From d19e25b3346e25512566656d7fcae08ad856bda0 Mon Sep 17 00:00:00 2001 From: Barry Gitarts Date: Wed, 4 Dec 2019 12:24:39 -0500 Subject: [PATCH] ensure single content is json to prevent DOS on indexer --- subgraph/build/Contract/Contract.wasm | Bin 13900 -> 14078 bytes subgraph/src/helpers/ignore.ts | 2 ++ subgraph/src/helpers/json.ts | 7 +++++++ subgraph/src/mapping.ts | 7 ++++--- 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 subgraph/src/helpers/ignore.ts create mode 100644 subgraph/src/helpers/json.ts diff --git a/subgraph/build/Contract/Contract.wasm b/subgraph/build/Contract/Contract.wasm index d77e7dbb3ca6f94fa961839b233f2e6729daefb5..75f1c0012c7bc223a1a8f78f820523f369896b4c 100644 GIT binary patch delta 3885 zcmZWsTWpib6`uM3-;U#P;>nFTiJgp1AQy7+h6D=TmdtVquuwwEZRswH!3iXUB+Z3o z*^B+qZu8JqX=hiBmWR5lZi~8Y*AlA4Lm#X@v=O3Gq)Js@w#rIeJIBx0Tu)3TCr8iD zBop(a!?V*9qgUt2g@C(yXnG2(HjwZ<+^>gb3 z`nK9{_f)^*qwkjcD3OF&sV4v5j?Ae$_Lq%uxlZKweA3~BFhM$O-!EA$5kv~LpsWTC?4m*Q#Lyc9m(VY5W#W^Q!%XO8n zI6^n>_g4Oi(pB|E@HKqT^7uB`+g~t81%ZWAM)@umbVL1~kI?n|!Ky)u$#C^qe1B1W z7@Gg8z8=mxg797Z1wmO9&O%jshoJnx!EQ4(ope*(t%=qzdIZ%l*6f0SSoQ$%mzo~B zuB_U9F#2L`M{3b43I9596*}^)x1eQaIX!!^C|fJe4pN%ZScmf%)j@B1|iqcZ4%ZE zy?g?mZO|ZtBXu!bP!O27z+qa)mZrFtc1@ z1_A@fmIAUR00<0Vr4+DI0)W5()?7f!b#<)-0f|B6OHJfU01z0!W+`B^1OR~nELE0- zu~hjqP6!MjTbU|BWJ?fPgCKIP5_GI+JHs&tGYrn?)1_(jmg;(+T8F^39y9>QBqJL{ z4hzZ11~q{2vx06%MhG&7dO?=5`YaVeRT@P3L8koSiE!G_2ZgR!iLcFH(h{K$1L5b? zQaHZLoJE`aVrV}+!u$DN10OIzl!XSeBRJ`DRsA!(kCv+)k>ULhs`pqvVGC=Ig*sq+ z-Seiq5Nz{raes{HhOk;KH*0YAA5`OWuNI$m^=afooYdpZQ`MJP7wT0j`E=LAX;KfH zXM!8G@Wcyjrp_oFYiW+YZqA>@FBi_A{s!QU4eTBcKGGZ59QIEulR62w%fP--~Mzs@y+=%L1fR73~5wp=9z%-Z} z6A**z?ypjZ35%5zxf%k@$7H?iKW^JU^r$;Gp-j1FO zf$;E~d;+5>6t-?fCK2N4!4Rh8MH#AQ8U;m-$_!MfDCb{8iL5pWzs>}Pn@zkEd(%A@ zvMSiG_u8mqBUuiMfC~~{{*t}|A{-GF+F3RXSn-U7&4zL%tc$l6^~?8Z6L1h^k;f{^ z!qA?HV0G)}Tq({>wpSu1+y9s3^@zR|Qa^hx%em&QEPqtYGPWva*_h0@CLdAixc*jJ{!~3wEz}xYB9fs1ey#a! z{M}}^al2!H%&2#E91P(VfPTdf7%$TQ2%^e#zB6iV$HIxXn3rrPt&}l5Qd(Nwu}v`l zNSr6q$Ec6U8s?68S*gZ9f#5SL)dx#t(=g46)0#>}P;d$~VnbC%GURGBQ9uTqDJGJk;DsJC6H&A7!=Fr-GepRpzBaE(=r!S=>egB*VCoaJvCN_ ztIy5!WZ6;`YhZ+^(>?W3yg1CHP$v`E@hW0G2F}NHSgT6*o@vZfyPh7z(iFtA*k8j? z$eu9F!6^~o@YSq2?5DvsfJRZu_xnv7Nn*g`FNguTCf8~XjX+;|6R98zJ z=OUz*`uYPa`s4-(@#~FO`)aqXhl;G;#MTRDa|Ha~zB^XF0VlateYiVlEjOx9cI*FB z(f%Zy8SCE(XMWJ%Y%Pb?Z~B{LHtdo&4dRl9KF#Yj#EQo6hW}i8AvOmw?~2uvfqH?a s$?E;^_u0}JftfMXdqfQmw1rk8Zp2r>kj|2OZt+-34P3@!X?2Ccm3kjB6*3s2gjywPA!Vb$*D>5viza; z9r~(#Oz&xY%}a09dnplwX|K2Y?jN}(Z|R@)Mn!>$Z+L~l31Jr5u6ysY2(gIpa&8kN zV-X%Qp~ILu%*nfkq{VytO~XsqLuzeu1JyS-Y`~Yx%Cst2I%h~1C?y;(Dy}CO@DJT*-18h+hd(k7- z>O@O5EO>^)Qk~fF@-`)jx)QNb4|^d*VX&`Ls%Jz_lYfuQ(A)Carei@c^BY>VA@cHW z(+xx(Z$1l8Z#DlI&s57~V3YDbW*KZZ)iNS0zt{4ak@ty|9O;b6pG8MQRccI!8it6o ztsU*l4T_^2tC)9FUdisyTT^G(14{m>uSR~5jIkpRN4gwT@%&4xy6J{m4sM0|?}|ti zkEGj4;XQpLv4}Usgh$6$mHXFrj z86w-jIe&&HL0%V3?6yfl!v&+Z4qZ)bG~f`~Hk~zp7F7*-RZW31kYsC6FbI?