Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BLUE-276 Restrict first node selection based on the specified node ip and port #85

Merged
merged 8 commits into from
Sep 19, 2024
Merged

BLUE-276 Restrict first node selection based on the specified node ip and port #85

merged 8 commits into from
Sep 19, 2024

Conversation

jairajdev
Copy link
Contributor

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 19, 2024
edited
Loading

PR Reviewer Guide 🔍

(Review updated until commit 84deacd)

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Key issues to review

Error Handling
The error handling in the new code does not differentiate between different types of errors, which might be necessary for better debugging and user feedback. Consider refining the error messages and handling to be more specific about the cause of the error.

Code Duplication
There is repeated code for validating types and sending error responses in the new changes. Consider creating a helper function to handle these repetitive tasks to make the code cleaner and more maintainable.

Security Concern
Ensure that the validation logic in Utils.validateTypes is robust against potential security issues such as injection attacks or improper input handling, especially since it deals with external inputs.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 19, 2024
View reviewed changes
src/API.ts Fixed Show fixed Hide fixed
urnotsam
urnotsam reviewed Sep 19, 2024
View reviewed changes
src/Config.ts Outdated
restrictFirstNodeSelection: true,
firstNodeInfo: {
IP: '127.0.0.1',
PORT: 4000,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldnt the default port be 9001? 4000 is the port of the archiver

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@urnotsam good catch on that. changed it to 9001 now.

kun6fup4nd4
kun6fup4nd4 reviewed Sep 19, 2024
View reviewed changes
src/API.ts
@@ -93,16 +94,22 @@ export function registerRoutes(server: FastifyInstance<Server, IncomingMessage,
reply.send({ success: false, error: 'Signature verification failed' })
return
}
const ip = signedFirstNodeInfo.nodeInfo.externalIp
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if ip in payload will be different from actual ip of the sender ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IP and Port are not even being checked in here are they? The title of this PR says restricted based off IP and Port, but I only see the public key being checked.
@mhanson-github @jairajdev

urnotsam
urnotsam previously approved these changes Sep 19, 2024
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 19, 2024
View reviewed changes
src/API.ts
return
}
if (signedFirstNodeInfo.nodeInfo.publicKey !== signedFirstNodeInfo.sign.owner) {
Logger.mainLogger.error('nodeInfo.publicKey does not match signature owner', signedFirstNodeInfo)

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
src/API.ts Fixed Show fixed Hide fixed
src/API.ts
}
if (config.restrictFirstNodeSelectionByPublicKey) {
if (config.firstNodeInfo.PUBLIC_KEY !== '' && publicKey !== config.firstNodeInfo.PUBLIC_KEY) {
Logger.mainLogger.error('Invalid publicKey of first node info', signedFirstNodeInfo)

Check warning

Code scanning / CodeQL

Log injection Medium

Log entry depends on a
user-provided value
Loading
.
urnotsam
urnotsam previously approved these changes Sep 19, 2024
View reviewed changes
kun6fup4nd4
kun6fup4nd4 previously approved these changes Sep 19, 2024
View reviewed changes
urnotsam
urnotsam previously approved these changes Sep 19, 2024
View reviewed changes
mhanson-github
mhanson-github approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@mhanson-github mhanson-github left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve my own .patch file changes.

@chrypnotoad
Copy link
Contributor

@CodiumAI-Agent /describe

@chrypnotoad
Copy link
Contributor

/review

@CodiumAI-Agent
Copy link

CodiumAI-Agent commented Sep 19, 2024
edited
Loading

Title

(Describe updated until commit 84deacd)

BLUE-276 Restrict first node selection based on the specified node ip and port

PR Type

enhancement, bug fix

Description

  • Enhanced the first node selection process by adding type validation for signedFirstNodeInfo and its nested properties.
  • Introduced a check to ensure the publicKey matches the signature owner, improving security.
  • Added configuration options to restrict first node selection based on a specified public key.
  • Updated the debug mode patch to ensure it applies correctly with the current configuration.

Changes walkthrough 📝

Relevant files
Enhancement
API.ts
Enhance first node selection with validation and public key
restriction

src/API.ts

  • Added type validation for signedFirstNodeInfo and its properties.
  • Implemented a check to ensure publicKey matches the signature owner.
  • Introduced a configuration-based restriction for first node selection
    by public key.
    		•  +40/-4   
    Configuration changes
    Config.ts
    Add configuration for first node public key restriction   

    src/Config.ts

  • Added new configuration options for restricting first node selection
    by public key.
  • Set default values for the new configuration options.
    		•  +4/-0     
    debug_mode.patch
    Update debug mode patch for configuration files                   

    debug_mode.patch

  • Updated patch to change ARCHIVER_MODE from release to debug.
  • Adjusted patch indices to reflect current file state.
    		•  +4/-4     

    💡 PR-Agent usage:
    Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    @github-actions GitHub Actions
    Copy link

    Persistent review updated to latest commit 84deacd

    chrypnotoad
    chrypnotoad reviewed Sep 19, 2024
    View reviewed changes
    src/Config.ts
    @@ -184,6 +186,8 @@ let config: Config = {
    txCronSchedule: '*/5 * * * *',
    },
    workerProcessesDebugLog: false,
    restrictFirstNodeSelectionByPublicKey: false,
    firstNodePublicKey: '',
    Copy link
    Contributor

    Choose a reason for hiding this comment

    The reason will be displayed to describe this comment to others. Learn more.

    Should this be an environment variable? When and how does this get set?

    @mhanson-github mhanson-github merged commit 09c4382 into dev Sep 19, 2024
    7 checks passed
    @mhanson-github mhanson-github deleted the restrictFirstNodeSelection branch September 23, 2024 01:53
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @chrypnotoad chrypnotoad chrypnotoad left review comments

    @mhanson-github mhanson-github mhanson-github approved these changes

    @urnotsam urnotsam urnotsam left review comments

    @kun6fup4nd4 kun6fup4nd4 kun6fup4nd4 left review comments

    Assignees
    No one assigned
    Labels
    Review effort [1-5]: 3
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    6 participants
    @jairajdev @chrypnotoad @CodiumAI-Agent @mhanson-github @urnotsam @kun6fup4nd4