Skip to content

fix(valopers): validate auth-list members, sanitize description, reject negative min fee#5874

Open
davd-gzl wants to merge 2 commits into
gnolang:masterfrom
davd-gzl:fix/valopers-authlist-member-validate
Open

fix(valopers): validate auth-list members, sanitize description, reject negative min fee#5874
davd-gzl wants to merge 2 commits into
gnolang:masterfrom
davd-gzl:fix/valopers-authlist-member-validate

Conversation

@davd-gzl

Copy link
Copy Markdown
Member

Description

Three input-validation hardenings in r/gnops/valopers, all on operator-controlled inputs that previously reached state or rendering unchecked.

Changes

valopers.gno

  • AddToAuthList / DeleteFromAuthList: reject malformed bech32 member addresses up front via the existing validateBech32 helper, instead of letting empty/garbage values reach the auth list.
  • Render: sanitize the operator-controlled Description through p/nt/markdown/sanitize/v0.Block before emitting. This neutralizes structural markdown injection (forged headings, HTML blocks) that would otherwise break into the profile page or the govdao proposal that embeds Render. The branch keys on the sanitized result, not the raw description, so a description that sanitizes to empty still terminates the heading line.

proposal/proposal.gno

  • ProposeNewMinFeeProposalRequest: reject a negative newMinFee (new ErrNegativeMinFee) before the int64uint64 cast.

Tests

  • valopers_test.gno: invalid auth-list member address rejected (empty + bad-checksum); Render sanitizes a forged-heading description while preserving prose, and a description that sanitizes to empty keeps the heading line terminated.
  • proposal_test.gno: negative min-fee rejected.
  • filetests/z_2_filetest.gno: expected output updated for the sanitize.Block blank-line envelope.

Verification

gno test passes for the valopers and valopers/proposal packages.

…ct negative min fee

- AddToAuthList/DeleteFromAuthList now reject malformed bech32 member
  addresses up front (validateBech32) instead of letting garbage reach
  the auth list.
- Render sanitizes the operator-controlled description via
  markdown/sanitize.Block, neutralizing structural markdown injection
  (forged headings, HTML blocks) before it reaches the profile page or
  the govdao proposal that embeds Render. Branch on the sanitized
  result so a description that sanitizes to empty still terminates the
  heading line.
- ProposeNewMinFeeProposalRequest rejects a negative newMinFee before
  casting to uint64.
@github-actions github-actions Bot added the 🧾 package/realm Tag used for new Realms or Packages. label Jun 30, 2026
@Gno2D2 Gno2D2 added the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Jun 30, 2026
@Gno2D2

Gno2D2 commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

🛠 PR Checks Summary

🔴 Pending initial approval by a review team member, or review from tech-staff

Manual Checks (for Reviewers):
  • IGNORE the bot requirements for this PR (force green CI check)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)
🔴 Pending initial approval by a review team member, or review from tech-staff

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Automated Checks
Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: davd-gzl/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request

Pending initial approval by a review team member, or review from tech-staff

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 Not (🔴 Pull request author is a member of the team: tech-staff)

Then

🔴 Requirement not satisfied
└── 🔴 If
    ├── 🔴 Condition
    │   └── 🔴 Or
    │       ├── 🔴 At least one of these user(s) reviewed the pull request: [aronpark1007 davd-gzl jefft0 notJoon omarsy MikaelVallenet] (with state "APPROVED")
    │       ├── 🔴 At least 1 user(s) of the team tech-staff reviewed pull request
    │       └── 🔴 This pull request is a draft
    └── 🔴 Else
        └── 🔴 And
            ├── 🟢 This label is applied to pull request: review/triage-pending
            └── 🔴 On no pull request

Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

🧾 package/realm Tag used for new Realms or Packages. review/triage-pending PRs opened by external contributors that are waiting for the 1st review

Projects

Development

Successfully merging this pull request may close these issues.

2 participants