-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: black list addresses are not logged (#1328) #1362
Conversation
Update app/app.go Signed-off-by: yihuang <huang@crypto.com> update log Problem: blacklist logging visibilty to low (crypto-org-chain#1334) Solution: raised logging severity to 'error' Signed-off-by: Bladerox <perseverance-pool@gmx.de> Co-authored-by: Bladerox <pa.sa95@gmx.de>
WalkthroughThe latest update enhances security by efficiently handling blacklisted addresses through cryptographic operations for hashing, sorting, and logging within a specific method. This approach strengthens the application's security posture by ensuring effective management and monitoring of the blacklist. Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
Signed-off-by: yihuang <huang@crypto.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 2
Configuration used: CodeRabbit UI
Files selected for processing (2)
- CHANGELOG.md (1 hunks)
- app/app.go (2 hunks)
Additional comments: 1
app/app.go (1)
- 928-944: The implementation of logging blacklisted addresses with their hash is a good approach for enhancing visibility and troubleshooting. However, consider the following improvements for efficiency and security:
- Efficiency: Logging each blacklisted address individually in a loop (lines 939-941) might not be the most efficient approach, especially if the blacklist is large. Consider summarizing the information or logging it outside the loop.
- Security: Ensure that logging the hash of the concatenated blacklist (line 938) does not inadvertently leak sensitive information. While hashing is a one-way function, the context and usage here should be carefully considered to avoid any potential security implications.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (1)
- CHANGELOG.md (1 hunks)
Additional comments: 7
CHANGELOG.md (7)
- 5-9: The entry for version
v1.1.1
is well-documented, clearly listing the improvement made in this version. However, it's important to ensure that all related changes or necessary details are included for a comprehensive understanding of the update.- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [17-17]
There's a minor typographical error in the description of the bug fix for version
v1.1.0
. The term "feeHistory" should be written as "fee history" for clarity and to match common English usage outside of code contexts.
- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [25-25]
The update for version
v1.1.0-rc5
correctly links to the pull request for updating the cosmos-sdk version. It's good practice to ensure that version numbers are accurate and reflect the actual changes made.
- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [33-35]
In the section for version
v1.1.0-rc4
, it's mentioned that there are state machine breaking changes. It's crucial for such changes to be clearly documented and for any migration steps or important considerations to be highlighted to assist users in adapting to these changes.
- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [47-52]
The bug fixes listed for version
v1.1.0-rc3
are well-documented, with direct links to the corresponding pull requests. This provides transparency and allows users to delve into the specifics of each fix.
- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [63-67]
The improvements and bug fixes for version
v1.1.0-rc2
are clearly listed. However, it's essential to ensure that all related changes are included and that the descriptions are clear to provide a comprehensive understanding of the updates.
- 1-13: > 📝 NOTE
This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [112-116]
The entry for version
v1.1.0-rc0
includes a variety of state machine breaking changes, bug fixes, and improvements. It's crucial for such significant changes to be thoroughly documented, including any necessary migration steps or considerations for users.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1362 +/- ##
===========================================
+ Coverage 15.90% 36.71% +20.80%
===========================================
Files 80 108 +28
Lines 6230 9642 +3412
===========================================
+ Hits 991 3540 +2549
- Misses 5160 5753 +593
- Partials 79 349 +270 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 2
Configuration used: CodeRabbit UI
Files selected for processing (2)
- app/app.go (3 hunks)
- default.nix (1 hunks)
Additional comments: 2
default.nix (1)
- 14-14: The version update from "v1.1.0" to "v1.1.1" is correctly implemented.
app/app.go (1)
- 925-941: The logic for handling the blacklist, including sorting and hashing, is implemented directly within the
setAnteHandler
method. While this approach works, it could be improved in terms of modularity and testability by extracting this logic into a separate function or module. This would make the code easier to maintain and test, especially if the logic for handling blacklists becomes more complex in the future.Consider refactoring the blacklist handling logic into a separate function or module.
10b8eeb
Update app/app.go
update log
Problem: blacklist logging visibilty to low (#1334)
Solution: raised logging severity to 'error'
👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻
PR Checklist:
make
)make test
)go fmt
)golangci-lint run
)go list -json -m all | nancy sleuth
)Thank you for your code, it's appreciated! :)
Summary by CodeRabbit