Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem: improve permission checking in a few messages #1256

Merged
merged 8 commits into from
Dec 11, 2023

Conversation

yihuang
Copy link
Collaborator

@yihuang yihuang commented Dec 11, 2023

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

  • Security Enhancements

    • Improved permission checking for message processing to enhance security.
  • Bug Fixes

    • Permission checks added to TransferTokens, UpdateTokenMapping, and TurnBridge methods to ensure proper authorization.
  • Refactor

    • Removed unnecessary imports from various files to streamline codebase.
    • Updated HasPermission function to handle multiple accounts, improving flexibility in permission checks.
    • Adjusted test cases to align with the updated permission checking logic.
  • Documentation

    • Updated CHANGELOG to reflect the security and permission enhancements.

@yihuang yihuang requested a review from a team as a code owner December 11, 2023 03:37
@yihuang yihuang requested review from mmsqe and thomas-nguy and removed request for a team December 11, 2023 03:37
Copy link
Contributor

coderabbitai bot commented Dec 11, 2023

Walkthrough

The recent updates focus on enhancing security by improving permission checks across various message processing functions. The changes include the removal of certain imports, reorganization of functions, and the expansion of permission checks to handle multiple accounts. These modifications aim to bolster the robustness of the system against unauthorized access and actions.

Changes

File Path Change Summary
app/ante/ante.go, app/app.go Removed imports related to cosmossdk, cronos, and crypto-org-chain; reorganized functions and removed message authorization checks.
x/cronos/keeper/msg_server.go Added permission checks in message processing methods.
x/cronos/keeper/permissions.go Modified permission checking to accept a slice of addresses.
x/cronos/keeper/permissions_test.go Adjusted tests to use a slice of addresses; updated function calls and assignments.
x/cronos/simulation/operations.go Changed authorization logic to check for non-authorized message senders.

🐇✨
In the code's burrow, deep and wide,
Permissions checked, with newfound pride.
A rabbit hopped through lines with grace,
Securing each digital space. 🌟🔐
🐇✨

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on X ?


Tips

Chat with CodeRabbit Bot (@coderabbitai)

  • If you reply to a review comment from CodeRabbit, the bot will automatically respond.
  • To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
  • Note: Review comments are made on code diffs or files, not on the PR overview.
  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CHANGELOG.md Outdated Show resolved Hide resolved
Signed-off-by: yihuang <huang@crypto.com>
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between ad49e0c and e7267d4.
Files selected for processing (5)
  • CHANGELOG.md (1 hunks)
  • app/ante/ante.go (2 hunks)
  • app/app.go (3 hunks)
  • x/cronos/keeper/msg_server.go (2 hunks)
  • x/cronos/keeper/permissions.go (1 hunks)
Additional comments: 8
app/ante/ante.go (1)
  • 15-15: Clarify the use of evmante.Recover and confirm if it's the appropriate way to handle errors in this context. It's important to ensure that this recovery pattern is consistent with the rest of the codebase and aligns with the error handling strategy.
app/app.go (1)
  • 953-960: > Note: This review was outside the patches, so it was mapped to the patch with the greatest overlap. Original lines [935-960]

The changes in the setAnteHandler function include the addition of a new options struct for the evmante.HandlerOptions and the creation of a new anteHandler using the evmante package. This aligns with the PR's objective to enhance permission checking mechanisms by potentially using a more robust ante handler from the evmante package.

However, there is a potential issue with the blockAddressDecorator being added to the ExtraDecorators slice. If the blockAddressDecorator is intended to block certain addresses from sending transactions, this logic should be thoroughly tested to ensure it does not inadvertently block addresses that should be allowed to transact.

Additionally, the options struct is populated with various keepers and handlers, which suggests a significant change in how the ante handler processes transactions. It is crucial to ensure that all new logic introduced here is covered by unit tests to prevent regressions and unintended side effects.

x/cronos/keeper/msg_server.go (3)
  • 66-77: The addition of permission checks in the UpdateTokenMapping method aligns with the PR's objective to enhance permission checking mechanisms. This is a critical security improvement ensuring that only authorized users can update token mappings.

  • 82-93: The addition of permission checks in the TurnBridge method is consistent with the PR's objective to enhance permission checking mechanisms. This ensures that only authorized users can enable or disable the bridge.

