From b2128cf643418d5babd9309f2361e7bb156e0446 Mon Sep 17 00:00:00 2001 From: samsamtrum Date: Thu, 25 Jun 2026 01:36:11 +0700 Subject: [PATCH] Reject malformed UTxO output indexes --- .../src/utils/transaction-parser.ts | 7 +++- .../test/utils/transaction-parser.test.ts | 39 +++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 packages/mesh-core-csl/test/utils/transaction-parser.test.ts diff --git a/packages/mesh-core-csl/src/utils/transaction-parser.ts b/packages/mesh-core-csl/src/utils/transaction-parser.ts index 9bf2896c6..e7b057987 100644 --- a/packages/mesh-core-csl/src/utils/transaction-parser.ts +++ b/packages/mesh-core-csl/src/utils/transaction-parser.ts @@ -20,9 +20,14 @@ export const getRequiredInputs = (transactionHex: string): TxInput[] => { `Invalid UTxO format: ${utxoStr}. Expected format is txHash#outputIndex`, ); } + if (!/^\d+$/.test(outputIndex)) { + throw new Error( + `Invalid UTxO output index: ${outputIndex}. Expected a nonnegative integer`, + ); + } return { txHash: txHash, - outputIndex: parseInt(outputIndex), + outputIndex: Number(outputIndex), }; }); }; diff --git a/packages/mesh-core-csl/test/utils/transaction-parser.test.ts b/packages/mesh-core-csl/test/utils/transaction-parser.test.ts new file mode 100644 index 000000000..d438aaf10 --- /dev/null +++ b/packages/mesh-core-csl/test/utils/transaction-parser.test.ts @@ -0,0 +1,39 @@ +import { js_get_required_inputs_to_resolve } from "@sidan-lab/whisky-js-nodejs"; + +import { getRequiredInputs } from "../../src/utils/transaction-parser"; + +jest.mock("@sidan-lab/whisky-js-nodejs", () => ({ + js_get_required_inputs_to_resolve: jest.fn(), +})); + +const mockedGetRequiredInputs = jest.mocked(js_get_required_inputs_to_resolve); + +const mockRequiredInputs = (data: string[]) => { + mockedGetRequiredInputs.mockReturnValue({ + get_status: () => "success", + get_error: () => "", + get_data: () => JSON.stringify(data), + } as ReturnType); +}; + +describe("getRequiredInputs", () => { + beforeEach(() => { + mockedGetRequiredInputs.mockReset(); + }); + + test("rejects malformed output indexes", () => { + mockRequiredInputs(["txhash#1abc"]); + + expect(() => getRequiredInputs("txhex")).toThrow( + "Invalid UTxO output index: 1abc", + ); + }); + + test("parses nonnegative integer output indexes", () => { + mockRequiredInputs(["txhash#12"]); + + expect(getRequiredInputs("txhex")).toEqual([ + { txHash: "txhash", outputIndex: 12 }, + ]); + }); +});