Skip to content

fix: Skip blockaid validation for SIWE signature types#25612

Merged
jpuri merged 3 commits intodevelopfrom
siwe_skip_validation
Jul 3, 2024
Merged

fix: Skip blockaid validation for SIWE signature types#25612
jpuri merged 3 commits intodevelopfrom
siwe_skip_validation

Conversation

@jpuri
Copy link
Copy Markdown
Contributor

@jpuri jpuri commented Jul 1, 2024

Description

Skip blockaid validation for SIWE signatures

Related issues

Fixes: #24189

Manual testing steps

  1. Go to test dapp
  2. Submit SIWE signature
  3. Blockaid validation should not be done for SIWE signatures

Screenshots/Recordings

NA

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@jpuri jpuri added the team-confirmations Push issues to confirmations team label Jul 1, 2024
@jpuri jpuri requested a review from a team as a code owner July 1, 2024 16:40
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 1, 2024

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

OGPoyraz
OGPoyraz reviewed Jul 2, 2024
View reviewed changes
app/scripts/lib/ppom/ppom-middleware.test.ts Outdated

it('does not do validation for SIWE signature', async () => {
const middlewareFunction = createMiddleware({
securityAlertsEnabled: false,
Copy link
Copy Markdown
Member

@OGPoyraz OGPoyraz Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this set to be true in order to bypass early return?

Copy link
Copy Markdown
Contributor Author

@jpuri jpuri Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, I updated the PR.

Copy link
Copy Markdown
Member

@OGPoyraz OGPoyraz Jul 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @jpuri, it's not your changes but setting this to true still leads securityAlertsEnabled as false
This is because of this line in the createMiddleware:

securityAlertsEnabled: securityAlertsEnabled === undefined ?? securityAlertsEnabled,

I think intended usage of this should be

securityAlertsEnabled: securityAlertsEnabled ?? false,

After that, it actually tests the case but fails differently.

Copy link
Copy Markdown
Contributor Author

@jpuri jpuri Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I updated PR again

@codecov
Copy link
Copy Markdown

codecov bot commented Jul 2, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.60%. Comparing base (fe12ae4) to head (6d417f3).
Report is 21 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop   #25612   +/-   ##
========================================
  Coverage    69.60%   69.60%           
========================================
  Files         1364     1364           
  Lines        48172    48175    +3     
  Branches     13291    13292    +1     
========================================
+ Hits         33526    33529    +3     
  Misses       14646    14646

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@metamaskbot
Copy link
Copy Markdown
Collaborator

metamaskbot commented Jul 2, 2024

Builds ready [b5d8301]
Page Load Metrics (411 ± 309 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint882711265124
domContentLoaded107033189
load491791411643309
domInteractive107033189
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 257 Bytes (0.01%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@jpuri jpuri requested a review from OGPoyraz July 2, 2024 10:00
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jul 2, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@metamaskbot
Copy link
Copy Markdown
Collaborator

metamaskbot commented Jul 2, 2024

Builds ready [6d417f3]
Page Load Metrics (138 ± 152 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint6013298188
domContentLoaded95828136
load471521138317152
domInteractive95828136
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 257 Bytes (0.01%)
  • ui: 0 Bytes (0.00%)
  • common: 0 Bytes (0.00%)

@jpuri jpuri merged commit 6849c72 into develop Jul 3, 2024
@jpuri jpuri deleted the siwe_skip_validation branch July 3, 2024 09:48
@github-actions github-actions bot locked and limited conversation to collaborators Jul 3, 2024
@metamaskbot metamaskbot added the release-12.2.0 Issue or pull request that will be included in release 12.2.0 label Jul 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@OGPoyraz OGPoyraz OGPoyraz approved these changes

@pedronfigueiredo pedronfigueiredo pedronfigueiredo approved these changes

Assignees

No one assigned

Labels

release-12.2.0 Issue or pull request that will be included in release 12.2.0 team-confirmations Push issues to confirmations team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Skip blockaid validation for SIWE signatures

4 participants

@jpuri @metamaskbot @OGPoyraz @pedronfigueiredo