phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-04-29 14:59:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge bitcoin/bitcoin#32079: test: Add test coverage for rpcwhitelistdefault when unset

Browse source 
2929da1dd5 test: Add coverage for rpcwhitelistdefault when unset (naiyoma)
535b874707 test: Combine rpcwhitelistdefault functions (naiyoma)
2b6ce9254d test: Update permissions and string formatting (naiyoma)

Pull request description:

  This is a follow-up PR to address review feedback from [https://github.com/bitcoin/bitcoin/pull/29858](https://github.com/bitcoin/bitcoin/pull/29858)

  - [x]  add  case where rpcwhitelistdefault setting is [unset](https://github.com/bitcoin/bitcoin/pull/29858#pullrequestreview-2532726241)
  - [x] Code [cleanup](https://github.com/bitcoin/bitcoin/pull/29858#discussion_r1927238617) , change password and f-string formatting
  - [x] [Combine](https://github.com/bitcoin/bitcoin/pull/29858#discussion_r1930137601) rpcwhitelistdefault tests into `test_rpcwhitelistdefault_permissions`
  I am not sure if my approach of adding` test_rpcwhitelistdefault_unset` is better or if I should just include the assertions in the existing `test_rpcwhitelistdefault_permissions`

ACKs for top commit:
  w0xlt:
    Code review ACK 2929da1dd5
  achow101:
    ACK 2929da1dd5
  ryanofsky:
    Code review ACK 2929da1dd5. Only change since last review was simplifying the last commit as suggested

Tree-SHA512: 6750dd3e6abaca3a09ad1fd5d07c64767bc59188ff953cbc26aa7796071774cb92745ac82cf91e479632d682fd450bc00d53032454b65b22654a3e770ec68e89
This commit is contained in:
Ava Chow 2025-04-16 16:24:01 -07:00
commit b6282dbd45
No known key found for this signature in database
GPG key ID: 17565732E08E5E41
1 changed files with 23 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
test/functional/rpc_whitelist.py
View file

