From 311b942a6d537c306dfc90881d50ef0d6b1ba8f9 Mon Sep 17 00:00:00 2001
From: Fabio Bozzo <fabio.bozzo@consensys.net>
Date: Mon, 2 Dec 2024 14:22:42 +0100
Subject: [PATCH] validate invocation token args

---
 pkg/args/args.go               | 11 +++++++++++
 token/invocation/invocation.go |  4 ++++
 2 files changed, 15 insertions(+)

diff --git a/pkg/args/args.go b/pkg/args/args.go
index 8fdb48c..a840c6e 100644
--- a/pkg/args/args.go
+++ b/pkg/args/args.go
@@ -169,3 +169,14 @@ func (a *Args) Clone() *Args {
 	}
 	return res
 }
+
+// Validate checks that all values in the Args are valid according to UCAN specs
+func (a *Args) Validate() error {
+	for key, value := range a.Values {
+		if err := limits.ValidateIntegerBoundsIPLD(value); err != nil {
+			return fmt.Errorf("value for key %q: %w", key, err)
+		}
+	}
+
+	return nil
+}
diff --git a/token/invocation/invocation.go b/token/invocation/invocation.go
index 286c456..4ab7b8b 100644
--- a/token/invocation/invocation.go
+++ b/token/invocation/invocation.go
@@ -272,6 +272,10 @@ func tokenFromModel(m tokenPayloadModel) (*Token, error) {
 	tkn.nonce = m.Nonce
 
 	tkn.arguments = m.Args
+	if err := tkn.arguments.Validate(); err != nil {
+		return nil, fmt.Errorf("invalid arguments: %w", err)
+	}
+
 	tkn.proof = m.Prf
 	tkn.meta = m.Meta