Skip to content

Commit

Permalink
fix(cactus-core-api): address CVE-2021-38192 - GHSA-x4qm-mcjq-v2gf
Browse files Browse the repository at this point in the history
Performs a minor semver upgrades to tonic, tonic-build and prost so
that the vulnerable version of prost-types is no longer in the
dependency tree.

Fixes #2612

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
  • Loading branch information
petermetz committed Aug 17, 2023
1 parent 2813b75 commit ff1afa5
Show file tree
Hide file tree
Showing 8 changed files with 606 additions and 633 deletions.
716 changes: 290 additions & 426 deletions packages/cactus-core-api/Cargo.lock

Large diffs are not rendered by default.

13 changes: 3 additions & 10 deletions packages/cactus-core-api/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,13 @@ path = "src/main/rust/pb.rs"


[dependencies]
tonic = {version="0.2", features = ["tls"]}
prost = "0.6"
tonic = {version="0.6.2", features = ["tls"]}
prost = "0.9"
tokio = { version = "1.18", features = ["macros", "fs"] }
serde = {version="1.0.110", features = ["derive"]}

# These upgraded versions compile fine as well, so we should upgrade them
# in the future:
# tonic = {version="0.6.2", features = ["tls"]}
# prost = "0.9"
# tokio = { version = "1.15.0", features = ["macros", "fs"] }
# serde = {version="1.0.110", features = ["derive"]}

[build-dependencies]
tonic-build = "0.2"
tonic-build = "0.6.2"



