diff --git a/jsonrpc/jsonrpc.go b/jsonrpc/jsonrpc.go index e5f3b18136..bfae70b15b 100644 --- a/jsonrpc/jsonrpc.go +++ b/jsonrpc/jsonrpc.go @@ -313,7 +313,6 @@ func (j *JSONRPC) handleJSONRPCRequest(w http.ResponseWriter, req *http.Request) j.logger.Debug("handle", "request", string(data)) resp, err := j.dispatcher.Handle(data) - if err != nil { _, _ = w.Write([]byte(err.Error())) } else { diff --git a/jsonrpc/jsonrpc_test.go b/jsonrpc/jsonrpc_test.go index 4951d102d4..32399ab84c 100644 --- a/jsonrpc/jsonrpc_test.go +++ b/jsonrpc/jsonrpc_test.go @@ -4,32 +4,20 @@ import ( "bytes" "encoding/json" "net" + "net/http/httptest" + "strings" "testing" + "github.com/hashicorp/go-hclog" + "github.com/stretchr/testify/require" + "github.com/0xPolygon/polygon-edge/helper/tests" "github.com/0xPolygon/polygon-edge/versioning" - "github.com/stretchr/testify/assert" - - "github.com/hashicorp/go-hclog" ) func TestHTTPServer(t *testing.T) { - store := newMockStore() - port, portErr := tests.GetFreePort() - - if portErr != nil { - t.Fatalf("Unable to fetch free port, %v", portErr) - } - - config := &Config{ - Store: store, - Addr: &net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: port}, - } - _, err := NewJSONRPC(hclog.NewNullLogger(), config) - - if err != nil { - t.Fatal(err) - } + _, err := newTestJSONRPC(t) + require.NoError(t, err) } func Test_handleGetRequest(t *testing.T) { @@ -51,12 +39,12 @@ func Test_handleGetRequest(t *testing.T) { response := &GetResponse{} - assert.NoError( + require.NoError( t, json.Unmarshal(mockWriter.Bytes(), response), ) - assert.Equal( + require.Equal( t, &GetResponse{ Name: chainName, @@ -66,3 +54,62 @@ func Test_handleGetRequest(t *testing.T) { response, ) } + +func TestJSONRPC_handleJSONRPCRequest(t *testing.T) { + t.Parallel() + + j, err := newTestJSONRPC(t) + require.NoError(t, err) + + cases := []struct { + name string + request string + expectedResponse string + }{ + { + name: "malicious input (XSS attack)", + request: `{"jsonrpc":"2.0","id":0,"method":"eth_getBlockByNumber","params":["latest",false]} +`, + expectedResponse: `{"jsonrpc":"2.0","error":{"code":-32600,"message":"Invalid json request"}}`, + }, + { + name: "valid input", + request: `{"jsonrpc":"2.0","id":0,"method":"eth_getBlockByNumber","params":["latest",false]}`, + expectedResponse: `{"jsonrpc":"2.0","id":0,"result":{`, + }, + } + + for _, c := range cases { + c := c + + t.Run(c.name, func(t *testing.T) { + t.Parallel() + + req := httptest.NewRequest("POST", "/eth_getBlockByNumber", strings.NewReader(c.request)) + req.Header.Set("Content-Type", "application/json") + + w := httptest.NewRecorder() + + j.handleJSONRPCRequest(w, req) + + response := w.Body.String() + require.Contains(t, response, c.expectedResponse) + }) + } +} + +func newTestJSONRPC(t *testing.T) (*JSONRPC, error) { + t.Helper() + + store := newMockStore() + + port, err := tests.GetFreePort() + require.NoError(t, err, "Unable to fetch free port, %v", err) + + config := &Config{ + Store: store, + Addr: &net.TCPAddr{IP: net.ParseIP("127.0.0.1"), Port: port}, + } + + return NewJSONRPC(hclog.NewNullLogger(), config) +}