Skip to content

p2p: extract ID validation into a separate func#3754

Merged
melekes merged 6 commits intomasterfrom
2722-netaddress-valid
Jul 10, 2019
Merged

p2p: extract ID validation into a separate func#3754
melekes merged 6 commits intomasterfrom
2722-netaddress-valid

Conversation

@melekes
Copy link
Contributor

@melekes melekes commented Jun 26, 2019

  • NewNetAddress panics if ID is invalid
  • NetAddress#Valid returns an error
  • remove ErrAddrBookInvalidAddrNoID

Fixes #2722

  • Updated all relevant documentation in docs
  • Updated all code comments where relevant
  • Wrote tests
  • Updated CHANGELOG_PENDING.md

@melekes melekes requested review from ebuchman and xla as code owners June 26, 2019 10:09
golangcibot
golangcibot reviewed Jun 26, 2019
View reviewed changes
@melekes melekes force-pushed the 2722-netaddress-valid branch from 452a27b to 16d4347 Compare June 26, 2019 10:23
@melekes melekes self-assigned this Jun 26, 2019
melekes added 2 commits June 26, 2019 14:25
@melekes
p2p: extract ID validation into a separate func
970b69c 
- NewNetAddress panics if ID is invalid
- NetAddress#Valid returns an error
- remove ErrAddrBookInvalidAddrNoID

Fixes #2722
@melekes
p2p: remove repetitive check in ReceiveAddrs
37accc6
@melekes melekes force-pushed the 2722-netaddress-valid branch from 16d4347 to 37accc6 Compare June 26, 2019 10:25
golangcibot
golangcibot reviewed Jun 26, 2019
View reviewed changes
@melekes melekes force-pushed the 2722-netaddress-valid branch from 95c5f48 to 327c565 Compare June 26, 2019 11:30
@codecov-io
Copy link

codecov-io commented Jun 26, 2019
edited
Loading

Codecov Report

Merging #3754 into master will decrease coverage by <.01%.
The diff coverage is 60.71%.

@@            Coverage Diff             @@
##           master    #3754      +/-   ##
==========================================
- Coverage   64.07%   64.06%   -0.01%     
==========================================
  Files         216      216              
  Lines       18096    18051      -45     
==========================================
- Hits        11595    11565      -30     
+ Misses       5524     5508      -16     
- Partials      977      978       +1
Impacted Files Coverage Δ
p2p/pex/addrbook.go 67.83% <0%> (+0.33%) ⬆️
p2p/pex/errors.go 12.5% <0%> (+1.38%) ⬆️
p2p/pex/pex_reactor.go 84.3% <100%> (+3.33%) ⬆️
p2p/netaddress.go 67.41% <66.66%> (-2%) ⬇️
privval/signer_validator_endpoint.go 75.55% <0%> (-10%) ⬇️
libs/db/remotedb/remotedb.go 35.89% <0%> (-4.94%) ⬇️
consensus/reactor.go 70.69% <0%> (-1.18%) ⬇️
blockchain/reactor.go 70.56% <0%> (-0.94%) ⬇️
libs/db/remotedb/grpcdb/client.go 0% <0%> (ø) ⬆️
blockchain/pool.go 80.59% <0%> (+0.32%) ⬆️
... and 3 more

@tac0turtle tac0turtle changed the base branch from develop to master June 26, 2019 15:33
melekes
melekes commented Jun 26, 2019
View reviewed changes
p2p/netaddress.go
if err != nil || len(data) != IDByteLength {
return false
}
func (na *NetAddress) Valid() error {
Copy link
Contributor Author

@melekes melekes Jun 26, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the fact that NetAddress can be invalid bothers me deeply... I think we should refactor the code so NetAddress is always correct. For that we'll need to change NewNetAddressX funcs to return an error + make NewNetAddressIPPort private. Thoughts?

Copy link
Contributor

@tac0turtle tac0turtle Jul 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do agree that it should always be correct, but a validity check is always good. Should we open an issue and quickly discuss there, with others then move forward? or would you like to include those changes here?

