Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: black list addresses are not logged (#1328) #1362

Merged
merged 5 commits into from
Mar 26, 2024
Merged

Problem: black list addresses are not logged (#1328) #1362

merged 5 commits into from
Mar 26, 2024

Conversation

yihuang
Copy link
Collaborator

@yihuang yihuang commented Mar 26, 2024
edited by coderabbitai bot
Loading

Update app/app.go

update log

Problem: blacklist logging visibilty to low (#1334)

Solution: raised logging severity to 'error'

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

  • Have you read the CONTRIBUTING.md?
  • Does your PR follow the C4 patch requirements?
  • Have you rebased your work on top of the latest master?
  • Have you checked your code compiles? (make)
  • Have you included tests for any non-trivial functionality?
  • Have you checked your code passes the unit tests? (make test)
  • Have you checked your code formatting is correct? (go fmt)
  • Have you checked your basic code style is fine? (golangci-lint run)
  • If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
  • If your changes affect the client infrastructure, have you run the integration test?
  • If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
  • If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
  • If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

  • New Features
    • Enhanced security by logging blacklisted addresses using advanced cryptographic functions.

@yihuang
Problem: black list addresses are not logged (crypto-org-chain#1328)
d1127a7 
Update app/app.go

Signed-off-by: yihuang <huang@crypto.com>

update log

Problem: blacklist logging visibilty to low (crypto-org-chain#1334)

Solution: raised logging severity to 'error'

Signed-off-by: Bladerox <perseverance-pool@gmx.de>
Co-authored-by: Bladerox <pa.sa95@gmx.de>
@yihuang yihuang requested a review from a team as a code owner March 26, 2024 00:42
@yihuang yihuang requested review from mmsqe and devashishdxt and removed request for a team March 26, 2024 00:42
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 26, 2024
edited
Loading

Walkthrough

The latest update enhances security by efficiently handling blacklisted addresses through cryptographic operations for hashing, sorting, and logging within a specific method. This approach strengthens the application's security posture by ensuring effective management and monitoring of the blacklist.

Changes

File(s) Summary
CHANGELOG.md Added a new feature in version v1.1.1 to log blacklist addresses.
app/app.go Added cryptographic functions for hashing, sorting, and logging blacklisted addresses.
default.nix Updated the version from "v1.1.0" to "v1.1.1" in the default.nix file.

"In the digital garden, a feature blooms,
🐰 Amidst the code, security looms.
Hashing and sorting, in the moonlight's embrace,
Blacklisted addresses, find no place.
Through the warren, the update hops,
Bringing peace, as the darkness stops."

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

yihuang
yihuang commented Mar 26, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@yihuang
Update CHANGELOG.md
c9e36b4 
Signed-off-by: yihuang <huang@crypto.com>
calvinaco
calvinaco approved these changes Mar 26, 2024
View reviewed changes
Copy link
Contributor

@calvinaco calvinaco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yihuang yihuang enabled auto-merge March 26, 2024 00:45
coderabbitai[bot]
coderabbitai bot reviewed Mar 26, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between 148b61b and d1127a7.
Files selected for processing (2)
  • CHANGELOG.md (1 hunks)
  • app/app.go (2 hunks)
Additional comments: 1
app/app.go (1)
  • 928-944: The implementation of logging blacklisted addresses with their hash is a good approach for enhancing visibility and troubleshooting. However, consider the following improvements for efficiency and security:
  • Efficiency: Logging each blacklisted address individually in a loop (lines 939-941) might not be the most efficient approach, especially if the blacklist is large. Consider summarizing the information or logging it outside the loop.
  • Security: Ensure that logging the hash of the concatenated blacklist (line 938) does not inadvertently leak sensitive information. While hashing is a one-way function, the context and usage here should be carefully considered to avoid any potential security implications.

app/app.go Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
coderabbitai[bot]
coderabbitai bot reviewed Mar 26, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between d1127a7 and c9e36b4.
Files selected for processing (1)
  • CHANGELOG.md (1 hunks)
Additional comments: 7
CHANGELOG.md (7)
  • 5-9: The entry for version v1.1.1 is well-documented, clearly listing the improvement made in this version. However, it's important to ensure that all related changes or necessary details are included for a comprehensive understanding of the update.
  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [17-17]

There's a minor typographical error in the description of the bug fix for version v1.1.0. The term "feeHistory" should be written as "fee history" for clarity and to match common English usage outside of code contexts.

  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [25-25]

The update for version v1.1.0-rc5 correctly links to the pull request for updating the cosmos-sdk version. It's good practice to ensure that version numbers are accurate and reflect the actual changes made.

  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [33-35]

In the section for version v1.1.0-rc4, it's mentioned that there are state machine breaking changes. It's crucial for such changes to be clearly documented and for any migration steps or important considerations to be highlighted to assist users in adapting to these changes.

  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [47-52]

The bug fixes listed for version v1.1.0-rc3 are well-documented, with direct links to the corresponding pull requests. This provides transparency and allows users to delve into the specifics of each fix.

  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [63-67]

The improvements and bug fixes for version v1.1.0-rc2 are clearly listed. However, it's essential to ensure that all related changes are included and that the descriptions are clear to provide a comprehensive understanding of the updates.

  • 1-13: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [112-116]

The entry for version v1.1.0-rc0 includes a variety of state machine breaking changes, bug fixes, and improvements. It's crucial for such significant changes to be thoroughly documented, including any necessary migration steps or considerations for users.

@codecov Codecov
Copy link

codecov bot commented Mar 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.71%. Comparing base (148b61b) to head (565652b).

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##             main    #1362       +/-   ##
===========================================
+ Coverage   15.90%   36.71%   +20.80%     
===========================================
  Files          80      108       +28     
  Lines        6230     9642     +3412     
===========================================
+ Hits          991     3540     +2549     
- Misses       5160     5753      +593     
- Partials       79      349      +270

see 52 files with indirect coverage changes

coderabbitai[bot]
coderabbitai bot reviewed Mar 26, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between c9e36b4 and 2bd87a7.
Files selected for processing (2)
  • app/app.go (3 hunks)
  • default.nix (1 hunks)
Additional comments: 2
default.nix (1)
  • 14-14: The version update from "v1.1.0" to "v1.1.1" is correctly implemented.
app/app.go (1)
  • 925-941: The logic for handling the blacklist, including sorting and hashing, is implemented directly within the setAnteHandler method. While this approach works, it could be improved in terms of modularity and testability by extracting this logic into a separate function or module. This would make the code easier to maintain and test, especially if the logic for handling blacklists becomes more complex in the future.

Consider refactoring the blacklist handling logic into a separate function or module.

app/app.go Outdated Show resolved Hide resolved
app/app.go Outdated Show resolved Hide resolved
@yihuang yihuang added this pull request to the merge queue Mar 26, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 26, 2024
@mmsqe mmsqe added this pull request to the merge queue Mar 26, 2024
Merged via the queue into crypto-org-chain:main with commit 10b8eeb Mar 26, 2024
36 of 37 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Apr 19, 2024
Merged
13 tasks
This was referenced Apr 26, 2024
Merged
Merged
Merged
Merged
Merged
Merged
@coderabbitai coderabbitai bot mentioned this pull request May 3, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@calvinaco calvinaco calvinaco approved these changes

@mmsqe mmsqe mmsqe approved these changes

@devashishdxt devashishdxt Awaiting requested review from devashishdxt devashishdxt is a code owner automatically assigned from crypto-org-chain/cronos-dev

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yihuang @mmsqe @calvinaco