fix: disable bridge debug server by rogierx · Pull Request #5488 · Scottcjn/Rustchain

rogierx · 2026-05-16T19:56:28Z

Summary

Disable Flask debug mode for the standalone RIP-305 bridge dev server.
Add a regression test so the bridge entrypoint cannot reintroduce debug=True.

Notes

This is intentionally scoped to the bridge instance from the #5059 discussion and avoids touching contributor_registry.py / keeper_explorer.py, which are already covered by PR #5118.

Checks

/tmp/rustchain-5449-venv/bin/python -m pytest bridge/test_bridge_api.py::test_standalone_bridge_server_does_not_enable_debugger -q
/tmp/rustchain-5449-venv/bin/python -m py_compile bridge/bridge_api.py bridge/test_bridge_api.py

github-actions · 2026-05-16T19:56:35Z

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

Non-doc PRs have a BCOS-L1 or BCOS-L2 label
Doc-only PRs are exempt from BCOS tier labels when they only touch docs/**, *.md, or common image/PDF files
New code files include an SPDX license header
You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

ZacharyZhang-NY

Reviewed PR #5488 at head $commit.

Validation performed:

python -m py_compile bridge_api.py test_bridge_api.py on the PR-head extracted �ridge/ files.
python -m pytest test_bridge_api.py::test_standalone_bridge_server_does_not_enable_debugger -q -> 1 passed.
git diff --check origin/main...review-pr-5488 -- bridge/bridge_api.py bridge/test_bridge_api.py -> passed.
Checked issue #5059 comments: the additional Flask debug instance explicitly includes �ridge/bridge_api.py, while PR #5118 covers keeper_explorer.py and contributor_registry.py.

The bridge standalone entrypoint keeps the same host and port while setting debug=False, and the regression guards the bridge source against reintroducing debug=True. Approval.

ZacharyZhang-NY · 2026-05-16T20:02:15Z

Clarification for my review above: the reviewed head was $commit.

Validation performed:

python -m py_compile bridge_api.py test_bridge_api.py on the extracted PR-head bridge files.
python -m pytest test_bridge_api.py::test_standalone_bridge_server_does_not_enable_debugger -q -> 1 passed.
git diff --check origin/main...review-pr-5488 -- bridge/bridge_api.py bridge/test_bridge_api.py -> passed.
Issue Bug: keeper_explorer and contributor_registry run Flask in debug=True — enables RCE #5059 comments explicitly include bridge/bridge_api.py as an additional debug-mode instance; PR [codex] fix: disable Flask debug mode in keeper explorer services #5118 covers the separate keeper_explorer.py and contributor_registry.py entrypoints.

HCIE2054

LGTM!

HCIE2054

LGTM!

HCIE2054

LGTM!

HCIE2054

LGTM!

ZacharyZhang-NY

Reviewed PR #5488 at head cef49fb.

Validation performed:

Checked issue #5059 context. This PR is scoped to the standalone RIP-305 bridge dev server entrypoint and removes the exposed Flask debugger setting there.
git fetch origin pull/5488/head:review-pr-5488 --force
git diff --check origin/main...review-pr-5488 -- bridge/bridge_api.py bridge/test_bridge_api.py -> passed.
python -m py_compile bridge/bridge_api.py bridge/test_bridge_api.py on an extracted PR-head tree -> passed.
python -m pytest bridge/test_bridge_api.py::test_standalone_bridge_server_does_not_enable_debugger -q --confcutdir= -> 1 passed.
python -m pytest bridge/test_bridge_api.py -q --confcutdir= -> 42 passed.

The bridge standalone entrypoint now runs with debug=False, and the focused regression plus full bridge API test file pass. Approving.

kekehanshujun

Approved. I verified the standalone bridge dev server no longer enables the Flask debugger and did not find a blocking issue.

