anoma/namada-shielded-expedition

Crash when executing an tx-result transaction

duyhla opened this issue · 0 comments

duyhla commented

Title:

  • Finding Security Vulnerabilities.

Summary:

  • Crash when executing an tx-result transaction.

Details:

  • When executing the command namadac tx-result --tx-hash "DuyTestSomething '&& 1=1" during testing phases to assess SQL injection vulnerabilities, the application crashes. The error message received is as follows:
The application panicked (crashed).
Message:  Unable to query for transaction with given hash: 
   0: response error
   1: Internal error: 
      parse error near PegText (line 1 symbol 17 - line 1 symbol 40):
      "'DuyTestSomething \\'"
       (code: -32603)

Location:
   /home/runner/.cargo/registry/src/index.crates.io-6f17d22bba15001f/flex-error-0.4.4/src/tracer_impl/eyre.rs:10

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.
Location: /home/runner/work/namada/namada/crates/sdk/src/rpc.rs:683

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.

Steps to Reproduce:

  1. Execute the command namadac tx-result --tx-hash "DuyTestSomething '&& 1=1".
  2. Observe the application crash.

Expected Behavior:

  • The application should handle the SQL injection test gracefully, providing appropriate error handling or rejecting the input.

Actual Behavior:

  • The application crashes with the provided error message when encountering the SQL injection test.

Additional Information:

  • This issue poses a potential security risk as it indicates vulnerability to SQL injection attacks.
  • The error message suggests an internal parsing error near the provided input 'DuyTestSomething \'.

Environment:

  • Operating System: Linux Ubuntu 22.04.4 LTS
  • Application Version: v0.31.9

Proposed Solution:

  • Review the code handling transaction queries to identify and fix the parsing error.
  • Implement input validation or sanitization to prevent SQL injection vulnerabilities.
  • Consider adopting parameterized queries or ORM frameworks to mitigate SQL injection risks.