Fix issue #6785

[michalgolda]

Summary

• Add missing isString() check on nft_id
• Add test cases for both handlers

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign them. ⚠️

If only the most recent commit is unsigned, you can run:

1. Amend the commit: git commit --amend --no-edit -n -S
2. Overwrite the commit: git push --force-with-lease

If multiple commits are unsigned, you can run:

1. Go into interactive rebase mode: git rebase --interactive HEAD~<NUM_OF_COMMITS>, where NUM_OF_COMMITS is the number of most recent commits that will be available to edit.
2. Change "pick" to "edit" for the commits you need to sign, and then save and exit.
3. For each commit, run: git commit --amend --no-edit -n -S
4. Continue the rebase: git rebase --continue
5. Overwrite the commit(s): git push --force-with-lease

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.
See use 1Password to sign your commits.

[Copilot]

Pull request overview

Addresses issue #6785 by tightening RPC input validation for NFT offer lookups and adding unit tests to cover the bad-input paths.

Changes:

• Add isString() validation for nft_id in nft_sell_offers and nft_buy_offers handlers.
• Add new RPC unit tests covering missing params and non-string nft_id inputs for both endpoints.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
src/xrpld/rpc/handlers/orderbook/NFTSellOffers.cpp	Adds nft_id type validation before hex parsing.
src/xrpld/rpc/handlers/orderbook/NFTBuyOffers.cpp	Adds nft_id type validation before hex parsing.
src/test/rpc/NFTSellOffers_test.cpp	New test coverage for invalid/missing parameters for nft_sell_offers.
src/test/rpc/NFTBuyOffers_test.cpp	New test coverage for invalid/missing parameters for nft_buy_offers (contains a wrong RPC method call in one case).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.