@ -26,7 +26,7 @@ def rpccall(node, user, method):
def get_permissions(whitelist): def get_permissions(whitelist):
return [perm for perm in whitelist.replace(" ", "").split(",") if perm] return [perm for perm in whitelist.split(",") if perm]
class RPCWhitelistTest(BitcoinTestFramework): class RPCWhitelistTest(BitcoinTestFramework):
@ -56,7 +56,7 @@ class RPCWhitelistTest(BitcoinTestFramework):
# Testing the same permission twice # Testing the same permission twice
["strangedude5", "d12c6e962d47a454f962eb41225e6ec8$2dd39635b155536d3c1a2e95d05feff87d5ba55f2d5ff975e6e997a836b717c9", ":getblockcount,getblockcount", "s7R4nG3R7H1nGZ"], ["strangedude5", "d12c6e962d47a454f962eb41225e6ec8$2dd39635b155536d3c1a2e95d05feff87d5ba55f2d5ff975e6e997a836b717c9", ":getblockcount,getblockcount", "s7R4nG3R7H1nGZ"],
# Test non-whitelisted user # Test non-whitelisted user
["strangedude6", "ab02e4fb22ef4ab004cca217a49ee8d2$90dd09b08edd12d552d9d8a5ada838dcef2ac587789fa7e9c47f5990e80cdf93", None, "password123"] ["strangedude6", "67e5583538958883291f6917883eca64$8a866953ef9c5b7d078a62c64754a4eb74f47c2c17821eb4237021d7ef44f991", None, "N4SziYbHmhC1"]
] ]
# These commands shouldn't be allowed for any user to test failures # These commands shouldn't be allowed for any user to test failures
self.never_allowed = ["getnetworkinfo"] self.never_allowed = ["getnetworkinfo"]
@ -74,7 +74,7 @@ class RPCWhitelistTest(BitcoinTestFramework):
for user in self.users: for user in self.users:
for permission in self.never_allowed: for permission in self.never_allowed:
self.log.info("[" + user[0] + "]: Testing a non permitted permission (" + permission + ")") self.log.info(f"[{user[0]}]: Testing a non permitted permission ({permission})")
assert_equal(403, rpccall(self.nodes[0], user, permission).status) assert_equal(403, rpccall(self.nodes[0], user, permission).status)
# Now test the strange users # Now test the strange users
for permission in self.never_allowed: for permission in self.never_allowed:
@ -91,7 +91,7 @@ class RPCWhitelistTest(BitcoinTestFramework):
assert_equal(200, rpccall(self.nodes[0], self.strange_users[4], "getblockcount").status) assert_equal(200, rpccall(self.nodes[0], self.strange_users[4], "getblockcount").status)
self.test_users_permissions() self.test_users_permissions()
self.test_rpcwhitelistdefault_0_no_permissions() self.test_rpcwhitelistdefault_permissions(0, 200)
# Replace file configurations # Replace file configurations
self.nodes[0].replace_in_config([("rpcwhitelistdefault=0", "rpcwhitelistdefault=1")]) self.nodes[0].replace_in_config([("rpcwhitelistdefault=0", "rpcwhitelistdefault=1")])
@ -99,9 +99,16 @@ class RPCWhitelistTest(BitcoinTestFramework):
f.write("rpcwhitelist=__cookie__:getblockcount,getblockchaininfo,getmempoolinfo,stop\n") f.write("rpcwhitelist=__cookie__:getblockcount,getblockchaininfo,getmempoolinfo,stop\n")
self.restart_node(0) self.restart_node(0)
# Test rpcwhitelistdefault=1
self.test_users_permissions() self.test_users_permissions()
self.test_rpcwhitelistdefault_1_no_permissions() self.test_rpcwhitelistdefault_permissions(1, 403)
# Ensure that not specifying -rpcwhitelistdefault is the same as
# specifying -rpcwhitelistdefault=1. Only explicitly whitelisted users
# should be allowed.
self.nodes[0].replace_in_config([("rpcwhitelistdefault=1", "")])
self.restart_node(0)
self.test_users_permissions()
self.test_rpcwhitelistdefault_permissions(1, 403)
def test_users_permissions(self): def test_users_permissions(self):
""" """
@ -113,32 +120,23 @@ class RPCWhitelistTest(BitcoinTestFramework):
for user in self.users: for user in self.users:
permissions = get_permissions(user[2]) permissions = get_permissions(user[2])
for permission in permissions: for permission in permissions:
self.log.info("[" + user[0] + "]: Testing whitelisted user permission (" + permission + ")") self.log.info(f"[{user[0]}]: Testing whitelisted user permission ({permission})")
assert_equal(200, rpccall(self.nodes[0], user, permission).status) assert_equal(200, rpccall(self.nodes[0], user, permission).status)
self.log.info("[" + user[0] + "]: Testing non-permitted permission: getblockchaininfo") self.log.info(f"[{user[0]}]: Testing non-permitted permission: getblockchaininfo")
assert_equal(403, rpccall(self.nodes[0], user, "getblockchaininfo").status) assert_equal(403, rpccall(self.nodes[0], user, "getblockchaininfo").status)
def test_rpcwhitelistdefault_0_no_permissions(self): def test_rpcwhitelistdefault_permissions(self, default_value, expected_status):
""" """
* rpcwhitelistdefault=0 * rpcwhitelistdefault={default_value}
* No Permissions defined * No Permissions defined
Expected result: * strangedude6 (not whitelisted) can access any method Expected result: strangedude6 (not whitelisted) access is determined by default_value
When default_value=0: expects 200
When default_value=1: expects 403
""" """
unrestricted_user = self.strange_users[6] user = self.strange_users[6] # strangedude6
for permission in ["getbestblockhash", "getblockchaininfo"]: for permission in ["getbestblockhash", "getblockchaininfo"]:
self.log.info("[" + unrestricted_user[0] + "]: Testing unrestricted user permission (" + permission + ")") self.log.info(f"[{user[0]}]: Testing rpcwhitelistdefault={default_value} no specified permission ({permission})")
assert_equal(200, rpccall(self.nodes[0], unrestricted_user, permission).status) assert_equal(expected_status, rpccall(self.nodes[0], user, permission).status)
def test_rpcwhitelistdefault_1_no_permissions(self):
"""
* rpcwhitelistdefault=1
* No Permissions defined
Expected result: * strangedude6 (not whitelisted) can not access any method
"""
for permission in ["getbestblockhash", "getblockchaininfo"]:
self.log.info("[" + self.strange_users[6][0] + "]: Testing rpcwhitelistdefault=1 no specified permission (" + permission + ")")
assert_equal(403, rpccall(self.nodes[0], self.strange_users[6], permission).status)
if __name__ == "__main__": if __name__ == "__main__":