github.com/luckypickle/go-ethereum-vet@v1.14.2/signer/rules/rules.go (about)

     1  // Copyright 2018 The go-ethereum Authors
     2  // This file is part of go-ethereum.
     3  //
     4  // go-ethereum is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // go-ethereum is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU General Public License
    15  // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package rules
    18  
    19  import (
    20  	"encoding/json"
    21  	"fmt"
    22  	"os"
    23  	"strings"
    24  
    25  	"github.com/luckypickle/go-ethereum-vet/common"
    26  	"github.com/luckypickle/go-ethereum-vet/internal/ethapi"
    27  	"github.com/luckypickle/go-ethereum-vet/log"
    28  	"github.com/luckypickle/go-ethereum-vet/signer/core"
    29  	"github.com/luckypickle/go-ethereum-vet/signer/rules/deps"
    30  	"github.com/luckypickle/go-ethereum-vet/signer/storage"
    31  	"github.com/robertkrimen/otto"
    32  )
    33  
    34  var (
    35  	BigNumber_JS = deps.MustAsset("bignumber.js")
    36  )
    37  
    38  // consoleOutput is an override for the console.log and console.error methods to
    39  // stream the output into the configured output stream instead of stdout.
    40  func consoleOutput(call otto.FunctionCall) otto.Value {
    41  	output := []string{"JS:> "}
    42  	for _, argument := range call.ArgumentList {
    43  		output = append(output, fmt.Sprintf("%v", argument))
    44  	}
    45  	fmt.Fprintln(os.Stdout, strings.Join(output, " "))
    46  	return otto.Value{}
    47  }
    48  
    49  // rulesetUI provides an implementation of SignerUI that evaluates a javascript
    50  // file for each defined UI-method
    51  type rulesetUI struct {
    52  	next        core.SignerUI // The next handler, for manual processing
    53  	storage     storage.Storage
    54  	credentials storage.Storage
    55  	jsRules     string // The rules to use
    56  }
    57  
    58  func NewRuleEvaluator(next core.SignerUI, jsbackend, credentialsBackend storage.Storage) (*rulesetUI, error) {
    59  	c := &rulesetUI{
    60  		next:        next,
    61  		storage:     jsbackend,
    62  		credentials: credentialsBackend,
    63  		jsRules:     "",
    64  	}
    65  
    66  	return c, nil
    67  }
    68  
    69  func (r *rulesetUI) Init(javascriptRules string) error {
    70  	r.jsRules = javascriptRules
    71  	return nil
    72  }
    73  func (r *rulesetUI) execute(jsfunc string, jsarg interface{}) (otto.Value, error) {
    74  
    75  	// Instantiate a fresh vm engine every time
    76  	vm := otto.New()
    77  	// Set the native callbacks
    78  	consoleObj, _ := vm.Get("console")
    79  	consoleObj.Object().Set("log", consoleOutput)
    80  	consoleObj.Object().Set("error", consoleOutput)
    81  	vm.Set("storage", r.storage)
    82  
    83  	// Load bootstrap libraries
    84  	script, err := vm.Compile("bignumber.js", BigNumber_JS)
    85  	if err != nil {
    86  		log.Warn("Failed loading libraries", "err", err)
    87  		return otto.UndefinedValue(), err
    88  	}
    89  	vm.Run(script)
    90  
    91  	// Run the actual rule implementation
    92  	_, err = vm.Run(r.jsRules)
    93  	if err != nil {
    94  		log.Warn("Execution failed", "err", err)
    95  		return otto.UndefinedValue(), err
    96  	}
    97  
    98  	// And the actual call
    99  	// All calls are objects with the parameters being keys in that object.
   100  	// To provide additional insulation between js and go, we serialize it into JSON on the Go-side,
   101  	// and deserialize it on the JS side.
   102  
   103  	jsonbytes, err := json.Marshal(jsarg)
   104  	if err != nil {
   105  		log.Warn("failed marshalling data", "data", jsarg)
   106  		return otto.UndefinedValue(), err
   107  	}
   108  	// Now, we call foobar(JSON.parse(<jsondata>)).
