-
- Downloads
[FAB-6381] Secure defaults for txsFilter
The aim of this change set is to apply the well-established "Secure by
default" security principle to the way the validator validates transactions
in a block.
The current code behaves as follows: create an array of validation codes, set
by default to "all transactions are valid"; then perform validation which may
mark transactions as invalid. Furthermore, in other parts of the code, if no
array of validation codes is yet persent in the block, a new one is
indiscriminately created (again, marking all transactions as valid). This
approach is a security anti-pattern because it opens up to attacks where an
adversary may force the code through a path where the default "tx is valid"
validation code is maintained even for invalid txes.
This change set ensures that validation code arrays are created and set to a
new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction
that hasn't been validated cannot be mistaken for a valid one.
Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd
Signed-off-by: 
Alessandro Sorniotti <ale.linux@sopit.net>
Showing
- common/configtx/test/helper.go 11 additions, 1 deletioncommon/configtx/test/helper.go
- common/ledger/testutil/test_helper.go 4 additions, 14 deletionscommon/ledger/testutil/test_helper.go
- core/chaincode/exectransaction_test.go 4 additions, 0 deletionscore/chaincode/exectransaction_test.go
- core/committer/committer_test.go 3 additions, 0 deletionscore/committer/committer_test.go
- core/committer/txvalidator/txvalidator_test.go 18 additions, 25 deletionscore/committer/txvalidator/txvalidator_test.go
- core/committer/txvalidator/validator.go 18 additions, 0 deletionscore/committer/txvalidator/validator.go
- core/ledger/kvledger/history/historydb/historyleveldb/historyleveldb.go 2 additions, 17 deletions...ledger/history/historydb/historyleveldb/historyleveldb.go
- core/ledger/kvledger/txmgmt/validator/valimpl/helper.go 0 additions, 5 deletionscore/ledger/kvledger/txmgmt/validator/valimpl/helper.go
- core/ledger/kvledger/txmgmt/validator/valimpl/helper_test.go 1 addition, 1 deletioncore/ledger/kvledger/txmgmt/validator/valimpl/helper_test.go
- core/ledger/util/txvalidationflags.go 18 additions, 13 deletionscore/ledger/util/txvalidationflags.go
- core/ledger/util/txvalidationflags_test.go 3 additions, 13 deletionscore/ledger/util/txvalidationflags_test.go
- core/peer/pkg_test.go 10 additions, 1 deletioncore/peer/pkg_test.go
- core/scc/cscc/configure.go 10 additions, 0 deletionscore/scc/cscc/configure.go
- protos/peer/transaction.pb.go 57 additions, 54 deletionsprotos/peer/transaction.pb.go
- protos/peer/transaction.proto 3 additions, 12 deletionsprotos/peer/transaction.proto
Loading
Please register or sign in to comment