From f24949f3d96f46a4bfa32c2c17fcc0cf2ae4efd6 Mon Sep 17 00:00:00 2001 From: Guillermo Bescos Alapont Date: Mon, 19 Dec 2022 21:20:13 +0100 Subject: [PATCH 1/3] Enable set min pub to security auth --- program/rust/src/accounts/permission.rs | 1 + .../src/tests/test_permission_migration.rs | 55 +++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/program/rust/src/accounts/permission.rs b/program/rust/src/accounts/permission.rs index 51539fb01..9bc3a7710 100644 --- a/program/rust/src/accounts/permission.rs +++ b/program/rust/src/accounts/permission.rs @@ -46,6 +46,7 @@ impl PermissionAccount { #[allow(clippy::match_like_matches_macro)] match (*key, command) { (pubkey, _) if pubkey == self.master_authority => true, + (pubkey, OracleCommand::SetMinPub) if pubkey == self.security_authority => true, _ => false, } } diff --git a/program/rust/src/tests/test_permission_migration.rs b/program/rust/src/tests/test_permission_migration.rs index 91da8ad00..8545b5c61 100644 --- a/program/rust/src/tests/test_permission_migration.rs +++ b/program/rust/src/tests/test_permission_migration.rs @@ -16,6 +16,7 @@ use { DelPublisherArgs, InitPriceArgs, OracleCommand::{ + self, AddMapping, AddPrice, AddProduct, @@ -34,6 +35,7 @@ use { tests::test_utils::AccountSetup, }, bytemuck::bytes_of, + num_traits::ToPrimitive, solana_program::pubkey::Pubkey, }; @@ -47,6 +49,9 @@ fn test_permission_migration() { let mut funding_setup = AccountSetup::new_funding(); let funding_account = funding_setup.as_account_info(); + let mut security_auth_setup = AccountSetup::new_funding(); + let security_auth_account = security_auth_setup.as_account_info(); + let mut attacker_setup = AccountSetup::new_funding(); let attacker_account = attacker_setup.as_account_info(); @@ -61,6 +66,7 @@ fn test_permission_migration() { let mut price_setup = AccountSetup::new::(&program_id); let mut price_account = price_setup.as_account_info(); + PriceAccount::initialize(&price_account, PC_VERSION).unwrap(); product_account.is_signer = false; @@ -73,6 +79,7 @@ fn test_permission_migration() { let mut permissions_account_data = PermissionAccount::initialize(&permissions_account, PC_VERSION).unwrap(); permissions_account_data.master_authority = *funding_account.key; + permissions_account_data.security_authority = *security_auth_account.key; } assert_eq!( @@ -89,6 +96,19 @@ fn test_permission_migration() { ); + assert_eq!( + process_instruction( + &program_id, + &[ + security_auth_account.clone(), + mapping_account.clone(), + permissions_account.clone() + ], + bytes_of::(&InitMapping.into()) + ), + Err(OracleError::PermissionViolation.into()) + ); + process_instruction( &program_id, &[ @@ -252,4 +272,39 @@ fn test_permission_migration() { ), Err(OracleError::PermissionViolation.into()) ); + + + process_instruction( + &program_id, + &[ + security_auth_account.clone(), + price_account.clone(), + permissions_account.clone(), + ], + bytes_of::(&SetMinPubArgs { + header: CommandHeader { + version: PC_VERSION, + command: OracleCommand::SetMinPub.to_i32().unwrap(), + }, + minimum_publishers: 5, + unused_: [0; 3], + }), + ) + .unwrap(); + + assert_eq!( + process_instruction( + &program_id, + &[ + security_auth_account.clone(), + price_account.clone(), + permissions_account.clone(), + ], + bytes_of::(&AddPublisherArgs { + header: AddPublisher.into(), + publisher: Pubkey::new_unique(), + }) + ), + Err(OracleError::PermissionViolation.into()) + ) } From 4bba0a5f03d4af07a60dcad8154dc295ffc85dbe Mon Sep 17 00:00:00 2001 From: Guillermo Bescos Alapont Date: Mon, 19 Dec 2022 21:21:08 +0100 Subject: [PATCH 2/3] Add comments --- program/rust/src/tests/test_permission_migration.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/program/rust/src/tests/test_permission_migration.rs b/program/rust/src/tests/test_permission_migration.rs index 8545b5c61..3032cf4e4 100644 --- a/program/rust/src/tests/test_permission_migration.rs +++ b/program/rust/src/tests/test_permission_migration.rs @@ -274,6 +274,7 @@ fn test_permission_migration() { ); + // Security authority can change minimum number of publishers process_instruction( &program_id, &[ @@ -292,6 +293,7 @@ fn test_permission_migration() { ) .unwrap(); + // Security authority can't add publishers assert_eq!( process_instruction( &program_id, From b4d498450495d0575e18c3ab4a5146d6e722cb0d Mon Sep 17 00:00:00 2001 From: Guillermo Bescos Alapont Date: Mon, 19 Dec 2022 21:23:05 +0100 Subject: [PATCH 3/3] Cleanup --- program/rust/src/tests/test_permission_migration.rs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/program/rust/src/tests/test_permission_migration.rs b/program/rust/src/tests/test_permission_migration.rs index 3032cf4e4..db6c14780 100644 --- a/program/rust/src/tests/test_permission_migration.rs +++ b/program/rust/src/tests/test_permission_migration.rs @@ -16,7 +16,6 @@ use { DelPublisherArgs, InitPriceArgs, OracleCommand::{ - self, AddMapping, AddPrice, AddProduct, @@ -35,7 +34,6 @@ use { tests::test_utils::AccountSetup, }, bytemuck::bytes_of, - num_traits::ToPrimitive, solana_program::pubkey::Pubkey, }; @@ -283,10 +281,7 @@ fn test_permission_migration() { permissions_account.clone(), ], bytes_of::(&SetMinPubArgs { - header: CommandHeader { - version: PC_VERSION, - command: OracleCommand::SetMinPub.to_i32().unwrap(), - }, + header: SetMinPub.into(), minimum_publishers: 5, unused_: [0; 3], }),