From 03a8a2051d662c825a0f1a29133ead4d9c2b8563 Mon Sep 17 00:00:00 2001 From: b00f Date: Thu, 9 Jan 2025 15:53:36 +0800 Subject: [PATCH] fix: prevent panic on invalid package number (#250) --- internal/engine/command/crowdfund/crowdfund.go | 10 +++++----- internal/engine/command/crowdfund/purchase.go | 6 +++++- internal/engine/command/crowdfund/purchase_test.go | 10 ++++++++++ 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/internal/engine/command/crowdfund/crowdfund.go b/internal/engine/command/crowdfund/crowdfund.go index d8e7427e..1fc43777 100644 --- a/internal/engine/command/crowdfund/crowdfund.go +++ b/internal/engine/command/crowdfund/crowdfund.go @@ -52,16 +52,16 @@ func (c *CrowdfundCmd) GetCommand() *command.Command { c.subCmdDisable.Middlewares = []command.MiddlewareFunc{middlewareHandler.OnlyModerator} c.subCmdReport.AppIDs = entity.AllAppIDs() - c.subCmdReport.TargetFlag = command.TargetMaskModerator | command.TargetMaskMainnet + c.subCmdReport.TargetFlag = command.TargetMaskMainnet c.subCmdInfo.AppIDs = entity.AllAppIDs() - c.subCmdInfo.TargetFlag = command.TargetMaskModerator | command.TargetMaskMainnet + c.subCmdInfo.TargetFlag = command.TargetMaskMainnet c.subCmdPurchase.AppIDs = entity.AllAppIDs() - c.subCmdPurchase.TargetFlag = command.TargetMaskModerator | command.TargetMaskMainnet + c.subCmdPurchase.TargetFlag = command.TargetMaskMainnet c.subCmdClaim.AppIDs = entity.AllAppIDs() - c.subCmdClaim.TargetFlag = command.TargetMaskModerator | command.TargetMaskMainnet + c.subCmdClaim.TargetFlag = command.TargetMaskMainnet activeCampaign := c.activeCampaign() if activeCampaign != nil { @@ -69,7 +69,7 @@ func (c *CrowdfundCmd) GetCommand() *command.Command { for index, pkg := range activeCampaign.Packages { choice := command.Choice{ Name: pkg.Name, - Value: index, + Value: index + 1, } purchaseChoices = append(purchaseChoices, choice) diff --git a/internal/engine/command/crowdfund/purchase.go b/internal/engine/command/crowdfund/purchase.go index f3ce5178..4d56a76f 100644 --- a/internal/engine/command/crowdfund/purchase.go +++ b/internal/engine/command/crowdfund/purchase.go @@ -18,7 +18,11 @@ func (c *CrowdfundCmd) purchaseHandler( return cmd.RenderFailedTemplate("No active campaign") } - pkgIndex, _ := strconv.Atoi(args[argNamePurchasePackage]) + pkgNumber, _ := strconv.Atoi(args[argNamePurchasePackage]) + pkgIndex := pkgNumber - 1 + if pkgIndex == -1 || pkgIndex >= len(activeCampaign.Packages) { + return cmd.RenderFailedTemplateF("Invalid package number: %d", pkgNumber) + } pkg := activeCampaign.Packages[pkgIndex] purchase := &entity.CrowdfundPurchase{ diff --git a/internal/engine/command/crowdfund/purchase_test.go b/internal/engine/command/crowdfund/purchase_test.go index c511b685..8a566f74 100644 --- a/internal/engine/command/crowdfund/purchase_test.go +++ b/internal/engine/command/crowdfund/purchase_test.go @@ -40,4 +40,14 @@ func TestPurchase(t *testing.T) { assert.True(t, result.Successful) assert.Contains(t, result.Message, "payment-link") }) + + t.Run("Invalid Package Number", func(t *testing.T) { + args := map[string]string{ + "package": "0", + } + result := td.crowdfundCmd.purchaseHandler(caller, td.crowdfundCmd.subCmdPurchase, args) + + assert.False(t, result.Successful) + assert.Contains(t, result.Message, "Invalid package number: 0") + }) }