test: cover edge case for lockunspent rpc #31209

pull Abdulkbk wants to merge 1 commits into bitcoin:master from Abdulkbk:test-negative-vout changing 1 files +3 −0
  1. Abdulkbk commented at 11:57 am on November 4, 2024: none
    This PR tests the scenario where a negative number is passed as the vout value during the lockunspent RPC call. The rationale behind this test is to validate the input parameters for the lockunspent function and ensure that the system behaves correctly when given invalid data. By confirming that the error message “Invalid parameter: vout cannot be negative” is returned, we can prevent unexpected behavior or vulnerabilities in the application.
  2. test: cover edge case for lockunspent rpc
    This commit test for when a negative number is passed as the vout
    value during lockunspent rpc call. It ensure that the error message:
    Invalid parameter, vout cannot be negative, is returned.
    e58c4307ef
  3. DrahtBot commented at 11:57 am on November 4, 2024: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/31209.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK tdb3

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    No conflicts as of last run.

  4. DrahtBot added the label Tests on Nov 4, 2024
  5. tdb3 approved
  6. tdb3 commented at 1:34 pm on November 5, 2024: contributor

    ACK e58c4307ef576915200c4eda57d6d6ff10088667

    Thank you. Coverage report seems to indicate coverage was added.

    Sanity checked the change by executing functional tests (without legacy-wallet, but with wallet_basic.py --descriptors) with the following update.

     0diff --git a/src/wallet/rpc/coins.cpp b/src/wallet/rpc/coins.cpp
     1index f1430a3c601..81fd75db0fd 100644
     2--- a/src/wallet/rpc/coins.cpp
     3+++ b/src/wallet/rpc/coins.cpp
     4@@ -320,7 +320,7 @@ RPCHelpMan lockunspent()
     5         const Txid txid = Txid::FromUint256(ParseHashO(o, "txid"));
     6         const int nOutput = o.find_value("vout").getInt<int>();
     7         if (nOutput < 0) {
     8-            throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid parameter, vout cannot be negative");
     9+            throw JSONRPCError(RPC_WALLET_ERROR, "Invalid parameter, vout cannot be negative");
    10         }
    11 
    12         const COutPoint outpt(txid, nOutput);
    

    On master (03cff2c1421e5db59963eba1a845ef5dd318c275), wallet_basic did not fail.

    On the PR branch the test did fail (at the new line).

  7. maflcko commented at 2:04 pm on November 5, 2024: member

    Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

    The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

  8. Abdulkbk commented at 4:23 pm on November 5, 2024: none

    Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

    The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

    I did a quick test by commenting the check and you’re right an error was thrown. However, the error is not as descriptive as the current implementation. The error without the check: “Invalid parameter, vout index out of bounds” . Error with the check: “Invalid parameter, vout cannot be negative”.

  9. maflcko commented at 4:52 pm on November 5, 2024: member
    If the error message is confusing, it would be a reason to improve the error message. However, this applies to all RPCs and maintaining the error message in a single RPC (or each RPC individually) seems inconsistent (or brittle and verbose).
  10. tdb3 commented at 2:02 am on November 6, 2024: contributor

    Not sure about this. This seems to be adding coverage for code that shouldn’t exist in the first place.

    The integer is passed to COutPoint, which only takes unsigned integers, so parsing the integer as such would be more consistent. The check would then be redundant and could be removed.

    Good catch. It seems a bit odd that the RPC is trying to interpret the vout arg as a signed int in the first place (const int nOutput = o.find_value("vout").getInt<int>();), then check for negative.

    https://github.com/bitcoin/bitcoin/blob/65b194193661e27cf2d9c0e0d7e3b627a379513a/src/wallet/rpc/coins.cpp#L320-L324

    Removing the check for negative would technically change RPC behavior for users (https://github.com/bitcoin/bitcoin/pull/30212#issuecomment-2347371722), but do we think anyone’s downstream use case is actually relying on this odd edge case (negative vout arg)?

  11. maflcko commented at 2:19 pm on November 6, 2024: member

    Removing the check for negative would technically change RPC behavior for users (#30212 (comment)), but do we think anyone’s downstream use case is actually relying on this odd edge case (negative vout arg)?

    Matching errors based on the error string is fragile and considered bad practise, because error strings are considered less stable than error codes or error types. Also, error strings may be verbose and (if truncated, or not) could match errors in other contexts. The RPC version is also explained in https://github.com/bitcoin/bitcoin/blob/master/doc/JSON-RPC-interface.md#versioning . Finally, downstream software should test new releases of updated dependencies (like Bitcoin Core) before deploying them in production.


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-26 12:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me