Expand Down
Original file line number Diff line number Diff line change
@@ -1,20 +1,32 @@
/// This message respresents "ACKs" sent between relay-relay,
/// relay-driver and relay-network
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct Ack {
#[prost(enumeration = "ack::Status", tag = "2")]
pub status: i32,
#[prost(string, tag = "3")]
pub request_id: std::string::String,
pub request_id: ::prost::alloc::string::String,
/// an error can have an associated string
/// this is the best way to represent this in protobuf
#[prost(string, tag = "4")]
pub message: std::string::String,
pub message: ::prost::alloc::string::String,
}
/// Nested message and enum types in `Ack`.
pub mod ack {
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[derive(
serde::Serialize,
serde::Deserialize,
Clone,
Copy,
Debug,
PartialEq,
Eq,
Hash,
PartialOrd,
Ord,
::prost::Enumeration,
)]
#[repr(i32)]
#[derive(serde::Serialize, serde::Deserialize)]
pub enum Status {
Ok = 0,
Error = 1,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
/// the payload to define the data that is being requested
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct Query {
#[prost(string, repeated, tag = "1")]
pub policy: ::std::vec::Vec<std::string::String>,
pub policy: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
#[prost(string, tag = "2")]
pub address: std::string::String,
pub address: ::prost::alloc::string::String,
#[prost(string, tag = "3")]
pub requesting_relay: std::string::String,
pub requesting_relay: ::prost::alloc::string::String,
#[prost(string, tag = "4")]
pub requesting_network: std::string::String,
pub requesting_network: ::prost::alloc::string::String,
#[prost(string, tag = "5")]
pub certificate: std::string::String,
pub certificate: ::prost::alloc::string::String,
#[prost(string, tag = "6")]
pub requestor_signature: std::string::String,
pub requestor_signature: ::prost::alloc::string::String,
#[prost(string, tag = "7")]
pub nonce: std::string::String,
pub nonce: ::prost::alloc::string::String,
#[prost(string, tag = "8")]
pub request_id: std::string::String,
pub request_id: ::prost::alloc::string::String,
#[prost(string, tag = "9")]
pub requesting_org: std::string::String,
pub requesting_org: ::prost::alloc::string::String,
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/// Metadata for a View
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct Meta {
/// Underlying distributed ledger protocol.
#[prost(enumeration = "meta::Protocol", tag = "1")]
Expand All @@ -8,67 +8,92 @@ pub struct Meta {
/// If the observer and network are synchronizing on a global clock
/// there won't be a need to distinguish between static and dynamic views.
#[prost(string, tag = "2")]
pub timestamp: std::string::String,
pub timestamp: ::prost::alloc::string::String,
/// Notorization, SPV, ZKP, etc. Possibly enum
#[prost(string, tag = "3")]
pub proof_type: std::string::String,
pub proof_type: ::prost::alloc::string::String,
/// The data field's serialization format (e.g. JSON, XML, Protobuf)
#[prost(string, tag = "4")]
pub serialization_format: std::string::String,
pub serialization_format: ::prost::alloc::string::String,
}
/// Nested message and enum types in `Meta`.
pub mod meta {
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[derive(
serde::Serialize,
serde::Deserialize,
Clone,
Copy,
Debug,
PartialEq,
Eq,
Hash,
PartialOrd,
Ord,
::prost::Enumeration,
)]
#[repr(i32)]
#[derive(serde::Serialize, serde::Deserialize)]
pub enum Protocol {
Bitcoin = 0,
Ethereum = 1,
Fabric = 3,
Corda = 4,
}
}
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct View {
#[prost(message, optional, tag = "1")]
pub meta: ::std::option::Option<Meta>,
pub meta: ::core::option::Option<Meta>,
/// Represents the data playload of this view.
/// The representation of Fabric, Corda etc will be captured elsewhere.
/// For some protocols, like Bitcoin, the structure of an SPV proof is well known.
#[prost(bytes, tag = "2")]
pub data: std::vec::Vec<u8>,
#[prost(bytes = "vec", tag = "2")]
pub data: ::prost::alloc::vec::Vec<u8>,
}
/// View represents the response from a remote network
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct ViewPayload {
#[prost(string, tag = "1")]
pub request_id: std::string::String,
pub request_id: ::prost::alloc::string::String,
#[prost(oneof = "view_payload::State", tags = "2, 3")]
pub state: ::std::option::Option<view_payload::State>,
pub state: ::core::option::Option<view_payload::State>,
}
/// Nested message and enum types in `ViewPayload`.
pub mod view_payload {
#[derive(Clone, PartialEq, ::prost::Oneof, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Oneof)]
pub enum State {
#[prost(message, tag = "2")]
View(super::View),
#[prost(string, tag = "3")]
Error(std::string::String),
Error(::prost::alloc::string::String),
}
}
/// the payload that is used for the communication between the requesting relay
/// and its network
#[derive(Clone, PartialEq, ::prost::Message, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Message)]
pub struct RequestState {
#[prost(string, tag = "1")]
pub request_id: std::string::String,
pub request_id: ::prost::alloc::string::String,
#[prost(enumeration = "request_state::Status", tag = "2")]
pub status: i32,
#[prost(oneof = "request_state::State", tags = "3, 4")]
pub state: ::std::option::Option<request_state::State>,
pub state: ::core::option::Option<request_state::State>,
}
/// Nested message and enum types in `RequestState`.
pub mod request_state {
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[derive(
serde::Serialize,
serde::Deserialize,
Clone,
Copy,
Debug,
PartialEq,
Eq,
Hash,
PartialOrd,
Ord,
::prost::Enumeration,
)]
#[repr(i32)]
#[derive(serde::Serialize, serde::Deserialize)]
pub enum Status {
/// pending ACK from remote relay
PendingAck = 0,
Expand All @@ -77,11 +102,11 @@ pub mod request_state {
Error = 2,
Completed = 3,
}
#[derive(Clone, PartialEq, ::prost::Oneof, serde::Serialize, serde::Deserialize)]
#[derive(serde::Serialize, serde::Deserialize, Clone, PartialEq, ::prost::Oneof)]
pub enum State {
#[prost(message, tag = "3")]
View(super::View),
#[prost(string, tag = "4")]
Error(std::string::String),
Error(::prost::alloc::string::String),
}
}
Loading

0 comments on commit ff1afa5

Please sign in to comment.