-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: blocked addrs #210
feat: blocked addrs #210
Conversation
Warning Review failedThe pull request is closed. WalkthroughWalkthroughThe recent updates encompass various components, focusing on enhancing functionality and code maintainability across the application. Changes span from refining API responses and updating method parameters to incorporating new imports and adjusting Dockerfile configurations. Notably, the Changes
Poem
Happy coding! 🐇✨ Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Outside diff range and nitpick comments (2)
x/move/module.go (1)
[!TIP]
Codebase VerificationThe recent script execution revealed several occurrences of
moduleNames
across different files in the codebase, but none of these instances showed any explicit validation or sanitization of themoduleNames
field.
File: x/move/module.go
moduleNames
is initialized in theNewAppModule
constructor.- Used in
AppModule.InitGenesis
.File: x/move/types/authz.go
moduleNames
is used inNewPublishAuthorization
.File: x/move/types/authz.pb.go
moduleNames
is a field inPublishAuthorization
.File: x/move/keeper/genesis.go
moduleNames
is used inKeeper.InitGenesis
.File: api/initia/move/v1/authz.pulsar.go
moduleNames
is a field inPublishAuthorization
.Given the critical nature of
moduleNames
and its impact on module behavior, it is imperative to ensure that these names are validated and sanitized to avoid potential security or stability issues.Recommendation:
- Add validation and sanitization checks for
moduleNames
in theNewAppModule
constructor and any other relevant methods wheremoduleNames
is used.Locations to address:
x/move/module.go
(NewAppModule constructor and InitGenesis method)x/move/types/authz.go
(NewPublishAuthorization method)x/move/keeper/genesis.go
(InitGenesis method)Analysis chain
Line range hint
93-122
: TheNewAppModule
constructor now initializes themoduleNames
field. Ensure that themoduleNames
are properly sanitized and validated where they are used, as they directly impact module behavior.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify that moduleNames are sanitized and validated in all usages. # Test: Search for usages of moduleNames and check for validation or sanitization. rg --type go $'moduleNames' -A 10 | grep 'validate\|sanitize'Length of output: 60
Script:
#!/bin/bash # Description: Find all occurrences of `moduleNames` in the codebase and inspect their context. # Find all files containing `moduleNames` rg --type go --files-with-matches 'moduleNames' | while read -r file; do echo "File: $file" # Display lines containing `moduleNames` with 5 lines of context rg --type go 'moduleNames' -C 5 "$file" doneLength of output: 3687
x/move/keeper/api_test.go (1)
Line range hint
35-64
: Updated test cases inTest_GetAccountInfo
effectively test the newis_blocked
functionality. Ensure that additional edge cases, such as accounts transitioning between blocked and unblocked states, are also tested to cover all possible scenarios.Would you like me to help you design these additional test cases?
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
go.sum
is excluded by!**/*.sum
,!**/*.sum
Files selected for processing (7)
- app/app.go (2 hunks)
- x/move/keeper/api.go (2 hunks)
- x/move/keeper/api_test.go (5 hunks)
- x/move/keeper/bank.go (2 hunks)
- x/move/keeper/genesis.go (2 hunks)
- x/move/module.go (3 hunks)
- x/move/types/connector.go (2 hunks)
Additional comments not posted (5)
x/move/keeper/api.go (1)
Line range hint
33-54
: The updatedGetAccountInfo
method now includes anis_blocked
return value. Ensure that all calls to this method across the codebase are updated to handle this new return value.Verification successful
All instances of
GetAccountInfo
across the codebase, including inx/move/keeper/api_test.go
, correctly handle the newis_blocked
return value.
x/move/keeper/api_test.go
: All calls toGetAccountInfo
handle theis_blocked
return value, either by assigning it to a variable or ignoring it with an underscore.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify all function calls to `GetAccountInfo` handle the new return value. # Test: Search for the function usage. Expect: Only occurances of the new signature. rg --type go $'GetAccountInfo'Length of output: 872
Script:
#!/bin/bash # Description: Verify all function calls to `GetAccountInfo` handle the new return value across the entire codebase. # Test: Search for the function usage. Expect: Only occurrences of the new signature. rg --type go 'GetAccountInfo'Length of output: 872
x/move/keeper/bank.go (2)
450-450
: Ensure the function name reflects the new capabilities.The renaming of
FunctionNameManagedCoinMint
toFunctionNameManagedCoinSudoMint
clarifies the escalated privileges required for this operation.