Copy link
Contributor Author

@melekes melekes Jul 10, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3782

@melekes
Copy link
Contributor Author

melekes commented Jul 2, 2019
edited
Loading

TestStartNextHeightCorrectly has failed:

    ChainID:        tendermint_test
    Height:         260
    Time:           2019-06-30 08:07:45.570596413 +0000 UTC
    NumTxs:         0
    TotalTxs:       0
    LastBlockID:    0B5C4E9031F1184C8EF0E9D919560201B1CFE21BCFDF9ADB54694C556101DB94:1:1AEE6EB892B5
    LastCommit:     35FDE4732BEE8D4994D4206B310E8E5B2F69F0F4275349B0704ED48E409D6259
    Data:
    Validators:     46F4FB38479816295554E4FDCC319DF8FEFD585E827C07273B59E461AD8A070D
    NextValidators: 46F4FB38479816295554E4FDCC319DF8FEFD585E827C07273B59E461AD8A070D
    App:
    Consensus:       048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F
    Results:
    Evidence:
    Proposer:       00B4542C2DD7405156AC7A8687A560612199AFB0
  }#3BF436EB3A8478B9F087B4C84A468DD24C6B5DDFC7C8BB5A7311C8E0C37F94E4
  Data{

  }#
  EvidenceData{

  }#
  Commit{
    BlockID:    0B5C4E9031F1184C8EF0E9D919560201B1CFE21BCFDF9ADB54694C556101DB94:1:1AEE6EB892B5
    Precommits:
      Vote{0:00B4542C2DD7 259/00/2(Precommit) 0B5C4E9031F1 A5B173974851 @ 2019-06-30T08:07:45.570596413Z}
  }#35FDE4732BEE8D4994D4206B310E8E5B2F69F0F4275349B0704ED48E409D6259
}#3BF436EB3A8478B9F087B4C84A468DD24C6B5DDFC7C8BB5A7311C8E0C37F94E4 module=consensus
I[2019-06-30|08:06:00.239] Executed block                               height=260 validTxs=0 invalidTxs=0
I[2019-06-30|08:06:00.239] Committed state                              height=260 txs=0 appHash=
I[2019-06-30|08:06:00.241] enterNewRound(261/0). Current: 261/0/RoundStepNewHeight module=consensus height=261 round=0
D[2019-06-30|08:06:00.241] Received tick                                module=consensus old_ti="{Duration:40ms Height:260 Round:0 Step:RoundStepPropose}" new_ti="{Duration:-5.98
6516ms Height:261 Round:0 Step:RoundStepNewHeight}"
D[2019-06-30|08:06:00.241] Timer already stopped                        module=consensus
D[2019-06-30|08:06:00.241] Scheduled timeout                            module=consensus dur=-5.986516ms height=261 round=0 step=RoundStepNewHeight
D[2019-06-30|08:06:00.241] Received tick                                module=consensus old_ti="{Duration:-5.986516ms Height:261 Round:0 Step:RoundStepNewHeight}" new_ti="{Durat
ion:100ms Height:261 Round:0 Step:RoundStepNewRound}"
D[2019-06-30|08:06:00.241] Scheduled timeout                            module=consensus dur=100ms height=261 round=0 step=RoundStepNewRound
I[2019-06-30|08:06:00.255] Timed out                                    module=consensus dur=40ms height=2 round=0 step=RoundStepPropose
D[2019-06-30|08:06:00.256] Received tock                                module=consensus timeout=40ms height=2 round=0 step=RoundStepPropose
I[2019-06-30|08:06:00.257] enterPrevote(2/0). Current: 2/0/RoundStepPropose module=consensus
I[2019-06-30|08:06:00.257] enterPrevote: ProposalBlock is nil           module=consensus height=2 round=0
I[2019-06-30|08:06:00.261] Signed and pushed vote                       module=consensus height=2 round=0 vote="Vote{0:1A03963E94C1 2/00/1(Prevote) 000000000000 F249CA6237A5 @ 20
19-06-30T08:06:00.257450539Z}" err=null
--- FAIL: TestStartNextHeightCorrectly (0.20s)
    state_test.go:1329:
                Error Trace:    state_test.go:1329
                Error:          Should be true
                Test:           TestStartNextHeightCorrectly

tac0turtle
tac0turtle approved these changes Jul 3, 2019
View reviewed changes
Copy link
Contributor

@tac0turtle tac0turtle left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 👍 just one question, not related to the code but your comment @melekes

p2p/netaddress.go
if err != nil || len(data) != IDByteLength {
return false
}
func (na *NetAddress) Valid() error {
Copy link
Contributor

@tac0turtle tac0turtle Jul 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do agree that it should always be correct, but a validity check is always good. Should we open an issue and quickly discuss there, with others then move forward? or would you like to include those changes here?

p2p/netaddress.go
}
func (na *NetAddress) Valid() error {
if err := validateID(na.ID); err != nil {
return errors.Wrap(err, "invalid ID")
Copy link
Contributor

@tac0turtle tac0turtle Jul 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

love this 👍

ValarDragon
ValarDragon approved these changes Jul 8, 2019
View reviewed changes
Copy link
Contributor

@ValarDragon ValarDragon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvement!

