-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add LogCritical
in empty catch block
#6791
Conversation
@kiminuo can this be merged? Normal PR that should not have have any controversial opinions |
Password Finder is a tool for helping those users that could have forgotten one character of their password and then it tries to decrypt the wallet with all possible replacements of every single position on the password. Every time the password is incorrect a |
@prayank23 Please have a look here: https://github.com/MetacoSA/NBitcoin/blob/a9b8e592fa7df0e97bdffe7de94ed58a87d92144/NBitcoin/BIP38/BitcoinEncryptedSecret.cs#L211. That NBitcoin's
|
Agree
Agree This is the normal usage of password finder. In case this code is used for any RPC in future or attackers could find other ways to exploit application, it can be used in an unexpected way. So, its a best practice to avoid writing code with blank catch blocks. More context: https://stackoverflow.com/questions/1234343/why-are-empty-catch-blocks-a-bad-idea |
I think we can document better the intent of https://github.com/zkSNACKs/WalletWasabi/pull/6791/files#diff-882482818afddc9c3a58bb9a865609886c5a6c4a322bd781233e1d03a4dcf802R47 line. Feel free to suggest a different idea how to make the code better. |
nACK, this filles up the Maybe |
IMO no. It just doesn't make too much sense. The exception is not really exceptional state here. It simply says that "the password is not correct" but that is to be expected here. |
So few lines in log file about wrong password is an issue? But an attacker exploiting the application is not an issue? |
A similar pull request. #6648 |
If the log line has its merit, we can do something about it. The problem is that I don't get what you have in mind. Can you explain in simple terms how one can exploit the code or how that log line helps in not-exploiting the code? I have explained here #6791 (comment) how the |
I can't believe I am arguing why we should not have empty catch block. You can read the links I shared and it's a best practice to avoid unnecessary things in future. If I could find a way to exploit it right now that would be a vulnerability in Wasabi and qualify for CVE which won't be discussed here publicly. Adding two lines, improving the code and security makes more sense IMO. These few lines would certainly not make anything worse. If someone is trying wrong password thousands of times, should not have issues with log file. Its the same with Bitcoin Core. |
Ok, so there are few things to make clear:
If you just present one or two scenarios how you would actually use that to do something bad, your argument here will be much stronger. Please try to understand that your expertise and expertise of others differ. |
@prayank23 what's up with this, abandoned? |
It should have been merged. I don't understand the arguments for not following best practice and fix an empty catch block. |
@prayank23 No, this is really unfair from you because:
And after all of that you recommend to merge this PR? |
NBitcoin can have some code it does not mean we would not follow basic secure coding practices in Wasabi.
How many times do you think a normal user would use password finder? If it is used, do you think logs are an issue? if yes, why not have separate logs for it?
Did you even open those links? There was a second link and you can google "Empty catch block security" As far as example is concerned I shared how this could be abused/misused in ways that we can't predict right now. Maybe open wallet without password.
NBitcoin can't be fixed for every small thing in this repository that we can't follow because logs are an issue. Maybe @NicolasDorier can also share his thoughts about empty-catch blocks.
Yes because its related to security which is more important than anything else IMO |
NACK. There is not security issue here. This is not correct. |
@prayank23 I am no expert on the matter and I am not here to rehash this topic again, but most (if not all) answers in the stackoverflow link say something like So as Lucas and Kiminuo tried to say this is how that tool is designed, and it makes sense in this case to have that empty try-catch. |
This got 58 upvotes in the same link so I guess at least one comment makes sense why nothing: Although I would never use empty catch blocks in my projects |
ACK |
No description provided.