z_importwallet code leaves a lot to be desired. For example, z_importwallet /dev/null does not give an error and causes the node to rescan the last ~100 blocks, when it should return an error and not rescan instead. If a file is under a certain minimum size, we should be able to say that there can't be a possible privkey in there and immediately give an error.
z_importwallet /etc/passwd does not give an error, even though there are no valid private keys to import. If a file has no valid private keys to import, it should return an error.
z_importwallet /bin/ls does not give an error. The RPC should ideally refuse to process binary files.
z_importwallet .. does not give an error. The RPC should refuse to process directories and things which are not normal files, such as special files in /dev .
z_importwallet /dev/random goes into an infinite loop. That is pretty dumb, we shouldn't be processing special files nor binary data.
z_importwallet code leaves a lot to be desired. For example, `z_importwallet /dev/null` does not give an error and causes the node to rescan the last ~100 blocks, when it should return an error and not rescan instead. If a file is under a certain minimum size, we should be able to say that there can't be a possible privkey in there and immediately give an error.
`z_importwallet /etc/passwd` does not give an error, even though there are no valid private keys to import. If a file has no valid private keys to import, it should return an error.
`z_importwallet /bin/ls` does not give an error. The RPC should ideally refuse to process binary files.
`z_importwallet ..` does not give an error. The RPC should refuse to process directories and things which are not normal files, such as special files in /dev .
`z_importwallet /dev/random` goes into an infinite loop. That is pretty dumb, we shouldn't be processing special files nor binary data.
duke
z_importwallet code leaves a lot to be desired. For example,
z_importwallet /dev/nulldoes not give an error and causes the node to rescan the last ~100 blocks, when it should return an error and not rescan instead. If a file is under a certain minimum size, we should be able to say that there can't be a possible privkey in there and immediately give an error.z_importwallet /etc/passwddoes not give an error, even though there are no valid private keys to import. If a file has no valid private keys to import, it should return an error.z_importwallet /bin/lsdoes not give an error. The RPC should ideally refuse to process binary files.z_importwallet ..does not give an error. The RPC should refuse to process directories and things which are not normal files, such as special files in /dev .z_importwallet /dev/randomgoes into an infinite loop. That is pretty dumb, we shouldn't be processing special files nor binary data.This is being worked on in
z_importwalletbranch and needs testing