(N{-=* znNke^0tb-wtD7r;tpCA15IBHbEg)9|fWQId6(CbJk*`5O;vm*)O{~=bAaDSMT0o%& z0D%K2)&hz(00Fl>)D_K zFq~v$gUDee84xJr{JEq>kr9H7p*d78R3B79AqArRkbFHh6D!s85sO+H7kKLYpb}W< zX7uT})Z=|#r;T)8C-=wOz2odCid3w~v+;e@D|7Ktw9^OicR*IgIzqf|<^ZZ2_PVA&PIh;5? zve6P$DIj0AsdB<1R}yM6^9hU2*g9{rK^?f5v>*m~yY^FqSsJS+VkHV#o%~&*t!*_5 zs?@lu&VV{K1J+s*@Bb3br&puM(KPeII&kcZ&0T6$&3%7s2D#0>-nP};A5}!^(rRS#c9={9Im2LsG~9m6>8P<$59I_ z?UqmRj%7i1CtEY6cB{cXuso>Wiu2VG5_`}-*_dNnzgQFS~vo3WaWo4#u}c2|qY zgQdft>wJzcTIyY@ZX@n(8egzgAzcTHSCp79A&&+Rs;Y4HdTv1R8r~%C*4@G067wm| zdHmmGFXR1-1vP5rgy)>JY*Y5QhXDMY-iG4 z>jeA1b&li9iTO=J$UJ$8%#kUwNJLaNqy}g~j-w{Z9h6&Fx}%c^e2_mn8?Ho7iP?Xb+EhdtLN&+m!LAMDtR!2YDgQdusS~jwXLf$Ab)%kz z>TvBS9GoW?;f=ahl0l!f(mJh$l2F{Uk>U{Su`J)#wv?AWy}nr*1&O%dT-yWHTI@7@lULz#^R*SCd- zd~0x-x(@y?Kyynw>v!=Jz)!&?RS=*(=XcpshYL6oc|Qw!;C7nabWmx9TC1Qg0g+Z& zEyVn+sUEQE$v7mH`YQTmPfwg?CS;HoMbMqwXuRUl6azfA)^Il|wFjhoCVB?L|1JtRTVZzBaldZ}t5Ijn&oPr+pljr}~ef ztlsYLi6u>VQw-)M0Qr4Lo!A`cGi8OlYOxd~@|>MiQ>t(Z_0 zUBXkWRt{Cm%)^@UMXbx84!o+ZwW7O|^7x*hR%(@J_M9-++t|4t&@f!7-4z)fd=y>| z4|Zs!c6n~F9l3aIunoQa-NBB!wU|SMTpen$Fb>_W`+OCR!H0`z-I)BxU@Dr6yTM&> XQeSOAu`2tA&YQ~}ZVpoN-68RRdN%0h diff --git a/subgraph/src/helpers/ignore.ts b/subgraph/src/helpers/ignore.ts new file mode 100644 index 0000000..a480961 --- /dev/null +++ b/subgraph/src/helpers/ignore.ts @@ -0,0 +1,2 @@ +export let skipBlocks: number[] = [6891630] + diff --git a/subgraph/src/helpers/json.ts b/subgraph/src/helpers/json.ts new file mode 100644 index 0000000..6efbb46 --- /dev/null +++ b/subgraph/src/helpers/json.ts @@ -0,0 +1,7 @@ +import { Bytes } from "@graphprotocol/graph-ts" + +export function isJson(manifest: Bytes): boolean { + let manifestString = manifest.toHexString() + let first = manifestString.slice(0, 4) + return first == '0x7b' +} diff --git a/subgraph/src/mapping.ts b/subgraph/src/mapping.ts index a7902a6..4bb105d 100644 --- a/subgraph/src/mapping.ts +++ b/subgraph/src/mapping.ts @@ -15,6 +15,8 @@ import { DonateCall, } from "../generated/Contract/Contract" import { Profile, PledgesInfo, Pledge, ProjectInfo } from "../generated/schema" +import { skipBlocks } from "./helpers/ignore" +import { isJson } from "./helpers/json" export function handleAddGiver(call: AddGiverCall): void { @@ -66,12 +68,11 @@ export function handleUpdateProject(call: UpdateProjectCall): void { function createProjectInfo(content: String, profile: Profile, isFile: boolean = false): void { let hash = content.split('/').slice(-1)[0] let contentHash = isFile ? hash : hash + '/manifest.json' - let manifest = ipfs.cat(contentHash) + let manifest: Bytes | null = ipfs.cat(contentHash) if (manifest == null) { - log.info('manifest is null', []) if (!isFile) createProjectInfo(content, profile, true) - } else { + } else if (isJson(manifest as Bytes)) { let parsed = json.fromBytes(manifest as Bytes).toObject() log.info( 'ipfs title: {}',