Skip to content

Commit

Permalink
feat: disables debug server by default
Browse files Browse the repository at this point in the history
  • Loading branch information
AntiTyping committed Sep 9, 2024
1 parent 4ed2615 commit bcd2a12
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,10 @@ Additional information on how IBC works can be found [here](https://ibc.cosmos.n
[[TROUBLESHOOTING](docs/troubleshooting.md)]
---

## Production deployment recomendations

- Make sure the debug server is disabled in production.

## Security Notice

If you would like to report a security bug related to the relayer repo,
Expand Down
11 changes: 11 additions & 0 deletions cmd/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ const (
flagDstPort = "dst-port"
flagOrder = "order"
flagVersion = "version"
flagEnableDebugServer = "enable-debug-server"
flagDebugAddr = "debug-addr"
flagOverwriteConfig = "overwrite"
flagLimit = "limit"
Expand Down Expand Up @@ -429,6 +430,16 @@ func debugServerFlags(v *viper.Viper, cmd *cobra.Command) *cobra.Command {
panic(err)
}

cmd.Flags().Bool(
flagEnableDebugServer,
false,
"enables debug server. By default, the debug server is disabled due to security concerns.",
)

if err := v.BindPFlag(flagEnableDebugServer, cmd.Flags().Lookup(flagEnableDebugServer)); err != nil {
panic(err)
}

return cmd
}

Expand Down
8 changes: 7 additions & 1 deletion cmd/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,15 @@ $ %s start demo-path2 --max-tx-size 10`, appName, appName, appName, appName)),
debugAddr = debugAddrFlag
}

if debugAddr == "" {
flagEnableDebugServer, err := cmd.Flags().GetBool(flagEnableDebugServer)
if err != nil {
return err
}

if flagEnableDebugServer == false || debugAddr == "" {
a.log.Info("Skipping debug server due to empty debug address flag")
} else {
a.log.Warn("SECURITY WARNING! Debug server is enabled. It should only be used for non-production deployments.")
ln, err := net.Listen("tcp", debugAddr)
if err != nil {
a.log.Error(
Expand Down

0 comments on commit bcd2a12

Please sign in to comment.