-
Notifications
You must be signed in to change notification settings - Fork 64
Add functions in sanitization to handler ProtocolRPCRequest and ProtocolMessage - Closes#1017 #1020
Add functions in sanitization to handler ProtocolRPCRequest and ProtocolMessage - Closes#1017 #1020
Conversation
@@ -92,3 +97,32 @@ export const sanitizePeerInfoList = ( | |||
throw new InvalidRPCResponse('Invalid response type'); | |||
} | |||
}; | |||
|
|||
export const sanitizeRPCRequest = (request: unknown): ProtocolRPCRequest => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of sanitize
, can we use validate
?
packages/lisk-p2p/src/errors.ts
Outdated
@@ -69,3 +69,17 @@ export class RequestFailError extends VError { | |||
this.name = 'RequestFailError'; | |||
} | |||
} | |||
|
|||
export class InvalidRPCRequest extends VError { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
prefer InvalidRPCRequestError
packages/lisk-p2p/src/errors.ts
Outdated
} | ||
} | ||
|
||
export class InvalidProtocolMessage extends VError { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
prefer InvalidProtocolMessageError
a92cadf
to
e69a997
Compare
94a7c5e
to
463eb33
Compare
615b99b
to
4bd298d
Compare
Addressed all the comments and rebased. Also, I have included the changes related to |
4bd298d
to
c3883cb
Compare
8d748e1
to
ef16b96
Compare
packages/lisk-p2p/src/peer.ts
Outdated
|
||
return; | ||
this.emit(EVENT_REQUEST_RECEIVED, request); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's dangerous to emit within a try
block because event listeners which are declared outside this class will be called synchronously; so if a listener is attached to the Peer from outside; for example using peer.on(EVENT_REQUEST_RECEIVED, myListenerFunction)
; it means that if myListenerFunction
throws an error or has a bug then it will cause the catch block below to execute and this.emit(EVENT_INVALID_REQUEST_RECEIVED, packet);
will be called even though the request is fine; makes it very hard to debug.
An alternative approach might be to return
from inside the catch
block just after calling this.emit(EVENT_INVALID_REQUEST_RECEIVED, packet);
and on the next line outside the catch block (which will only run if request is valid), we can emit the request with this.emit(EVENT_REQUEST_RECEIVED, request);
.
It's easy to do with let
but may be kind of tricky to do with only const
. Maybe it's worth separating the validation logic from the sanitization logic and only have the try-catch block around the validation part?
Another option would be to emit asynchronously (e.g. inside a setTimeout/setImmediate) but that is more ugly and computationally expensive.
packages/lisk-p2p/src/peer.ts
Outdated
return; | ||
try { | ||
const protocolMessage = sanitizeProtocolMessage(packet); | ||
this.emit(EVENT_MESSAGE_RECEIVED, protocolMessage); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same problem as above.
throw new InvalidRPCRequestError('Invalid request'); | ||
} | ||
|
||
const rpcRequest = request as P2PRequest; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't cast the request
object into a P2PRequest
because P2PRequest
is a usable request object which can be responded to using its request.end(...)
or request.error(...)
method. Maybe this validation/sanitization function should just return a validated/sanitized ProtocolRPCRequestPacket
; that's also more consistent with the sanitizeProtocolMessage
function below. We will have to instantiate the P2PRequest
as a separate step (not part of validation/sanitization); it needs the SocketCluster respond
callback as third argument to its constructor.
return rpcRequest; | ||
}; | ||
|
||
export const sanitizeProtocolMessage = (message: unknown): ProtocolMessagePacket => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
name of this should also be validate
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually before, all the functions were prefixed as process or validate. But later @jondubois renamed all of them to sanitize including the file name because these functions are not only validating but type casting or sanitizing it to some protocol type or preferred data structure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mmm we have similar functionality in transaction with validating and the checking so maybe it’s better to standardize?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay then I think it makes sense to just use validate
here too 👍
@@ -14,8 +14,14 @@ | |||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, filename should be consistent, and all the function in this file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here, should we rename it back to validate
prefix? what do you think @jondubois ?
…ization.ts -> validation.ts in test
3c419c0
to
9461ea0
Compare
Addressed @jondubois @shuse2 |
Description
Add sanitization functions to handle protocol RPC requests and messages
Review checklist