test: cover edge case for lockunspent rpc

Abdulkbk commented at 11:57 am on November 4, 2024: none

This PR tests the scenario where a negative number is passed as the vout value during the lockunspent RPC call. The rationale behind this test is to validate the input parameters for the lockunspent function and ensure that the system behaves correctly when given invalid data. By confirming that the error message “Invalid parameter: vout cannot be negative” is returned, we can prevent unexpected behavior or vulnerabilities in the application.

This commit test for when a negative number is passed as the vout
value during lockunspent rpc call. It ensure that the error message:
Invalid parameter, vout cannot be negative, is returned.

e58c4307ef

DrahtBot commented at 11:57 am on November 4, 2024: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/31209.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	tdb3

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

No conflicts as of last run.

DrahtBot added the label Tests on Nov 4, 2024

tdb3 approved

tdb3 commented at 1:34 pm on November 5, 2024: contributor

ACK e58c4307ef576915200c4eda57d6d6ff10088667

Thank you. Coverage report seems to indicate coverage was added.

Sanity checked the change by executing functional tests (without legacy-wallet, but with wallet_basic.py --descriptors) with the following update.

 0diff --git a/src/wallet/rpc/coins.cpp b/src/wallet/rpc/coins.cpp
 1index f1430a3c601..81fd75db0fd 100644
 2--- a/src/wallet/rpc/coins.cpp
 3+++ b/src/wallet/rpc/coins.cpp
 4@@ -320,7 +320,7 @@ RPCHelpMan lockunspent()
 5         const Txid txid = Txid::FromUint256(ParseHashO(o, "txid"));
 6         const int nOutput = o.find_value("vout").getInt<int>();
 7         if (nOutput < 0) {
 8-            throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid parameter, vout cannot be negative");
 9+            throw JSONRPCError(RPC_WALLET_ERROR, "Invalid parameter, vout cannot be negative");
10         }
11 
12         const COutPoint outpt(txid, nOutput);

On master (03cff2c1421e5db59963eba1a845ef5dd318c275), wallet_basic did not fail.

On the PR branch the test did fail (at the new line).

maflcko commented at 2:04 pm on November 5, 2024: member

Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

Abdulkbk commented at 4:23 pm on November 5, 2024: none

Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

I did a quick test by commenting the check and you’re right an error was thrown. However, the error is not as descriptive as the current implementation. The error without the check: “Invalid parameter, vout index out of bounds” . Error with the check: “Invalid parameter, vout cannot be negative”.

maflcko commented at 4:52 pm on November 5, 2024: member

If the error message is confusing, it would be a reason to improve the error message. However, this applies to all RPCs and maintaining the error message in a single RPC (or each RPC individually) seems inconsistent (or brittle and verbose).

tdb3 commented at 2:02 am on November 6, 2024: contributor

Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

Good catch. It seems a bit odd that the RPC is trying to interpret the vout arg as a signed int in the first place (const int nOutput = o.find_value("vout").getInt<int>();), then check for negative.

https://github.com/bitcoin/bitcoin/blob/65b194193661e27cf2d9c0e0d7e3b627a379513a/src/wallet/rpc/coins.cpp#L320-L324

Removing the check for negative would technically change RPC behavior for users (https://github.com/bitcoin/bitcoin/pull/30212#issuecomment-2347371722), but do we think anyone’s downstream use case is actually relying on this odd edge case (negative vout arg)?

maflcko commented at 2:19 pm on November 6, 2024: member

Removing the check for negative would technically change RPC behavior for users (#30212 (comment)), but do we think anyone’s downstream use case is actually relying on this odd edge case (negative vout arg)?

Matching errors based on the error string is fragile and considered bad practise, because error strings are considered less stable than error codes or error types. Also, error strings may be verbose and (if truncated, or not) could match errors in other contexts. The RPC version is also explained in https://github.com/bitcoin/bitcoin/blob/master/doc/JSON-RPC-interface.md#versioning . Finally, downstream software should test new releases of updated dependencies (like Bitcoin Core) before deploying them in production.

fanquake commented at 3:22 pm on February 20, 2025: member

Closing for now. Doesn’t seem to be agreement on the change.

fanquake closed this on Feb 20, 2025

maflcko commented at 9:29 pm on February 20, 2025: member

I am happy to review a pull request with the suggested fix in #31209 (comment), but I don’t have the time to work on this myself.

test: cover edge case for lockunspent rpc #31209

Code Coverage & Benchmarks

Reviews

Conflicts