2018-06-08 17:46:57 +00:00
const async = require ( 'async' ) ;
2018-07-07 13:30:47 +00:00
const ContractFuzzer = require ( './fuzzer.js' ) ;
2019-11-13 18:59:10 +00:00
const Web3 = require ( 'web3' ) ;
2018-06-06 19:37:08 +00:00
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
export const GAS _ERROR = ' -ERROR- ' ;
export const EVENT _NO _GAS = ' -EVENT- ' ;
export class GasEstimator {
2018-06-06 19:37:08 +00:00
constructor ( embark ) {
this . embark = embark ;
this . logger = embark . logger ;
this . events = embark . events ;
this . fuzzer = new ContractFuzzer ( embark ) ;
}
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
printError ( message , name , values = [ ] ) {
this . logger . error ( ` Error getting gas estimate for " ${ name } ( ${ Object . values ( values ) . join ( "," ) } )" ` , message ) ;
if ( message . includes ( 'always failing transaction' ) ) {
this . logger . error ( ` This may mean function assertions (revert, assert, require) are preventing the estimate from completing. Gas will be listed as " ${ GAS _ERROR } " in the profile. ` ) ;
}
this . logger . error ( '' ) ; // new line to separate likely many lines
}
2018-06-08 17:46:57 +00:00
estimateGas ( contractName , cb ) {
2018-06-06 20:30:29 +00:00
const self = this ;
2018-06-06 19:37:08 +00:00
let gasMap = { } ;
2019-11-13 18:59:10 +00:00
self . events . request ( "blockchain:client:provider" , "ethereum" , ( err , provider ) => {
const web3 = new Web3 ( provider ) ;
self . events . request ( 'contracts:contract' , contractName , ( err , contract ) => {
if ( err ) return cb ( err ) ;
2019-01-22 14:57:08 +00:00
let fuzzMap = self . fuzzer . generateFuzz ( 3 , contract ) ;
let contractObj = new web3 . eth . Contract ( contract . abiDefinition , contract . deployedAddress ) ;
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
async . each ( contract . abiDefinition ,
2019-01-22 14:57:08 +00:00
( abiMethod , gasCb ) => {
let name = abiMethod . name ;
if ( abiMethod . type === "constructor" ) {
// already provided for us
2019-11-13 18:59:10 +00:00
gasMap [ 'constructor' ] = parseFloat ( contract . gasEstimates . creation . totalCost . toString ( ) ) ;
2019-01-22 14:57:08 +00:00
return gasCb ( null , name , abiMethod . type ) ;
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
} else if ( abiMethod . type === "event" ) {
gasMap [ name ] = EVENT _NO _GAS ;
return gasCb ( null , name , abiMethod . type ) ;
2019-01-22 14:57:08 +00:00
} else if ( abiMethod . type === "fallback" ) {
2019-11-13 18:59:10 +00:00
gasMap [ 'fallback' ] = parseFloat ( contract . gasEstimates . external [ "" ] . toString ( ) ) ;
2019-01-22 14:57:08 +00:00
return gasCb ( null , name , abiMethod . type ) ;
} else if (
( abiMethod . inputs === null || abiMethod . inputs === undefined || abiMethod . inputs . length === 0 )
) {
// just run it and register it
contractObj . methods [ name ]
. apply ( contractObj . methods [ name ] , [ ] )
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
. estimateGas ( { from : web3 . eth . defaultAccount } , ( err , gasAmount ) => {
2019-01-22 14:57:08 +00:00
if ( err ) {
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
self . printError ( err . message || err , name ) ;
2019-01-22 14:57:08 +00:00
return gasCb ( null , name , abiMethod . type ) ;
}
gasMap [ name ] = gasAmount ;
2018-12-20 18:16:33 +00:00
return gasCb ( null , name , abiMethod . type ) ;
2019-01-22 14:57:08 +00:00
} ) ;
} else {
// async concatenate all the fuzz values and their gas cost outputs and check for equality
async . concat ( fuzzMap [ name ] , ( values , getVarianceCb ) => {
contractObj . methods [ name ] . apply ( contractObj . methods [ name ] , values )
. estimateGas ( ( err , gasAmount ) => {
if ( err ) {
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
self . printError ( err . message || err , name , values ) ;
2019-01-22 14:57:08 +00:00
}
getVarianceCb ( null , gasAmount ) ;
} ) ;
} , ( err , variance ) => {
if ( variance . every ( v => v === variance [ 0 ] ) ) {
fix(@embark/profiler): Fix profile output and update messaging
The profiler was not formatted correctly in the console as `util.inspect` was being applied to the ASCII table before being output to the console REPL.
In addition, functions containing solidity assertions (require, revert, assert) that cause the function to fail when estimating gas would print an error to embark’s console log, and would show nothing as their gas estimate in the table.
Do not `util.inspect` command output if the result is a string. For API commands being run, allow the command to specify whether or not the output of the command should be HTML escaped. This could pose security risks!
For functions that have errors during gas estimation, add a message in the embark console explaining that the error may be due to solidity assertions in the function that prevent the gas from being estimated correctly. For functions that error, show `-ERROR-` in the gas estimation column. Additionally, show a description in the table footer explaining that the error may be due to solidity assertions in the function.
For events with no gas estimate, show `-EVENT-` in the gas estimate column of the profile table, and a description in the table footer explaining that there is no gas estimate for events.
### Warnings
This PR allows the console command to specify whether or not it should allow for a string result of the command to be HTML-escaped before being sent in the API response. Combining this with Cockpit’s `dangerouslySetInnerHTML`, this could allow a plugin to register a console command that injects XSS in to Cockpit.
2020-02-13 02:14:36 +00:00
gasMap [ name ] = variance [ 0 ] ? ? GAS _ERROR ;
2019-01-22 14:57:08 +00:00
} else {
// get average
let sum = variance . reduce ( function ( memo , num ) { return memo + num ; } ) ;
gasMap [ name ] = sum / variance . length ;
2018-12-20 18:16:33 +00:00
}
2019-01-22 14:57:08 +00:00
return gasCb ( null , name , abiMethod . type ) ;
2018-06-08 19:26:32 +00:00
} ) ;
2019-01-22 14:57:08 +00:00
}
} ,
( err , name , type ) => {
if ( err ) {
if ( type === "constructor" || type === "fallback" ) name = type ;
return cb ( err , null , name ) ;
}
cb ( null , gasMap , null ) ;
2018-06-15 20:22:27 +00:00
}
2019-01-22 14:57:08 +00:00
) ;
} ) ;
2018-06-06 19:37:08 +00:00
} ) ;
}
}
