update getByJsonBlockId

Author: Little-Peony

common/src/main/java/org/tron/common/utils/ByteArray.java

@@ -156,10 +156,10 @@ public static BigInteger hexToBigInteger(String input) {
   }
 
   public static long jsonHexToLong(String x) throws JsonRpcInvalidParamsException {
-     // Constants for input length validation to prevent DDoS attacks
-    int MAX_HEX_LONG_LENGTH = 20; // For 64-bit long values (18 chars for 0x7FFFFFFFFFFFFFFF) + safety bufferty buffer
+    // Constants for input length validation to prevent DDoS attacks
+    int MAX_HEX_LONG_LENGTH = 20; // For 64-bit long values (18 chars for 0x7FFFFFFFFFFFFFFF) + safety buffer
     if (x == null || x.length() > MAX_HEX_LONG_LENGTH) {
-      throw new IllegalArgumentException("Incorrect string length");
+      throw new JsonRpcInvalidParamsException("Input cannot be null or too long");
     }
 
     if (!x.startsWith("0x")) {

framework/src/main/java/org/tron/core/services/jsonrpc/TronJsonRpcImpl.java

@@ -9,6 +9,7 @@
 import static org.tron.core.services.jsonrpc.JsonRpcApiUtil.getTransactionIndex;
 import static org.tron.core.services.jsonrpc.JsonRpcApiUtil.getTxID;
 import static org.tron.core.services.jsonrpc.JsonRpcApiUtil.triggerCallContract;
+import static org.tron.core.services.jsonrpc.JsonRpcApiUtil.validateBlockNumOrHashOrTag;
 
 import com.alibaba.fastjson.JSON;
 import com.google.common.cache.Cache;
@@ -115,7 +116,6 @@ public enum RequestSource {
   private static final String FILTER_NOT_FOUND = "filter not found";
   public static final int EXPIRE_SECONDS = 5 * 60;
   private static final int maxBlockFilterNum = Args.getInstance().getJsonRpcMaxBlockFilterNum();
-
   private static final Cache<LogFilterElement, LogFilterElement> logElementCache =
       CacheBuilder.newBuilder()
           .maximumSize(300_000L) // 300s * tps(1000) * 1 log/tx ≈ 300_000
@@ -415,12 +415,6 @@ public String getTrxBalance(String address, String blockNumOrTag)
       }
       return ByteArray.toJsonHex(balance);
     } else {
-      try {
-        ByteArray.hexToBigInteger(blockNumOrTag);
-      } catch (Exception e) {
-        throw new JsonRpcInvalidParamsException(BLOCK_NUM_ERROR);
-      }
-
       throw new JsonRpcInvalidParamsException(QUANTITY_NOT_SUPPORT_ERROR);
     }
   }
@@ -541,6 +535,9 @@ private String call(byte[] ownerAddressByte, byte[] contractAddressByte, long va
   @Override
   public String getStorageAt(String address, String storageIdx, String blockNumOrTag)
       throws JsonRpcInvalidParamsException {
+    // Add length check to prevent DDoS attacks
+    JsonRpcApiUtil.validateBlockNumOrHashOrTag(blockNumOrTag);
+    
     if (EARLIEST_STR.equalsIgnoreCase(blockNumOrTag)
         || PENDING_STR.equalsIgnoreCase(blockNumOrTag)
         || FINALIZED_STR.equalsIgnoreCase(blockNumOrTag)) {
@@ -564,19 +561,16 @@ public String getStorageAt(String address, String storageIdx, String blockNumOrT
       DataWord value = storage.getValue(new DataWord(ByteArray.fromHexString(storageIdx)));
       return ByteArray.toJsonHex(value == null ? new byte[32] : value.getData());
     } else {
-      try {
-        ByteArray.hexToBigInteger(blockNumOrTag);
-      } catch (Exception e) {
-        throw new JsonRpcInvalidParamsException(BLOCK_NUM_ERROR);
-      }
-
       throw new JsonRpcInvalidParamsException(QUANTITY_NOT_SUPPORT_ERROR);
     }
   }
 
   @Override
   public String getABIOfSmartContract(String contractAddress, String blockNumOrTag)
       throws JsonRpcInvalidParamsException {
+    // Add length check to prevent DDoS attacks
+    JsonRpcApiUtil.validateBlockNumOrHashOrTag(blockNumOrTag);
+    
     if (EARLIEST_STR.equalsIgnoreCase(blockNumOrTag)
         || PENDING_STR.equalsIgnoreCase(blockNumOrTag)
         || FINALIZED_STR.equalsIgnoreCase(blockNumOrTag)) {
@@ -595,12 +589,6 @@ public String getABIOfSmartContract(String contractAddress, String blockNumOrTag
       }
 
     } else {
-      try {
-        ByteArray.hexToBigInteger(blockNumOrTag);
-      } catch (Exception e) {
-        throw new JsonRpcInvalidParamsException(BLOCK_NUM_ERROR);
-      }
-
       throw new JsonRpcInvalidParamsException(QUANTITY_NOT_SUPPORT_ERROR);
     }
   }
@@ -984,6 +972,8 @@ public String getCall(CallArguments transactionCall, Object blockParamObj)
 
         long blockNumber;
         try {
+          // Add length check to prevent DDoS attacks
+          validateBlockNumOrHashOrTag(blockNumOrTag);
           blockNumber = ByteArray.hexToBigInteger(blockNumOrTag).longValue();
         } catch (Exception e) {
           throw new JsonRpcInvalidParamsException(BLOCK_NUM_ERROR);
@@ -1026,6 +1016,8 @@ public String getCall(CallArguments transactionCall, Object blockParamObj)
           ByteArray.fromHexString(transactionCall.getData()));
     } else {
       try {
+        // Add length check to prevent DDoS attacks
+        JsonRpcApiUtil.validateBlockNumOrHashOrTag(blockNumOrTag);
         ByteArray.hexToBigInteger(blockNumOrTag);
       } catch (Exception e) {
         throw new JsonRpcInvalidParamsException(BLOCK_NUM_ERROR);