pa193_test_parser_nem's People
Forkers
karmpa193_test_parser_nem's Issues
JSON - not validating null values and negative numbers
The JSON serializer does not handle null values and negative numbers and declares blocks containing them invalid. (Numerous instances of such NEM blocks were observed in real world.)
Integer overflow
The program does not check too long number strings that might overflow an integer. However, the underlying \texttt{stod} function from standard library throws an exception which is then caught by the program (in the very generic catch-all-exceptions block) and the program ends with unspecified parsing error. This happens at: JsonAttribute.cpp:49.
JSON - not validating quotes at attribute names
JSON serializer expects quotes around attribute names, but does not check whether they are actually there. Replacing the quotes with a random character makes the parser accept an invalid JSON file as a valid block.
String underflow
Empty attribute names cause the JSON parser to attempt to erase character at negative index from a string. However, the underlying \texttt{erase} function from standard library throws an exception which is then caught by the program (in the very generic catch-all-exceptions block) and the program ends with unspecified parsing error. This happens at JsonSerializer.cpp:278.
Missing block validation
The block hashes are not validated. Any two blocks with correct structure and consecutive timestamps are declared valid regardless of the block hash.
Memory leak
Multiple blocks of memory are allocated. If some allocations succeed and then at least one fails, an exception is thrown but the former successfully allocated blocks are never released. (However, the impact is limited, since the program then exits right away.) This happens at: Transaction.cpp:298 & 305
Parsing fails on some transaction types
Some transaction types that have been observed in the wild were (namely 2049/0x801 and 4100/0x1004) are not parsed correctly -- the parser claims the block is invalid when converting it from JSON object to block structure (hence, these blocks do not even reach the checks for supported transaction types later in the code and the expected exception of unsupported transaction type is not thrown).
Missing format validation
Format of some of the data is not checked. For example, the parser accepts hash of arbitrary length as valid.
Not handling embedded quotes in string
JSON parser does not handle embedded (escaped) quotes in string correctly (e.g. string "Hello "world"!"). One such block has been observed in the wild.
Missing Transaction validation crypto
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.