Validation performed:

python -m py_compile bridge\bridge_api.py bridge\test_bridge_api.py
python -m pytest bridge\test_bridge_api.py::test_standalone_bridge_server_does_not_enable_debugger -q
python -m pytest bridge\test_bridge_api.py -q
git diff --check origin/main...HEAD -- bridge/bridge_api.py bridge/test_bridge_api.py

The focused regression covers the __main__ server entrypoint, and the full bridge API suite passed with 42 tests.

BossChaos · 2026-05-17T03:27:52Z

Code Review — Bounty #73

PR: fix: disable bridge debug server by @rogierx
Files changed: 2 (+8/-1)

✅ Bug fix or input validation
🔒 Auth/authz code reviewed

Summary

This is a bug fix PR. Changes appear consistent with project patterns.

Wallet: 0xdaE5d307339074A24F579dB48e7c639359D94904

Reviewing under Bounty #73 — Code Review Bounty Program

HCIE2054

LGTM!

TJCurnutte

Approved. I checked the standalone bridge dev-server hardening and the regression coverage.

Validation performed on head cef49fb7d674c80284a929c57ddb310d2578d874:

git diff --check origin/main...HEAD -- bridge/bridge_api.py bridge/test_bridge_api.py passed.
PYTHONPATH=bridge:. python3 -B -m py_compile bridge/bridge_api.py bridge/test_bridge_api.py passed.
PYTHONPATH=bridge:. uv run --no-project --with pytest --with flask --with requests --with flask-cors python -B -m pytest -q bridge/test_bridge_api.py --noconftest -p no:cacheprovider returned 42 passed in 0.76s.
Source probe returned debug_true_count 0, debug_false_count 1, and test_guard_present True.

Reasoning: the only standalone app.run(...) path in bridge/bridge_api.py now binds with debug=False, so the Werkzeug debugger is not exposed when this dev server listens on 0.0.0.0:8096. The added test guards against reintroducing debug=True in that file.

HCIE2054

LGTM!

HCIE2054

LGTM!

508704820

Disable bridge debug server. CRITICAL - debug servers in production allow unauthenticated access to internal state. Verify: (1) Debug server is disabled in ALL environments, not just production. (2) No other debug endpoints remain enabled. (3) Environment variable to enable debug has a non-obvious default (disabled). - Xeophon (security review)

HCIE2054

LGTM!

HCIE2054

LGTM!

508704820 · 2026-05-17T11:22:13Z

Security Review ✅

Same class as #5531: disables Flask debug=True on the bridge dev server. Prevents Werkzeug debugger RCE. Regression test ensures debug=True cannot be reintroduced.

Reviewed by Xeophon - Solana: Lt9nERv6VHsojw15LpFeiaabuphAggzfLF9sM9UXRrZ

jaxint

LGTM! Thanks for contributing. Approved.

HCIE2054

LGTM!

HCIE2054

LGTM!

HCIE2054

LGTM!

HCIE2054

LGTM!

HCIE2054

LGTM!

rogierx · 2026-05-19T10:27:20Z

Claiming the accepted/merged RustChain bounty for this PR.

RustChain RTC payout address: RTC88d4b01c4dd3c2c05b07b8d7ff96f4417aeffaff

No private wallet material is included.

fix: disable bridge debug server

cef49fb

github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/XS PR: 1-10 lines labels May 16, 2026

ZacharyZhang-NY approved these changes May 16, 2026

View reviewed changes

ZacharyZhang-NY mentioned this pull request May 16, 2026

[Bounty Claim] PR Review - RustChain PR #5488 (Bounty #73) Scottcjn/rustchain-bounties#10164

Open

HCIE2054 approved these changes May 16, 2026

View reviewed changes

ZacharyZhang-NY approved these changes May 16, 2026

View reviewed changes

ZacharyZhang-NY mentioned this pull request May 16, 2026

[Bounty Claim] PR Review - RustChain PR #5488 (Bounty #305) Scottcjn/rustchain-bounties#10228

Open

kekehanshujun approved these changes May 17, 2026

View reviewed changes

kekehanshujun mentioned this pull request May 17, 2026

[Bounty Claim] PR Review - RustChain PR #5488 (Bounty #73) Scottcjn/rustchain-bounties#10296

Open