diff --git a/cmd/geth/forgecmd.go b/cmd/geth/forgecmd.go index 443cd2d60..70939bb4f 100644 --- a/cmd/geth/forgecmd.go +++ b/cmd/geth/forgecmd.go @@ -36,6 +36,10 @@ var ( Name: "whitelist", Usage: `The whitelist external endpoints to call`, } + dnsRegistryForgeFlag = &cli.StringSliceFlag{ + Name: "dns-registry", + Usage: `The DNS registry to resolve aliases to endpoints`, + } ethBackendForgeFlag = &cli.StringFlag{ Name: "eth-backend", Usage: `The endpoint of the confidential eth backend`, @@ -47,8 +51,9 @@ var ( ) type suaveForgeConfig struct { - Whitelist []string `toml:"whitelist"` - EthBackend string `toml:"eth_backend"` + Whitelist []string `toml:"whitelist"` + DnsRegistry map[string]string `toml:"dns_registry"` + EthBackend string `toml:"eth_backend"` } func readContext(ctx *cli.Context) (*vm.SuaveContext, error) { @@ -87,6 +92,22 @@ func readContext(ctx *cli.Context) (*vm.SuaveContext, error) { if ctx.IsSet(whiteListForgeFlag.Name) { cfg.Whitelist = ctx.StringSlice(whiteListForgeFlag.Name) } + if ctx.IsSet(dnsRegistryForgeFlag.Name) { + dnsRegistry := make(map[string]string) + for _, endpoint := range ctx.StringSlice(dnsRegistryForgeFlag.Name) { + parts := strings.Split(endpoint, "=") + if len(parts) != 2 { + return nil, fmt.Errorf("invalid value for remote backend endpoint: %s", endpoint) + } + chainId := new(big.Int) + if _, ok := chainId.SetString(parts[0], 10); !ok { + return nil, fmt.Errorf("invalid chain id: %s", parts[0]) + } + rpcUrl := parts[1] + dnsRegistry[chainId.String()] = rpcUrl + } + cfg.DnsRegistry = dnsRegistry + } // create the suave context var suaveEthBackend suave.ConfidentialEthBackend diff --git a/cmd/geth/forgecmd_test.go b/cmd/geth/forgecmd_test.go index bf8e8c981..3af257e90 100644 --- a/cmd/geth/forgecmd_test.go +++ b/cmd/geth/forgecmd_test.go @@ -33,15 +33,18 @@ func TestForgeReadConfig(t *testing.T) { sCtx, err := readContext(ctx) require.NoError(t, err) require.Equal(t, sCtx.Backend.ExternalWhitelist, []string{"a", "b"}) + require.Equal(t, sCtx.Backend.DnsRegistry, map[string]string{"a": "b", "c": "d"}) require.Equal(t, sCtx.Backend.ConfidentialEthBackend.(*suave_backends.RemoteEthBackend).Endpoint(), "suave") // override the config if the flags are set ctx.Set("eth-backend", "http://localhost:8545") ctx.Set("whitelist", "c,d") + ctx.Set("dns-registry", "e=f,g=h") sCtx, err = readContext(ctx) require.NoError(t, err) require.Equal(t, sCtx.Backend.ExternalWhitelist, []string{"c", "d"}) + require.Equal(t, sCtx.Backend.DnsRegistry, map[string]string{"e": "f", "g": "h"}) require.Equal(t, sCtx.Backend.ConfidentialEthBackend.(*suave_backends.RemoteEthBackend).Endpoint(), "http://localhost:8545") // set flags to null and use default values diff --git a/cmd/geth/testdata/forge.toml b/cmd/geth/testdata/forge.toml index e9e913443..01de864ce 100644 --- a/cmd/geth/testdata/forge.toml +++ b/cmd/geth/testdata/forge.toml @@ -1,6 +1,7 @@ [profile.suave] whitelist = ["a", "b"] eth_backend = "suave" +dns_registry = { "a" = "b", "c" = "d" } [profile.ci.fuzz] runs = 10_000 solc_version = "0.8.23" diff --git a/core/vm/contracts_suave.go b/core/vm/contracts_suave.go index e2329425c..680e0b532 100644 --- a/core/vm/contracts_suave.go +++ b/core/vm/contracts_suave.go @@ -220,12 +220,20 @@ func (s *suaveRuntime) doHTTPRequest(request types.HttpRequest) ([]byte, error) } var allowed bool - for _, allowedDomain := range s.suaveContext.Backend.ExternalWhitelist { - if allowedDomain == "*" || allowedDomain == parsedURL.Hostname() { - allowed = true - break + // resolve dns if possible + if domain, ok := s.suaveContext.Backend.DnsRegistry[parsedURL.Hostname()]; ok { + parsedURL.Host = domain + allowed = true + } else { + // check if the domain is allowed + for _, allowedDomain := range s.suaveContext.Backend.ExternalWhitelist { + if allowedDomain == "*" || allowedDomain == parsedURL.Hostname() { + allowed = true + break + } } } + if !allowed { return nil, fmt.Errorf("domain %s is not allowed", parsedURL.Hostname()) }