Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: dont base64 encode rejection reasons #36

Merged
merged 1 commit into from
Sep 6, 2016
Merged

fix: dont base64 encode rejection reasons #36

merged 1 commit into from
Sep 6, 2016

Conversation

sentientwaffle
Copy link
Contributor

No description provided.

@codecov-io
Copy link

Current coverage is 91.97% (diff: 100%)

Merging #36 into master will increase coverage by 0.05%

@@             master        #36   diff @@
==========================================
  Files             6          6          
  Lines           297        299     +2   
  Methods          38         38          
  Messages          0          0          
  Branches         68         69     +1   
==========================================
+ Hits            273        275     +2   
  Misses           24         24          
  Partials          0          0

Powered by Codecov. Last update d08ea55...d99e02e

emschwartz
emschwartz reviewed Sep 1, 2016
View reviewed changes
src/lib/plugin.js
@@ -536,7 +536,9 @@ class FiveBellsLedger extends EventEmitter2 {
relatedResources.cancellation_condition_fulfillment)
} else if (fiveBellsTransfer.state === 'rejected') {
const rejectedCredit = find(fiveBellsTransfer.credits, 'rejected')
const rejectionMessage = rejectedCredit ? rejectedCredit.rejection_message : 'transfer timed out.'
const rejectionMessage = rejectedCredit
? new Buffer(rejectedCredit.rejection_message, 'base64').toString()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should use Buffer.from (see https://nodejs.org/api/buffer.html#buffer_buffer_from_buffer_alloc_and_buffer_allocunsafe)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That causes the FTs to fail when run against older versions of node.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I think not using it though would expose the DoS vulnerability that caused that switch in the first place. What if I set the rejection_message to 10000000000000?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, so we need to run the circleci tests with node 6, and then use Buffer.from.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New issue: interledgerjs/five-bells-integration-test#39

This was referenced Sep 6, 2016
Merged
Open
@emschwartz
Copy link
Contributor

LGTM

@sentientwaffle sentientwaffle merged commit 83f92a6 into master Sep 6, 2016
@sentientwaffle sentientwaffle deleted the dj-fix-rejection-message branch September 6, 2016 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sentientwaffle @codecov-io @emschwartz