always OK (200) and RPC errors will be included in the
      34                 :             :  * response body.
      35                 :             :  *
      36                 :             :  * 2.0 spec: https://www.jsonrpc.org/specification
      37                 :             :  *
      38                 :             :  * Also see http://www.simple-is-better.org/rpc/#differences-between-1-0-and-2-0
      39                 :             :  */
      40                 :             : 
      41                 :           0 : UniValue JSONRPCRequestObj(const std::string& strMethod, const UniValue& params, const UniValue& id)
      42                 :             : {
      43                 :           0 :     UniValue request(UniValue::VOBJ);
      44   [ #  #  #  #  :           0 :     request.pushKV("method", strMethod);
                   #  # ]
      45   [ #  #  #  #  :           0 :     request.pushKV("params", params);
                   #  # ]
      46   [ #  #  #  #  :           0 :     request.pushKV("id", id);
                   #  # ]
      47   [ #  #  #  #  :           0 :     request.pushKV("jsonrpc", "2.0");
                   #  # ]
      48                 :           0 :     return request;
      49                 :           0 : }
      50                 :             : 
      51                 :           0 : UniValue JSONRPCReplyObj(UniValue result, UniValue error, std::optional<UniValue> id, JSONRPCVersion jsonrpc_version)
      52                 :             : {
      53                 :           0 :     UniValue reply(UniValue::VOBJ);
      54                 :             :     // Add JSON-RPC version number field in v2 only.
      55   [ #  #  #  #  :           0 :     if (jsonrpc_version == JSONRPCVersion::V2) reply.pushKV("jsonrpc", "2.0");
             #  #  #  # ]
      56                 :             : 
      57                 :             :     // Add both result and error fields in v1, even though one will be null.
      58                 :             :     // Omit the null field in v2.
      59         [ #  # ]:           0 :     if (error.isNull()) {
      60   [ #  #  #  # ]:           0 :         reply.pushKV("result", std::move(result));
      61   [ #  #  #  #  :           0 :         if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("error", NullUniValue);
             #  #  #  # ]
      62                 :             :     } else {
      63   [ #  #  #  #  :           0 :         if (jsonrpc_version == JSONRPCVersion::V1_LEGACY) reply.pushKV("result", NullUniValue);
             #  #  #  # ]
      64   [ #  #  #  # ]:           0 :         reply.pushKV("error", std::move(error));
      65                 :             :     }
      66   [ #  #  #  #  :           0 :     if (id.has_value()) reply.pushKV("id", std::move(id.value()));
                   #  # ]
      67                 :           0 :     return reply;
      68                 :           0 : }
      69                 :             : 
      70                 :       23160 : UniValue JSONRPCError(int code, const std::string& message)
      71                 :             : {
      72                 :       23160 :     UniValue error(UniValue::VOBJ);
      73   [ +  -  +  -  :       46320 :     error.pushKV("code", code);
                   +  - ]
      74   [ +  -  +  -  :       46320 :     error.pushKV("message", message);
                   +  - ]
      75                 :       23160 :     return error;
      76                 :           0 : }
      77                 :             : 
      78                 :             : /** Username used when cookie authentication is in use (arbitrary, only for
      79                 :             :  * recognizability in debugging/logging purposes)
      80                 :             :  */
      81                 :             : static const std::string COOKIEAUTH_USER = "__cookie__";
      82                 :             : /** Default name for auth cookie file */
      83                 :             : static const char* const COOKIEAUTH_FILE = ".cookie";
      84                 :             : 
      85                 :             : /** Get name of RPC authentication cookie file */
      86                 :           0 : static fs::path GetAuthCookieFile(bool temp=false)
      87                 :             : {
      88   [ #  #  #  # ]:           0 :     fs::path arg = gArgs.GetPathArg("-rpccookiefile", COOKIEAUTH_FILE);
      89         [ #  # ]:           0 :     if (temp) {
      90         [ #  # ]:           0 :         arg += ".tmp";
      91                 :             :     }
      92         [ #  # ]:           0 :     return AbsPathForConfigVal(gArgs, arg);
      93                 :           0 : }
      94                 :             : 
      95                 :             : static bool g_generated_cookie = false;
      96                 :             : 
      97                 :           0 : bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms)
      98                 :             : {
      99                 :           0 :     const size_t COOKIE_SIZE = 32;
     100                 :           0 :     unsigned char rand_pwd[COOKIE_SIZE];
     101                 :           0 :     GetRandBytes(rand_pwd);
     102   [ #  #  #  # ]:           0 :     std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
     103                 :             : 
     104                 :             :     /** the umask determines what permissions are used to create this file -
     105                 :             :      * these are set to 0077 in common/system.cpp.
