nuget fix dependabot issue: Npgsql vulnerable to SQL Injection via Pr…

…otocol Message Size Overflow. Update protofiles, version bump.
nbd-wtf · May 17, 2024 · 745cdfb · 745cdfb
1 parent 41fd16b
commit 745cdfb
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 20 deletions.
diff --git a/LNBolt.Tests/LNBolt.Tests.csproj b/LNBolt.Tests/LNBolt.Tests.csproj
@@ -13,7 +13,7 @@
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
         <PackageReference Include="NUnit" Version="3.14.0" />
         <PackageReference Include="NUnit3TestAdapter" Version="4.5.0"/>
-        <PackageReference Include="org.ldk" Version="0.0.121.3" />
+        <PackageReference Include="org.ldk" Version="0.0.123" />
         <PackageReference Include="coverlet.collector" Version="6.0.2">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

diff --git a/LNUnit.LND/Grpc/walletrpc/walletkit.proto b/LNUnit.LND/Grpc/walletrpc/walletkit.proto
@@ -283,7 +283,7 @@ service WalletKit {
     /* lncli: `wallet labeltx`
     LabelTransaction adds a label to a transaction. If the transaction already
     has a label the call will fail unless the overwrite bool is set. This will
-    overwrite the exiting transaction label. Labels must not be empty, and
+    overwrite the existing transaction label. Labels must not be empty, and
     cannot exceed 500 characters.
     */
     rpc LabelTransaction (LabelTransactionRequest)
@@ -1176,7 +1176,7 @@ message BumpFeeRequest {
 
     // Optional. The deadline in number of blocks that the input should be spent
     // within. When not set, for new inputs, the default value (1008) is used;
-    // for exiting inputs, their current values will be retained.
+    // for existing inputs, their current values will be retained.
     uint32 target_conf = 2;
 
     /*

diff --git a/LNUnit.LND/LNUnit.LND.csproj b/LNUnit.LND/LNUnit.LND.csproj
@@ -6,7 +6,7 @@
         <Nullable>enable</Nullable>
         <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
         <PackageId>LNUnit.LND</PackageId>
-        <Version>1.6.4</Version>
+        <Version>1.6.5</Version>
         <PackageDescription>LNUnit LND Typed Clients</PackageDescription>
     </PropertyGroup>
 
@@ -20,11 +20,11 @@
     <ItemGroup>
         <PackageReference Include="EndianBinaryIO" Version="1.1.2"/>
         <PackageReference Include="Google.Protobuf" Version="3.26.1" />
-        <PackageReference Include="Grpc.Net.ClientFactory" Version="2.61.0"/>
-        <PackageReference Include="Grpc.Net.Client" Version="2.61.0"/>
-        <PackageReference Include="Grpc.Net.Common" Version="2.61.0"/>
+        <PackageReference Include="Grpc.Net.ClientFactory" Version="2.62.0"/>
+        <PackageReference Include="Grpc.Net.Client" Version="2.62.0"/>
+        <PackageReference Include="Grpc.Net.Common" Version="2.62.0"/>
 
-        <PackageReference Include="Grpc.Tools" Version="2.62.0">
+        <PackageReference Include="Grpc.Tools" Version="2.63.0">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>

diff --git a/LNUnit.Tests/Abstract/AbcLightningAbstractTests.cs b/LNUnit.Tests/Abstract/AbcLightningAbstractTests.cs
@@ -138,7 +138,7 @@ public async Task SetupNetwork(string lndImage = "lightninglabs/lnd", string lnd
                     RemoteName = "bob"
                 }
             ], imageName: lndImage, tagName: lndTag, pullImage: false, acceptKeysend: true, mapTotmp: false,
-            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["alice"] : null);
+            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["alice"] : null, lndkSupport:false, nativeSql: _dbType == "postgres" );
 
         Builder.AddPolarLNDNode("bob",
             [
@@ -149,7 +149,7 @@ public async Task SetupNetwork(string lndImage = "lightninglabs/lnd", string lnd
                     RemoteName = "alice"
                 }
             ], imageName: lndImage, tagName: lndTag, pullImage: false, acceptKeysend: true, mapTotmp: false,
-            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["bob"] : null);
+            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["bob"] : null, lndkSupport:false, nativeSql: _dbType == "postgres" );
 
         Builder.AddPolarLNDNode("carol",
             [
@@ -178,7 +178,7 @@ public async Task SetupNetwork(string lndImage = "lightninglabs/lnd", string lnd
                     RemoteName = "bob"
                 }
             ], imageName: lndImage, tagName: lndTag, pullImage: false, acceptKeysend: true, mapTotmp: false,
-            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["carol"] : null);
+            postgresDSN: _dbType == "postgres" ? PostgresFixture.LNDConnectionStrings["carol"] : null, lndkSupport:false, nativeSql: _dbType == "postgres" );
 
         await Builder.Build(lndRoot: lndRoot);
 
