fix validation in chain write capability (#15191)

* fix validation in chain write capability * add unit tests * address comments
smartcontractkit · Nov 19, 2024 · 570c23f · 570c23f
1 parent 154d11f
commit 570c23f
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 8 deletions.
diff --git a/core/capabilities/targets/write_target.go b/core/capabilities/targets/write_target.go
@@ -7,6 +7,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"math/big"
+	"strings"
 	"time"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -186,15 +187,23 @@ func evaluate(rawRequest capabilities.CapabilityRequest) (r Request, err error)
 	}
 
 	if hex.EncodeToString(reportMetadata.WorkflowExecutionID[:]) != rawRequest.Metadata.WorkflowExecutionID {
-		return r, fmt.Errorf("WorkflowExecutionID in the report does not match WorkflowExecutionID in the request metadata. Report WorkflowExecutionID: %+v, request WorkflowExecutionID: %+v", reportMetadata.WorkflowExecutionID, rawRequest.Metadata.WorkflowExecutionID)
+		return r, fmt.Errorf("WorkflowExecutionID in the report does not match WorkflowExecutionID in the request metadata. Report WorkflowExecutionID: %+v, request WorkflowExecutionID: %+v", hex.EncodeToString(reportMetadata.WorkflowExecutionID[:]), rawRequest.Metadata.WorkflowExecutionID)
 	}
 
-	if hex.EncodeToString(reportMetadata.WorkflowOwner[:]) != rawRequest.Metadata.WorkflowOwner {
-		return r, fmt.Errorf("WorkflowOwner in the report does not match WorkflowOwner in the request metadata. Report WorkflowOwner: %+v, request WorkflowOwner: %+v", reportMetadata.WorkflowOwner, rawRequest.Metadata.WorkflowOwner)
+	// case-insensitive verification of the owner address (so that a check-summed address matches its non-checksummed version).
+	if !strings.EqualFold(hex.EncodeToString(reportMetadata.WorkflowOwner[:]), rawRequest.Metadata.WorkflowOwner) {
+		return r, fmt.Errorf("WorkflowOwner in the report does not match WorkflowOwner in the request metadata. Report WorkflowOwner: %+v, request WorkflowOwner: %+v", hex.EncodeToString(reportMetadata.WorkflowOwner[:]), rawRequest.Metadata.WorkflowOwner)
 	}
 
-	if hex.EncodeToString(reportMetadata.WorkflowName[:]) != rawRequest.Metadata.WorkflowName {
-		return r, fmt.Errorf("WorkflowName in the report does not match WorkflowName in the request metadata. Report WorkflowName: %+v, request WorkflowName: %+v", reportMetadata.WorkflowName, rawRequest.Metadata.WorkflowName)
+	// workflowNames are padded to 10bytes
+	decodedName, err := hex.DecodeString(rawRequest.Metadata.WorkflowName)
+	if err != nil {
+		return r, err
+	}
+	var workflowName [10]byte
+	copy(workflowName[:], decodedName)
+	if !bytes.Equal(reportMetadata.WorkflowName[:], workflowName[:]) {
+		return r, fmt.Errorf("WorkflowName in the report does not match WorkflowName in the request metadata. Report WorkflowName: %+v, request WorkflowName: %+v", hex.EncodeToString(reportMetadata.WorkflowName[:]), hex.EncodeToString(workflowName[:]))
 	}
 
 	if hex.EncodeToString(reportMetadata.WorkflowCID[:]) != rawRequest.Metadata.WorkflowID {

diff --git a/core/capabilities/targets/write_target_test.go b/core/capabilities/targets/write_target_test.go
@@ -42,15 +42,19 @@ func TestWriteTarget(t *testing.T) {
 	require.NoError(t, err)
 
 	reportID := [2]byte{0x00, 0x01}
+	var workflowName [10]byte
+	copy(workflowName[:], []byte("name"))
+	workflowOwnerString := "219BFD3D78fbb740c614432975CBE829E26C490e"
+	workflowOwner := common.HexToAddress(workflowOwnerString)
 	reportMetadata := targets.ReportV1Metadata{
 		Version:             1,
 		WorkflowExecutionID: [32]byte{},
 		Timestamp:           0,
 		DonID:               0,
 		DonConfigVersion:    0,
 		WorkflowCID:         [32]byte{},
-		WorkflowName:        [10]byte{},
-		WorkflowOwner:       [20]byte{},
+		WorkflowName:        workflowName,
+		WorkflowOwner:       workflowOwner,
 		ReportID:            reportID,
 	}
 
@@ -69,7 +73,7 @@ func TestWriteTarget(t *testing.T) {
 
 	validMetadata := capabilities.RequestMetadata{
 		WorkflowID:          hex.EncodeToString(reportMetadata.WorkflowCID[:]),
-		WorkflowOwner:       hex.EncodeToString(reportMetadata.WorkflowOwner[:]),
+		WorkflowOwner:       workflowOwnerString,
 		WorkflowName:        hex.EncodeToString(reportMetadata.WorkflowName[:]),
 		WorkflowExecutionID: hex.EncodeToString(reportMetadata.WorkflowExecutionID[:]),
 	}
@@ -218,4 +222,44 @@ func TestWriteTarget(t *testing.T) {
 		_, err2 := writeTarget.Execute(ctx, req)
 		require.Error(t, err2)
 	})
+
+	tests := []struct {
+		name          string
+		modifyRequest func(*capabilities.CapabilityRequest)
+		expectedError string
+	}{
+		{
+			name: "non-matching WorkflowOwner",
+			modifyRequest: func(req *capabilities.CapabilityRequest) {
+				req.Metadata.WorkflowOwner = "nonmatchingowner"
+			},
+			expectedError: "WorkflowOwner in the report does not match WorkflowOwner in the request metadata",
+		},
+		{
+			name: "non-matching WorkflowName",
+			modifyRequest: func(req *capabilities.CapabilityRequest) {
+				req.Metadata.WorkflowName = hex.EncodeToString([]byte("nonmatchingname"))
+			},
+			expectedError: "WorkflowName in the report does not match WorkflowName in the request metadata",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := capabilities.CapabilityRequest{
+				Metadata: validMetadata,
+				Config:   config,
+				Inputs:   validInputs,
+			}
+			tt.modifyRequest(&req)
+
+			_, err := writeTarget.Execute(ctx, req)
+			if tt.expectedError == "" {
+				require.NoError(t, err)
+			} else {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), tt.expectedError)
+			}
+		})
+	}
 }