aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/clef
diff options
context:
space:
mode:
authorMartin Holst Swende <martin@swende.se>2018-09-25 21:54:58 +0800
committerGitHub <noreply@github.com>2018-09-25 21:54:58 +0800
commitd3441ebb563439bac0837d70591f92e2c6080303 (patch)
treecec46689f8ec4fd4570322e79ad7167c3b792c74 /cmd/clef
parenta95a601f35c49be6045de522138f639fbb68c885 (diff)
downloaddexon-d3441ebb563439bac0837d70591f92e2c6080303.tar
dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.gz
dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.bz2
dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.lz
dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.xz
dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.zst
dexon-d3441ebb563439bac0837d70591f92e2c6080303.zip
cmd/clef, signer: security fixes (#17554)
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see https://github.com/ethereum/go-ethereum/issues/17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
Diffstat (limited to 'cmd/clef')
-rw-r--r--cmd/clef/extapi_changelog.md7
-rw-r--r--cmd/clef/main.go10
2 files changed, 15 insertions, 2 deletions
diff --git a/cmd/clef/extapi_changelog.md b/cmd/clef/extapi_changelog.md
index 2014e90ae..6c2c3e819 100644
--- a/cmd/clef/extapi_changelog.md
+++ b/cmd/clef/extapi_changelog.md
@@ -1,6 +1,13 @@
### Changelog for external API
+#### 4.0.0
+* The external `account_Ecrecover`-method was removed.
+* The external `account_Import`-method was removed.
+
+#### 3.0.0
+
+* The external `account_List`-method was changed to not expose `url`, which contained info about the local filesystem. It now returns only a list of addresses.
#### 2.0.0
diff --git a/cmd/clef/main.go b/cmd/clef/main.go
index f363a86f2..c060285be 100644
--- a/cmd/clef/main.go
+++ b/cmd/clef/main.go
@@ -48,7 +48,7 @@ import (
)
// ExternalAPIVersion -- see extapi_changelog.md
-const ExternalAPIVersion = "2.0.0"
+const ExternalAPIVersion = "3.0.0"
// InternalAPIVersion -- see intapi_changelog.md
const InternalAPIVersion = "2.0.0"
@@ -70,6 +70,10 @@ var (
Value: 4,
Usage: "log level to emit to the screen",
}
+ advancedMode = cli.BoolFlag{
+ Name: "advanced",
+ Usage: "If enabled, issues warnings instead of rejections for suspicious requests. Default off",
+ }
keystoreFlag = cli.StringFlag{
Name: "keystore",
Value: filepath.Join(node.DefaultDataDir(), "keystore"),
@@ -191,6 +195,7 @@ func init() {
ruleFlag,
stdiouiFlag,
testFlag,
+ advancedMode,
}
app.Action = signer
app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand}
@@ -384,7 +389,8 @@ func signer(c *cli.Context) error {
c.String(keystoreFlag.Name),
c.Bool(utils.NoUSBFlag.Name),
ui, db,
- c.Bool(utils.LightKDFFlag.Name))
+ c.Bool(utils.LightKDFFlag.Name),
+ c.Bool(advancedMode.Name))
api = apiImpl