     106                 :             :      */
     107         [ #  # ]:           0 :     std::ofstream file;
     108         [ #  # ]:           0 :     fs::path filepath_tmp = GetAuthCookieFile(true);
     109         [ #  # ]:           0 :     file.open(filepath_tmp);
     110         [ #  # ]:           0 :     if (!file.is_open()) {
     111   [ #  #  #  # ]:           0 :         LogInfo("Unable to open cookie authentication file %s for writing\n", fs::PathToString(filepath_tmp));
     112                 :           0 :         return false;
     113                 :             :     }
     114         [ #  # ]:           0 :     file << cookie;
     115         [ #  # ]:           0 :     file.close();
     116                 :             : 
     117         [ #  # ]:           0 :     fs::path filepath = GetAuthCookieFile(false);
     118   [ #  #  #  #  :           0 :     if (!RenameOver(filepath_tmp, filepath)) {
             #  #  #  # ]
     119   [ #  #  #  #  :           0 :         LogInfo("Unable to rename cookie authentication file %s to %s\n", fs::PathToString(filepath_tmp), fs::PathToString(filepath));
                   #  # ]
     120                 :           0 :         return false;
     121                 :             :     }
     122         [ #  # ]:           0 :     if (cookie_perms) {
     123                 :           0 :         std::error_code code;
     124                 :           0 :         fs::permissions(filepath, cookie_perms.value(), fs::perm_options::replace, code);
     125         [ #  # ]:           0 :         if (code) {
     126   [ #  #  #  # ]:           0 :             LogInfo("Unable to set permissions on cookie authentication file %s\n", fs::PathToString(filepath_tmp));
     127                 :           0 :             return false;
     128                 :             :         }
     129                 :             :     }
     130                 :             : 
     131                 :           0 :     g_generated_cookie = true;
     132   [ #  #  #  # ]:           0 :     LogInfo("Generated RPC authentication cookie %s\n", fs::PathToString(filepath));
     133   [ #  #  #  #  :           0 :     LogInfo("Permissions used for cookie: %s\n", PermsToSymbolicString(fs::status(filepath).permissions()));
                   #  # ]
     134                 :             : 
     135         [ #  # ]:           0 :     if (cookie_out)
     136         [ #  # ]:           0 :         *cookie_out = cookie;
     137                 :             :     return true;
     138                 :           0 : }
     139                 :             : 
     140                 :           0 : bool GetAuthCookie(std::string *cookie_out)
     141                 :             : {
     142                 :           0 :     std::ifstream file;
     143         [ #  # ]:           0 :     std::string cookie;
     144         [ #  # ]:           0 :     fs::path filepath = GetAuthCookieFile();
     145         [ #  # ]:           0 :     file.open(filepath);
     146         [ #  # ]:           0 :     if (!file.is_open())
     147                 :             :         return false;
     148         [ #  # ]:           0 :     std::getline(file, cookie);
     149         [ #  # ]:           0 :     file.close();
     150                 :             : 
     151         [ #  # ]:           0 :     if (cookie_out)
     152         [ #  # ]:           0 :         *cookie_out = cookie;
     153                 :             :     return true;
     154                 :           0 : }
     155                 :             : 
     156                 :           0 : void DeleteAuthCookie()
     157                 :             : {
     158                 :           0 :     try {
     159         [ #  # ]:           0 :         if (g_generated_cookie) {
     160                 :             :             // Delete the cookie file if it was generated by this process
     161   [ #  #  #  # ]:           0 :             fs::remove(GetAuthCookieFile());
     162                 :             :         }
     163         [ -  - ]:           0 :     } catch (const fs::filesystem_error& e) {
     164   [ -  -  -  - ]:           0 :         LogPrintf("%s: Unable to remove random auth cookie file: %s\n", __func__, fsbridge::get_filesystem_error_message(e));
     165                 :           0 :     }
     166                 :           0 : }
     167                 :             : 
     168                 :           0 : std::vector<UniValue> JSONRPCProcessBatchReply(const UniValue& in)
     169                 :             : {
     170         [ #  # ]:           0 :     if (!in.isArray()) {
     171         [ #  # ]:           0 :         throw std::runtime_error("Batch must be an array");
     172                 :             :     }
     173                 :           0 :     const size_t num {in.size()};
     174                 :           0 :     std::vector<UniValue> batch(num);
     175   [ #  #  #  # ]:           0 :     for (const UniValue& rec : in.getValues()) {
     176         [ #  # ]:           0 :         if (!rec.isObject()) {
