Add functions in sanitization to handler ProtocolRPCRequest and ProtocolMessage - Closes#1017 #1020
Conversation
| @@ -92,3 +97,32 @@ export const sanitizePeerInfoList = ( | |||
| throw new InvalidRPCResponse('Invalid response type'); | |||
| } | |||
| }; | |||
|
|
|||
| export const sanitizeRPCRequest = (request: unknown): ProtocolRPCRequest => { | |||
There was a problem hiding this comment.
instead of sanitize, can we use validate?
packages/lisk-p2p/src/errors.ts
Outdated
| @@ -69,3 +69,17 @@ export class RequestFailError extends VError { | |||
| this.name = 'RequestFailError'; | |||
| } | |||
| } | |||
|
|
|||
| export class InvalidRPCRequest extends VError { | |||
There was a problem hiding this comment.
prefer InvalidRPCRequestError
packages/lisk-p2p/src/errors.ts
Outdated
| } | ||
| } | ||
|
|
||
| export class InvalidProtocolMessage extends VError { |
There was a problem hiding this comment.
prefer InvalidProtocolMessageError
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
2 times, most recently
from
a92cadf
to
e69a997
Compare
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
from
94a7c5e
to
463eb33
Compare
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
from
615b99b
to
4bd298d
Compare
|
Addressed all the comments and rebased. Also, I have included the changes related to |
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
from
4bd298d
to
c3883cb
Compare
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
from
8d748e1
to
ef16b96
Compare
packages/lisk-p2p/src/peer.ts
Outdated
|
|
||
| return; | ||
| this.emit(EVENT_REQUEST_RECEIVED, request); |
There was a problem hiding this comment.
It's dangerous to emit within a try block because event listeners which are declared outside this class will be called synchronously; so if a listener is attached to the Peer from outside; for example using peer.on(EVENT_REQUEST_RECEIVED, myListenerFunction); it means that if myListenerFunction throws an error or has a bug then it will cause the catch block below to execute and this.emit(EVENT_INVALID_REQUEST_RECEIVED, packet); will be called even though the request is fine; makes it very hard to debug.
An alternative approach might be to return from inside the catch block just after calling this.emit(EVENT_INVALID_REQUEST_RECEIVED, packet); and on the next line outside the catch block (which will only run if request is valid), we can emit the request with this.emit(EVENT_REQUEST_RECEIVED, request);.
It's easy to do with let but may be kind of tricky to do with only const. Maybe it's worth separating the validation logic from the sanitization logic and only have the try-catch block around the validation part?
Another option would be to emit asynchronously (e.g. inside a setTimeout/setImmediate) but that is more ugly and computationally expensive.
packages/lisk-p2p/src/peer.ts
Outdated
| return; | ||
| try { | ||
| const protocolMessage = sanitizeProtocolMessage(packet); | ||
| this.emit(EVENT_MESSAGE_RECEIVED, protocolMessage); |
| throw new InvalidRPCRequestError('Invalid request'); | ||
| } | ||
|
|
||
| const rpcRequest = request as P2PRequest; |
There was a problem hiding this comment.
We can't cast the request object into a P2PRequest because P2PRequest is a usable request object which can be responded to using its request.end(...) or request.error(...) method. Maybe this validation/sanitization function should just return a validated/sanitized ProtocolRPCRequestPacket; that's also more consistent with the sanitizeProtocolMessage function below. We will have to instantiate the P2PRequest as a separate step (not part of validation/sanitization); it needs the SocketCluster respond callback as third argument to its constructor.
| return rpcRequest; | ||
| }; | ||
|
|
||
| export const sanitizeProtocolMessage = (message: unknown): ProtocolMessagePacket => { |
There was a problem hiding this comment.
name of this should also be validate?
There was a problem hiding this comment.
actually before, all the functions were prefixed as process or validate. But later @jondubois renamed all of them to sanitize including the file name because these functions are not only validating but type casting or sanitizing it to some protocol type or preferred data structure.
There was a problem hiding this comment.
Mmm we have similar functionality in transaction with validating and the checking so maybe it’s better to standardize?
There was a problem hiding this comment.
Okay then I think it makes sense to just use validate here too 👍
| @@ -14,8 +14,14 @@ | |||
| */ | |||
There was a problem hiding this comment.
also, filename should be consistent, and all the function in this file?
There was a problem hiding this comment.
same here, should we rename it back to validate prefix? what do you think @jondubois ?
…ization.ts -> validation.ts in test
ishantiw
force-pushed
the
1017-add_more_funcs_in_sanitization_to_handler
branch
from
3c419c0
to
9461ea0
Compare
|
Addressed @jondubois @shuse2 |
Description
Add sanitization functions to handle protocol RPC requests and messages
Review checklist