[Functions] Add extra validations for offchain heartbeats #11783
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
bolekk
commented
Jan 16, 2024
•
bolekk
commented
- Add AllowedHeartbeatInitiators list to node's config and validate senders of incoming requests against it (same logic as in Gateway).
- Validate Sender value in nodes' responses to make sure it matches the expected node. Extend an integration test to cover this change.
- Validate age of incoming requests against RequestTimeoutSec from job config to avoid processing ones that already timed out.
- Disallow null-byte suffixes in message fields to avoid any potential confusion with default padding.
|
I see that you haven't updated any CHANGELOG files. Would it make sense to do so? |
bolekk
force-pushed
the
heartbeat_checks
branch
from
147d267
to
29c1451
Compare
1. Add AllowedHeartbeatInitiators list to node's config and validate senders of incoming requests against it (same logic as in Gateway). 2. Validate Sender value in nodes' reponses to make sure it matches the expected node. Extend an integration test to cover this change. 3. Validate age of incoming requests against RequestTimeoutSec from job config to avoid processing ones that already timed out. 4. Disallow null-byte suffixes in message fields to avoid any potential confusion with default padding.
bolekk
force-pushed
the
heartbeat_checks
branch
from
29c1451
to
c8ee866
Compare
|
SonarQube Quality Gate
|
|
@KuphJr I added one more item here, sorry! Please re-review. I improved the PR description to make it clearer. |
KuphJr
approved these changes
Jan 22, 2024
bolekk
added a commit
that referenced
this pull request
Jan 23, 2024
1. Add AllowedHeartbeatInitiators list to node's config and validate senders of incoming requests against it (same logic as in Gateway). 2. Validate Sender value in nodes' reponses to make sure it matches the expected node. Extend an integration test to cover this change. 3. Validate age of incoming requests against RequestTimeoutSec from job config to avoid processing ones that already timed out. 4. Disallow null-byte suffixes in message fields to avoid any potential confusion with default padding. (cherry picked from commit 388e779)
This was referenced Feb 22, 2024
This was referenced Mar 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.