Agreed with it being better to make the type correct by construction though.

AdityaSripal
AdityaSripal approved these changes Jul 8, 2019
View reviewed changes
Copy link
Contributor

@AdityaSripal AdityaSripal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@melekes melekes mentioned this pull request Jul 10, 2019
Closed
@melekes melekes merged commit f05c2a9 into master Jul 10, 2019
@melekes melekes deleted the 2722-netaddress-valid branch July 10, 2019 09:36
cboh4 pushed a commit to scrtlabs/tendermint that referenced this pull request Apr 7, 2025
@melekes @AlexsandroRyan
chore: Update dependencies to address CVEs (tendermint#3754)
d0bcdaa 
Author: [AlexsandroRyan](https://github.com/AlexsandroRyan)

This pull request addresses all CVEs reported by the Checkmarx tool
during its execution on this repository.

The previous discussion can be found here:
https://github.com/cometbft/cometbft/discussions/3558.

I have updated all necessary dependencies to fix the identified CVEs,
but some vulnerabilities remain unresolved. I would appreciate any
assistance in addressing these remaining issues.

1. CVE-2021-3538: This issue is related to the github.com/satori/go.uuid
package, which is a dependency of
[tm-load-test](https://github.com/informalsystems/tm-load-test). We have
already submitted a PR to address this:
informalsystems/tm-load-test#221.

2. CVE-2024-24786: This vulnerability pertains to the
google.golang.org/protobuf package. Running go mod graph | grep
google.golang.org/protobuf reveals that many packages are using the
vulnerable version. It’s unclear if updating them individually is
feasible.

3. CVE-2024-34478: This vulnerability is associated with
github.com/btcsuite/btcd, a dependency of
github.com/btcsuite/btcd/btcutil, which is currently used at a version
lower than 0.24.0. We have also submitted a pull request for this:
btcsuite/btcd#2235.

Please let us know if this approach is sufficient or if there is a more
efficient way to resolve these issues.

<!--

Please add a reference to the issue that this PR addresses and indicate
which
files are most critical to review. If it fully addresses a particular
issue,
please include "Closes #XXX" (where "XXX" is the issue number).

If this PR is non-trivial/large/complex, please ensure that you have
either
created an issue that the team's had a chance to respond to, or had some
discussion with the team prior to submitting substantial pull requests.
The team
can be reached via GitHub Discussions or the Cosmos Network Discord
server in
the #cometbft channel. GitHub Discussions is preferred over Discord as
it
allows us to keep track of conversations topically.
https://github.com/cometbft/cometbft/discussions

If the work in this PR is not aligned with the team's current
priorities, please
be advised that it may take some time before it is merged - especially
if it has
not yet been discussed with the team.

See the project board for the team's current priorities:
https://github.com/orgs/cometbft/projects/1

-->

---

#### PR checklist

- [ ] ~Tests written/updated~
- [ ] ~Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)~
- [ ] ~Updated relevant documentation (`docs/` or `spec/`) and code
comments~
- [ ] Title follows the [Conventional
Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec

---------

Co-authored-by: Alexsandro <alexsandrocosta855@gmail.com>
Co-authored-by: Alessandro <alessandro@informal.systems>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ebuchman ebuchman Awaiting requested review from ebuchman

@xla xla Awaiting requested review from xla

4 more reviewers

@golangcibot golangcibot golangcibot left review comments

@ValarDragon ValarDragon ValarDragon approved these changes

@AdityaSripal AdityaSripal AdityaSripal approved these changes

@tac0turtle tac0turtle tac0turtle approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@melekes melekes

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[p2p] extract validating logic from NewNetAddressStringWithOptionalID

7 participants

@melekes @codecov-io @ValarDragon @AdityaSripal @tac0turtle @golangcibot @ebuchman