  • 71-71: Verify that the constants CanChangeTokenMapping and CanTurnBridge used for permission checks are correctly defined and consistently used throughout the codebase.

x/cronos/keeper/permissions.go (3)
  • 31-47: The updated HasPermission function correctly iterates over the provided slice of sdk.AccAddress and checks if any of the accounts have the specified permissions. This change enhances the flexibility of permission checking by allowing multiple accounts to be verified in a single call. Ensure that all calls to this function have been updated to pass a slice of addresses where necessary.

  • 36-39: The check for the admin account within the provided accounts is a critical security operation. It is important to ensure that the comparison between the admin account and each account in the slice is secure and accurate. The current implementation uses account.String() for comparison, which should be consistent with how the CronosAdmin is stored and compared throughout the codebase.

  • 47-47: The function correctly returns false if none of the provided accounts have the required permissions, which is the expected behavior for a permission check function.

CHANGELOG.md Outdated Show resolved Hide resolved
app/ante/ante.go Outdated Show resolved Hide resolved
x/cronos/keeper/msg_server.go Outdated Show resolved Hide resolved
@yihuang yihuang requested a review from mmsqe December 11, 2023 03:47
@yihuang yihuang requested a review from mmsqe December 11, 2023 03:53
@yihuang yihuang enabled auto-merge December 11, 2023 03:55
@mmsqe mmsqe disabled auto-merge December 11, 2023 04:01
@mmsqe mmsqe enabled auto-merge December 11, 2023 04:01
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between bd8ca92 and 1c33131.
Files selected for processing (3)
  • x/cronos/keeper/msg_server.go (3 hunks)
  • x/cronos/keeper/permissions_test.go (1 hunks)
  • x/cronos/simulation/operations.go (1 hunks)
Additional comments: 8
x/cronos/keeper/msg_server.go (3)
  • 66-77: The addition of permission checks in the UpdateTokenMapping method aligns with the PR's objective to enhance security by refining permission checking mechanisms. The use of HasPermission with CanChangeTokenMapping is appropriate for the context.

  • 82-93: The addition of permission checks in the TurnBridge method is consistent with the PR's goal to improve security. The use of HasPermission with CanTurnBridge ensures that only authorized entities can execute the action.

  • 113-119: The permission check in the UpdatePermissions method uses a direct address comparison instead of the HasPermission function. This is a deviation from the pattern used in other methods. Confirm if this is intentional and aligns with the desired permission model.

x/cronos/keeper/permissions_test.go (4)
  • 44-44: The update to cosmosAddress from a single sdk.AccAddress to a slice of sdk.AccAddress is consistent with the PR's objective to enhance security by refining permission checks.

  • 52-52: The SetPermissions method call has been correctly updated to pass cosmosAddress[0] instead of cosmosAddress, aligning with the method's expectation of a single sdk.AccAddress.

  • 53-53: The HasPermission method call correctly passes cosmosAddress as a slice, reflecting the updated function signature that now accepts a slice of sdk.AccAddress.

  • 57-57: This assertion seems incorrect. After setting the CanTurnBridge permission, the test should still expect CanChangeTokenMapping to be true if the All permission includes it. This needs to be verified against the permission logic to ensure the test reflects the intended behavior.

x/cronos/simulation/operations.go (1)
  • 94-95: The error handling logic appears to be correct, but verify that the error message "msg sender is not authorized" is consistent with the rest of the codebase.

x/cronos/keeper/permissions_test.go Show resolved Hide resolved
@mmsqe mmsqe disabled auto-merge December 11, 2023 04:16
@mmsqe mmsqe enabled auto-merge December 11, 2023 04:16
Copy link

codecov bot commented Dec 11, 2023

Codecov Report

Merging #1256 (a30591f) into main (36d3268) will increase coverage by 19.78%.
Report is 1 commits behind head on main.
The diff coverage is 31.81%.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##             main    #1256       +/-   ##
===========================================
+ Coverage   16.04%   35.83%   +19.78%     
===========================================
  Files          80      115       +35     
  Lines        6196    10647     +4451     
===========================================
+ Hits          994     3815     +2821     
- Misses       5122     6456     +1334     
- Partials       80      376      +296     
Files Coverage Δ
x/cronos/simulation/operations.go 0.00% <0.00%> (ø)
x/cronos/keeper/permissions.go 86.95% <70.00%> (+86.95%) ⬆️
x/cronos/keeper/msg_server.go 13.58% <0.00%> (+10.80%) ⬆️

... and 52 files with indirect coverage changes

Signed-off-by: mmsqe <mavis@crypto.com>
@mmsqe mmsqe disabled auto-merge December 11, 2023 04:42
@mmsqe mmsqe enabled auto-merge December 11, 2023 04:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants