You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
Good one, looks like as of now the result will just be an empty instead of an error indicating no subscription found for the peer which is not a great dev ex.
This could be addressed so that the API returns appropriate error, but I don't understand how it is some secuirty risk.
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
Good one, looks like as of now the result will just be an empty instead of an error indicating no subscription found for the peer which is not a great dev ex. This could be addressed so that the API returns appropriate error, but I don't understand how it is some secuirty risk.
It is not a security risk, or it is just a negligible one. To compare, there is also no error when we unsubscribe from non existent topic. Here, topic could be very short string, and could be potentially guessed by executing enough unsubscribe calls. Attacker could then listen to conversation or spam (up to rate the limit). It is good we don't return any error code at that case.
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
Good one, looks like as of now the result will just be an empty instead of an error indicating no subscription found for the peer which is not a great dev ex. This could be addressed so that the API returns appropriate error, but I don't understand how it is some secuirty risk.
It is not a security risk, or it is just a negligible one. To compare, there is also no error when we unsubscribe from non existent topic. Here, topic could be very short string, and could be potentially guessed by executing enough unsubscribe calls. Attacker could then listen to conversation or spam (up to rate the limit). It is good we don't return any error code at that case.
We need to return the proper errors so that dev ex is better.
Wrt an attacker listening to conversation, they can listen to any messages as long as they are subscribed to a pubsubTopic using relay (since this is a gossipsub network), which is why it is recommended for applications to encrypt their data so that 3rd parties cannot read the actual content.
Also note that there is no rate limit when it comes to listening/receiving messages, the only rate-limit is for publishing messages to the network (in order to avoid spam).
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
Good one, looks like as of now the result will just be an empty instead of an error indicating no subscription found for the peer which is not a great dev ex. This could be addressed so that the API returns appropriate error, but I don't understand how it is some secuirty risk.
It is not a security risk, or it is just a negligible one. To compare, there is also no error when we unsubscribe from non existent topic. Here, topic could be very short string, and could be potentially guessed by executing enough unsubscribe calls. Attacker could then listen to conversation or spam (up to rate the limit). It is good we don't return any error code at that case.
I've created improvement #933
We need to return the proper errors so that dev ex is better. Wrt an attacker listening to conversation, they can listen to any messages as long as they are subscribed to a pubsubTopic using relay (since this is a gossipsub network), which is why it is recommended for applications to encrypt their data so that 3rd parties cannot read the actual content. Also note that there is no rate limit when it comes to listening/receiving messages, the only rate-limit is for publishing messages to the network (in order to avoid spam).
@chaitanyaprem Would you like to fix #933 some time soon ? This PR has a test which depends on fixing #933, so it won't pass required checks before fixing.
@chaitanyaprem I would like to wrap up filter tests with covering certain error cases. I wonder if you see the same value in 49435a8 I'd say integrator might appreciate to receive error when sending UnsubscribeAll with wrong peer.ID (host.ID) by mistake. Being an attacker would probably give up looking at peer ID length. So I would say benefit >> security risk to provide error?
Good one, looks like as of now the result will just be an empty instead of an error indicating no subscription found for the peer which is not a great dev ex. This could be addressed so that the API returns appropriate error, but I don't understand how it is some secuirty risk.
It is not a security risk, or it is just a negligible one. To compare, there is also no error when we unsubscribe from non existent topic. Here, topic could be very short string, and could be potentially guessed by executing enough unsubscribe calls. Attacker could then listen to conversation or spam (up to rate the limit). It is good we don't return any error code at that case.
I've created improvement #933
We need to return the proper errors so that dev ex is better. Wrt an attacker listening to conversation, they can listen to any messages as long as they are subscribed to a pubsubTopic using relay (since this is a gossipsub network), which is why it is recommended for applications to encrypt their data so that 3rd parties cannot read the actual content. Also note that there is no rate limit when it comes to listening/receiving messages, the only rate-limit is for publishing messages to the network (in order to avoid spam).
@chaitanyaprem Would you like to fix #933 some time soon ? This PR has a test which depends on fixing #933, so it won't pass required checks before fixing.
Just merged the fix on to master. If you update your branch, you should have the fix in it and ci would pass :)
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
romanzac
requested review from
richard-ramos and
chaitanyaprem
as code owners
Description
Batch of tests for Waku Filter v2 to improve coverage
Changes
Tests available to run:
cd go-waku/waku/v2/protocol/filter
go test