@@ -1007,15 +1007,18 @@ public async Task ListInvoiceAndPaymentPaging()
         var bob = await Builder.WaitUntilAliasIsServerReady("bob");
 
         //purge data
-        await bob.LightningClient.DeleteAllPaymentsAsync(new DeleteAllPaymentsRequest());
+        await bob.LightningClient.DeleteAllPaymentsAsync(new DeleteAllPaymentsRequest()
+        {
+            AllPayments = true
+        });
 
         foreach (var invoice in invoices)
         {
             var payment = await Builder.MakeLightningPaymentFromAlias("bob", new SendPaymentRequest
             {
                 PaymentRequest = invoice.PaymentRequest,
                 FeeLimitSat = 100000000,
-                TimeoutSeconds = 50
+                TimeoutSeconds = 50,
             });
             Assert.That(payment.Status == Payment.Types.PaymentStatus.Succeeded);
         }

diff --git a/LNUnit.Tests/LNUnit.Tests.csproj b/LNUnit.Tests/LNUnit.Tests.csproj
@@ -13,12 +13,12 @@
     <ItemGroup>
         <PackageReference Include="Docker.DotNet" Version="3.125.15"/>
         <PackageReference Include="JunitXml.TestLogger" Version="3.1.12" />
-        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.3" />
-        <PackageReference Include="Microsoft.Data.Sqlite" Version="8.0.3" />
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite.NetTopologySuite" Version="8.0.3" />
+        <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.5" />
+        <PackageReference Include="Microsoft.Data.Sqlite" Version="8.0.5" />
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite.NetTopologySuite" Version="8.0.5" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
         <PackageReference Include="NBitcoin" Version="7.0.36" />
-        <PackageReference Include="Npgsql" Version="8.0.2"/>
+        <PackageReference Include="Npgsql" Version="8.0.3" />
         <PackageReference Include="NUnit" Version="3.14.0" />
         <PackageReference Include="NUnit3TestAdapter" Version="4.5.0"/>
         <PackageReference Include="NUnit.Analyzers" Version="4.1.0">
@@ -32,7 +32,7 @@
         <PackageReference Include="ServiceStack" Version="8.2.2" />
         <PackageReference Include="SharpCompress" Version="0.36.0" />
 
-        <PackageReference Include="Serilog.Sinks.Seq" Version="7.0.0" />
+        <PackageReference Include="Serilog.Sinks.Seq" Version="7.0.1" />
         <!--        <PackageReference Include="Serilog.Sinks.AwsCloudWatch" Version="4.0.182"/>-->
         <PackageReference Include="Serilog.AspNetCore" Version="8.0.1" />
         <PackageReference Include="Serilog.Sinks.Console" Version="5.0.1" />

diff --git a/LNUnit/LNUnit.csproj b/LNUnit/LNUnit.csproj
@@ -5,7 +5,7 @@
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
         <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-        <Version>1.6.4</Version>
+        <Version>1.6.5</Version>
         <IsPackable>true</IsPackable>
         <PackageId>LNUnit</PackageId>
         <PackageDescription>Lightning Network Unit Testing Framework</PackageDescription>

diff --git a/LNUnit/Setup/LNUnitBuilder.cs b/LNUnit/Setup/LNUnitBuilder.cs
@@ -914,7 +914,8 @@ public static LNUnitBuilder AddPolarLNDNode(this LNUnitBuilder b, string aliasHo
         List<LNUnitNetworkDefinition.Channel>? channels = null, string bitcoinMinerHost = "miner",
         string rpcUser = "bitcoin", string rpcPass = "bitcoin", string imageName = "polarlightning/lnd",
         string tagName = "0.17.4-beta", bool acceptKeysend = true, bool pullImage = true, bool mapTotmp = false,
-        bool gcInvoiceOnStartup = false, bool gcInvoiceOnFly = false, string? postgresDSN = null, string lndRoot = "/home/lnd/.lnd")
+        bool gcInvoiceOnStartup = false, bool gcInvoiceOnFly = false, string? postgresDSN = null, 
+        string lndRoot = "/home/lnd/.lnd", bool lndkSupport = false, bool nativeSql = false)
     {
         var cmd = new List<string>
         {
@@ -942,6 +943,17 @@ public static LNUnitBuilder AddPolarLNDNode(this LNUnitBuilder b, string aliasHo
             "--gossip.max-channel-update-burst=100",
             "--gossip.channel-update-interval=1s"
         };
+        // if (nativeSql)
+        // {
+        //     cmd.Add("--db.use-native-sql");
+        //
+        // }
+        if (lndkSupport) //TODO: must compile LND with 'dev' flags before can play with this
+        {
+            cmd.Add("--protocol.custom-message=513");
+            cmd.Add("--protocol.custom-nodeann=39");
+            cmd.Add("--protocol.custom-init=39");
+        }
 
         if (!postgresDSN.IsEmpty())
         {