     177         [ #  # ]:           0 :             throw std::runtime_error("Batch member must be an object");
     178                 :             :         }
     179   [ #  #  #  #  :           0 :         size_t id = rec["id"].getInt<int>();
                   #  # ]
     180         [ #  # ]:           0 :         if (id >= num) {
     181         [ #  # ]:           0 :             throw std::runtime_error("Batch member id is larger than batch size");
     182                 :             :         }
     183         [ #  # ]:           0 :         batch[id] = rec;
     184                 :             :     }
     185                 :           0 :     return batch;
     186                 :           0 : }
     187                 :             : 
     188                 :           0 : void JSONRPCRequest::parse(const UniValue& valRequest)
     189                 :             : {
     190                 :             :     // Parse request
     191         [ #  # ]:           0 :     if (!valRequest.isObject())
     192   [ #  #  #  # ]:           0 :         throw JSONRPCError(RPC_INVALID_REQUEST, "Invalid Request object");
     193                 :           0 :     const UniValue& request = valRequest.get_obj();
     194                 :             : 
     195                 :             :     // Parse id now so errors from here on will have the id
     196         [ #  # ]:           0 :     if (request.exists("id")) {
     197                 :           0 :         id = request.find_value("id");
     198                 :             :     } else {
     199                 :           0 :         id = std::nullopt;
     200                 :             :     }
     201                 :             : 
     202                 :             :     // Check for JSON-RPC 2.0 (default 1.1)
     203                 :           0 :     m_json_version = JSONRPCVersion::V1_LEGACY;
     204                 :           0 :     const UniValue& jsonrpc_version = request.find_value("jsonrpc");
     205         [ #  # ]:           0 :     if (!jsonrpc_version.isNull()) {
     206         [ #  # ]:           0 :         if (!jsonrpc_version.isStr()) {
     207   [ #  #  #  # ]:           0 :             throw JSONRPCError(RPC_INVALID_REQUEST, "jsonrpc field must be a string");
     208                 :             :         }
     209                 :             :         // The "jsonrpc" key was added in the 2.0 spec, but some older documentation
     210                 :             :         // incorrectly included {"jsonrpc":"1.0"} in a request object, so we
     211                 :             :         // maintain that for backwards compatibility.
     212         [ #  # ]:           0 :         if (jsonrpc_version.get_str() == "1.0") {
     213                 :           0 :             m_json_version = JSONRPCVersion::V1_LEGACY;
     214         [ #  # ]:           0 :         } else if (jsonrpc_version.get_str() == "2.0") {
     215                 :           0 :             m_json_version = JSONRPCVersion::V2;
     216                 :             :         } else {
     217   [ #  #  #  # ]:           0 :             throw JSONRPCError(RPC_INVALID_REQUEST, "JSON-RPC version not supported");
     218                 :             :         }
     219                 :             :     }
     220                 :             : 
     221                 :             :     // Parse method
     222                 :           0 :     const UniValue& valMethod{request.find_value("method")};
     223         [ #  # ]:           0 :     if (valMethod.isNull())
     224   [ #  #  #  # ]:           0 :         throw JSONRPCError(RPC_INVALID_REQUEST, "Missing method");
     225         [ #  # ]:           0 :     if (!valMethod.isStr())
     226   [ #  #  #  # ]:           0 :         throw JSONRPCError(RPC_INVALID_REQUEST, "Method must be a string");
     227                 :           0 :     strMethod = valMethod.get_str();
     228         [ #  # ]:           0 :     if (fLogIPs)
     229   [ #  #  #  # ]:           0 :         LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s peeraddr=%s\n", SanitizeString(strMethod),
     230                 :             :             this->authUser, this->peerAddr);
     231                 :             :     else
     232   [ #  #  #  # ]:           0 :         LogDebug(BCLog::RPC, "ThreadRPCServer method=%s user=%s\n", SanitizeString(strMethod), this->authUser);
     233                 :             : 
     234                 :             :     // Parse params
     235                 :           0 :     const UniValue& valParams{request.find_value("params")};
     236   [ #  #  #  # ]:           0 :     if (valParams.isArray() || valParams.isObject())
     237                 :           0 :         params = valParams;
     238         [ #  # ]:           0 :     else if (valParams.isNull())
     239                 :           0 :         params = UniValue(UniValue::VARR);
     240                 :             :     else
     241   [ #  #  #  # ]:           0 :         throw JSONRPCError(RPC_INVALID_REQUEST, "Params must be an array or object");
     242                 :           0 : }
        

Generated by: LCOV version 2.0-1