rpc input sanitization

Signed-off-by: Uncle Stretch <uncle.stretch@ghostchain.io>
2025-12-09 21:48:27 +03:00 · 2025-12-09 21:48:27 +03:00 · 1ef4e8da01
commit 1ef4e8da01
parent 2a700101dd
2 changed files with 24 additions and 12 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -2,7 +2,7 @@
 name = "ghost-eye"
 authors = ["str3tch <stretch@ghostchain.io>"]
 description = "Application for interacting with Casper/Ghost nodes that are exposing RPC only to the localhost"
-version = "0.3.84"
+version = "0.3.85"
 edition = "2021"
 homepage = "https://git.ghostchain.io/ghostchain"
 repository = "https://git.ghostchain.io/ghostchain/ghost-eye"
@ -36,6 +36,7 @@ tracing = "0.1.37"
 tracing-error = "0.2.0"
 tracing-subscriber = { version = "0.3.17", features = ["env-filter", "serde"] }
 unicode-width = "0.2.0"
+url = "2.5.7"

 [build-dependencies]
 anyhow = "1.0.91"
--- a/src/components/validator/gatekeeper_endpoints_popup.rs
+++ b/src/components/validator/gatekeeper_endpoints_popup.rs
@ -8,13 +8,11 @@ use ratatui::{
 };
 use std::sync::mpsc::Sender;
 use tokio::sync::mpsc::UnboundedSender;
+use url::Url;

 use super::{Component, CurrentTab, PartialComponent};
 use crate::{
-    action::Action,
-    config::Config,
-    palette::StylePalette,
-    widgets::{Input, InputRequest},
+    action::Action, config::Config, palette::StylePalette, types::{ActionLevel, ActionTarget}, widgets::{Input, InputRequest}
 };

 #[derive(Debug, Default, Eq, PartialEq)]
@ -61,13 +59,26 @@ impl GatekeeperEndpoints {
    fn submit_message(&mut self) {
        if let Some(network_tx) = &self.network_tx {
            if self.selected == Selected::Input {
+                match Url::parse(self.rpc_input.value())  {
+                    Ok(url) => {
                        let mut stored_endpoints = self.stored_endpoints.clone();
-                stored_endpoints.push(self.rpc_input.value().to_string());
+                        stored_endpoints.push(url.to_string());
                        let _ = network_tx.send(Action::UpdateStoredRpcEndpoints(
                                self.chain_id,
                                stored_endpoints,
                        ));
                        self.rpc_input = Input::new(String::new());
+                    },
+                    Err(err) => {
+                        if let Some(action_tx) = &self.action_tx {
+                            let _ = action_tx.send(Action::EventLog(
+                                    format!("Incorrect RPC input: {:?}", err),
+                                    ActionLevel::Warn,
+                                    ActionTarget::ValidatorLog,
+                            ));
+                        }
+                    }
+                }
            }
        }
    }