Remove CS+ attacks from list result. (!646) · Merge requests · clients / Cesium-grp / Cesium

matograine requested to merge matograine/cesium:fix_search into master Jun 19, 2022

If one would set a pubkey B (attacked account) as the CS+ name for account A (attacker), a search for exactly B would return only account of A. This would also happen when searching through QRcode.

This MR has been tested on a web instance, not on a smartphone build (didn't learn how to build). Make sure it works.

I setup an account for testing :

A is EaeVAvKQoSdmLWMdef8UNF22gBG2iMYpryVaVBtfGnH3
B is 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25

Test 1: search for 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25. It should not return account EaeVAvKQoSdmLWMdef8UNF22gBG2iMYpryVaVBtfGnH3:CaF but the right pubkey 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25:6jJ.

Test 2: flash a QRcode containing 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25 (for payment or cert).It should not return account EaeVAvKQoSdmLWMdef8UNF22gBG2iMYpryVaVBtfGnH3:CaF but the right pubkey 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25:6jJ (or none for a certification)

Test 3 flash a QRcode containing 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25:6jJ (for payment or cert).It should not return account EaeVAvKQoSdmLWMdef8UNF22gBG2iMYpryVaVBtfGnH3:CaF but the right pubkey 9p5nHsES6xujFR7pw2yGy4PLKKHgWsMvsDHaHF64Uj25:6jJ (or none for a certification)

If you try on current version, the three tests will return only account EaeVAvKQoSdmLWMdef8UNF22gBG2iMYpryVaVBtfGnH3:CaF

Fixes #959 and should fix #978 (closed)

Edited Jun 19, 2022 by matograine

Remove CS+ attacks from list result.

Merge request reports