diff options
| author | Martin Holst Swende <martin@swende.se> | 2018-09-25 21:54:58 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-09-25 21:54:58 +0800 |
| commit | d3441ebb563439bac0837d70591f92e2c6080303 (patch) | |
| tree | cec46689f8ec4fd4570322e79ad7167c3b792c74 /cmd | |
| parent | a95a601f35c49be6045de522138f639fbb68c885 (diff) | |
| download | dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.gz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.bz2 dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.lz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.xz dexon-d3441ebb563439bac0837d70591f92e2c6080303.tar.zst dexon-d3441ebb563439bac0837d70591f92e2c6080303.zip | |
cmd/clef, signer: security fixes (#17554)
* signer: remove local path disclosure from extapi
* signer: show more data in cli ui
* rpc: make http server forward UA and Origin via Context
* signer, clef/core: ui changes + display UA and Origin
* signer: cliui - indicate less trust in remote headers, see https://github.com/ethereum/go-ethereum/issues/17637
* signer: prevent possibility swap KV-entries in aes_gcm storage, fixes #17635
* signer: remove ecrecover from external API
* signer,clef: default reject instead of warn + valideate new passwords. fixes #17632 and #17631
* signer: check calldata length even if no ABI signature is present
* signer: fix failing testcase
* clef: remove account import from external api
* signer: allow space in passwords, improve error messsage
* signer/storage: fix typos
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/clef/extapi_changelog.md | 7 | ||||
| -rw-r--r-- | cmd/clef/main.go | 10 |
2 files changed, 15 insertions, 2 deletions
diff --git a/cmd/clef/extapi_changelog.md b/cmd/clef/extapi_changelog.md index 2014e90ae..6c2c3e819 100644 --- a/cmd/clef/extapi_changelog.md +++ b/cmd/clef/extapi_changelog.md @@ -1,6 +1,13 @@ ### Changelog for external API +#### 4.0.0 +* The external `account_Ecrecover`-method was removed. +* The external `account_Import`-method was removed. + +#### 3.0.0 + +* The external `account_List`-method was changed to not expose `url`, which contained info about the local filesystem. It now returns only a list of addresses. #### 2.0.0 diff --git a/cmd/clef/main.go b/cmd/clef/main.go index f363a86f2..c060285be 100644 --- a/cmd/clef/main.go +++ b/cmd/clef/main.go @@ -48,7 +48,7 @@ import ( ) // ExternalAPIVersion -- see extapi_changelog.md -const ExternalAPIVersion = "2.0.0" +const ExternalAPIVersion = "3.0.0" // InternalAPIVersion -- see intapi_changelog.md const InternalAPIVersion = "2.0.0" @@ -70,6 +70,10 @@ var ( Value: 4, Usage: "log level to emit to the screen", } + advancedMode = cli.BoolFlag{ + Name: "advanced", + Usage: "If enabled, issues warnings instead of rejections for suspicious requests. Default off", + } keystoreFlag = cli.StringFlag{ Name: "keystore", Value: filepath.Join(node.DefaultDataDir(), "keystore"), @@ -191,6 +195,7 @@ func init() { ruleFlag, stdiouiFlag, testFlag, + advancedMode, } app.Action = signer app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand} @@ -384,7 +389,8 @@ func signer(c *cli.Context) error { c.String(keystoreFlag.Name), c.Bool(utils.NoUSBFlag.Name), ui, db, - c.Bool(utils.LightKDFFlag.Name)) + c.Bool(utils.LightKDFFlag.Name), + c.Bool(advancedMode.Name)) api = apiImpl |