   109  	var call string
   110  	if len(jsonbytes) > 0 {
   111  		call = fmt.Sprintf("%v(JSON.parse(%v))", jsfunc, string(jsonbytes))
   112  	} else {
   113  		call = fmt.Sprintf("%v()", jsfunc)
   114  	}
   115  	return vm.Run(call)
   116  }
   117  
   118  func (r *rulesetUI) checkApproval(jsfunc string, jsarg []byte, err error) (bool, error) {
   119  	if err != nil {
   120  		return false, err
   121  	}
   122  	v, err := r.execute(jsfunc, string(jsarg))
   123  	if err != nil {
   124  		log.Info("error occurred during execution", "error", err)
   125  		return false, err
   126  	}
   127  	result, err := v.ToString()
   128  	if err != nil {
   129  		log.Info("error occurred during response unmarshalling", "error", err)
   130  		return false, err
   131  	}
   132  	if result == "Approve" {
   133  		log.Info("Op approved")
   134  		return true, nil
   135  	} else if result == "Reject" {
   136  		log.Info("Op rejected")
   137  		return false, nil
   138  	}
   139  	return false, fmt.Errorf("Unknown response")
   140  }
   141  
   142  func (r *rulesetUI) ApproveTx(request *core.SignTxRequest) (core.SignTxResponse, error) {
   143  	jsonreq, err := json.Marshal(request)
   144  	approved, err := r.checkApproval("ApproveTx", jsonreq, err)
   145  	if err != nil {
   146  		log.Info("Rule-based approval error, going to manual", "error", err)
   147  		return r.next.ApproveTx(request)
   148  	}
   149  
   150  	if approved {
   151  		return core.SignTxResponse{
   152  				Transaction: request.Transaction,
   153  				Approved:    true,
   154  				Password:    r.lookupPassword(request.Transaction.From.Address()),
   155  			},
   156  			nil
   157  	}
   158  	return core.SignTxResponse{Approved: false}, err
   159  }
   160  
   161  func (r *rulesetUI) lookupPassword(address common.Address) string {
   162  	return r.credentials.Get(strings.ToLower(address.String()))
   163  }
   164  
   165  func (r *rulesetUI) ApproveSignData(request *core.SignDataRequest) (core.SignDataResponse, error) {
   166  	jsonreq, err := json.Marshal(request)
   167  	approved, err := r.checkApproval("ApproveSignData", jsonreq, err)
   168  	if err != nil {
   169  		log.Info("Rule-based approval error, going to manual", "error", err)
   170  		return r.next.ApproveSignData(request)
   171  	}
   172  	if approved {
   173  		return core.SignDataResponse{Approved: true, Password: r.lookupPassword(request.Address.Address())}, nil
   174  	}
   175  	return core.SignDataResponse{Approved: false, Password: ""}, err
   176  }
   177  
   178  func (r *rulesetUI) ApproveExport(request *core.ExportRequest) (core.ExportResponse, error) {
   179  	jsonreq, err := json.Marshal(request)
   180  	approved, err := r.checkApproval("ApproveExport", jsonreq, err)
   181  	if err != nil {
   182  		log.Info("Rule-based approval error, going to manual", "error", err)
   183  		return r.next.ApproveExport(request)
   184  	}
   185  	if approved {
   186  		return core.ExportResponse{Approved: true}, nil
   187  	}
   188  	return core.ExportResponse{Approved: false}, err
   189  }
   190  
   191  func (r *rulesetUI) ApproveImport(request *core.ImportRequest) (core.ImportResponse, error) {
   192  	// This cannot be handled by rules, requires setting a password
   193  	// dispatch to next
   194  	return r.next.ApproveImport(request)
   195  }
   196  
   197  func (r *rulesetUI) ApproveListing(request *core.ListRequest) (core.ListResponse, error) {
   198  	jsonreq, err := json.Marshal(request)
   199  	approved, err := r.checkApproval("ApproveListing", jsonreq, err)
   200  	if err != nil {
   201  		log.Info("Rule-based approval error, going to manual", "error", err)
   202  		return r.next.ApproveListing(request)
   203  	}
   204  	if approved {
   205  		return core.ListResponse{Accounts: request.Accounts}, nil
   206  	}
   207  	return core.ListResponse{}, err
   208  }
   209  
   210  func (r *rulesetUI) ApproveNewAccount(request *core.NewAccountRequest) (core.NewAccountResponse, error) {
   211  	// This cannot be handled by rules, requires setting a password
   212  	// dispatch to next
   213  	return r.next.ApproveNewAccount(request)
   214  }
   215  
   216  func (r *rulesetUI) ShowError(message string) {
   217  	log.Error(message)
   218  	r.next.ShowError(message)
   219  }
   220  
   221  func (r *rulesetUI) ShowInfo(message string) {
   222  	log.Info(message)
   223  	r.next.ShowInfo(message)
   224  }
   225  func (r *rulesetUI) OnSignerStartup(info core.StartupInfo) {
   226  	jsonInfo, err := json.Marshal(info)
   227  	if err != nil {
   228  		log.Warn("failed marshalling data", "data", info)
   229  		return
   230  	}
   231  	r.next.OnSignerStartup(info)
   232  	_, err = r.execute("OnSignerStartup", string(jsonInfo))
   233  	if err != nil {
   234  		log.Info("error occurred during execution", "error", err)
   235  	}
   236  }
   237  
   238  func (r *rulesetUI) OnApprovedTx(tx ethapi.SignTransactionResult) {
   239  	jsonTx, err := json.Marshal(tx)
   240  	if err != nil {
   241  		log.Warn("failed marshalling transaction", "tx", tx)
   242  		return
   243  	}
   244  	_, err = r.execute("OnApprovedTx", string(jsonTx))
   245  	if err != nil {
   246  		log.Info("error occurred during execution", "error", err)
   247  	}
   248  }