523-531
: Verify the new function call parameters for correctness.The addition of an explicit address list and a boolean flag in the
executeEntryFunction
call must be validated to ensure it aligns with the intended security model and functionality. Please verify that the new parameters ([]vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr}
andfalse
) are used correctly across all invocations.Verification successful
The function
executeEntryFunction
is invoked in two files with different parameters:
- In
x/move/keeper/bank.go
, the parameters include an explicit address list[]vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr}
and the boolean flagfalse
.- In
x/move/keeper/handler.go
, the parameters include[]vmtypes.AccountAddress{sender}
.The review comment specifically mentioned verifying the correctness of the new parameters introduced in
x/move/keeper/bank.go
. Given the different parameters used inx/move/keeper/handler.go
, it is crucial to ensure that the new parameters inx/move/keeper/bank.go
align with the intended security model and functionality.Key Points to Verify:
- The explicit address list
[]vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr}
.- The boolean flag
false
.Next Steps:
- Verify the context and intended usage of these parameters in
x/move/keeper/bank.go
.- Ensure that the new parameters do not introduce security vulnerabilities or functional issues.
The extracted context around the invocation in
x/move/keeper/bank.go
shows the preparation of parameters before callingexecuteEntryFunction
. The new parameters include an explicit address list and a boolean flag. Based on the context, the parameters appear to be correctly set up and used as intended.Key Points:
- The explicit address list
[]vmtypes.AccountAddress{vmtypes.StdAddress, fromVmAddr}
is constructed usingvmtypes.StdAddress
andfromVmAddr
.- The boolean flag
false
is passed as the last argument.Given the context and the parameters' setup, it seems that the new parameters align with the intended security model and functionality.
x/move/keeper/bank.go
: The address list and boolean flag are correctly used in the invocation ofexecuteEntryFunction
.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify correct usage of the new `executeEntryFunction` parameters in the codebase. # Test: Search for the function usage. Expect: Only occurances with the correct parameters. rg --type go $'executeEntryFunction'Length of output: 266
Script:
#!/bin/bash # Extract lines containing the invocations of `executeEntryFunction` in the specified files to verify the parameters. # Extract from x/move/keeper/bank.go rg -A 5 'executeEntryFunction' x/move/keeper/bank.go # Extract from x/move/keeper/handler.go rg -A 5 'executeEntryFunction' x/move/keeper/handler.goLength of output: 712
Script:
#!/bin/bash # Extract additional context around the invocation in x/move/keeper/bank.go to verify the intended usage and correctness of the parameters. # Extract 10 lines before and after the invocation of executeEntryFunction in x/move/keeper/bank.go rg -C 10 'executeEntryFunction' x/move/keeper/bank.goLength of output: 513
x/move/types/connector.go (1)
31-31
: Clarification of function purpose through naming.Renaming
FunctionNameManagedCoinMint
toFunctionNameManagedCoinSudoMint
provides a clearer indication of the function's elevated privilege requirements.app/app.go (1)
15-15
: Ensure that the new import"golang.org/x/exp/maps"
is used effectively in the code.This import is used to leverage the
maps.Keys
function in themove.NewAppModule
call, which is a valid use case. Just ensure that this library is maintained and compatible with your project's Go version to avoid future issues.
func (k Keeper) InitGenesis(ctx context.Context, moduleNames []string, genState types.GenesisState) error { | ||
// create all module addresses | ||
sort.StringSlice(moduleNames).Sort() | ||
for _, moduleName := range moduleNames { | ||
k.authKeeper.GetModuleAccount(ctx, moduleName) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tip
Codebase Verification
The search did not reveal any validation logic for moduleNames
before they are used in the InitGenesis
function. This indicates a potential issue with the code.
- Ensure that
moduleNames
are properly validated before use to avoid potential errors from malformed names.
Category:
Analysis chain
The InitGenesis
function has been modified to accept a moduleNames
parameter which is sorted and used to retrieve module accounts. Ensure that the moduleNames
are properly validated before use to avoid potential errors from malformed names.
Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify that moduleNames are validated before being used in InitGenesis.
# Test: Search for validation logic related to moduleNames.
rg --type go $'moduleNames' -A 10 | grep 'validate'
Length of output: 48
Script:
#!/bin/bash
# Description: Check for validation logic for moduleNames in the entire codebase.
# Search for validation function definitions and usages related to moduleNames.
rg --type go 'func validate' -A 10
rg --type go 'validate(moduleNames)'
Length of output: 14551
FunctionNameCoinBalance = "balance" | ||
FunctionNameCoinRegister = "register" | ||
FunctionNameCoinTransfer = "transfer" | ||
FunctionNameCoinSudoTransfer = "sudo_transfer" | ||
FunctionNameCoinWhitelist = "whitelist" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tip
Codebase Verification
The context around the identified lines in both x/move/types/connector.go
and benchmark/app_test.go
shows that FunctionNameCoinTransfer
is still defined and used. This indicates that the renaming to FunctionNameCoinSudoTransfer
might be incomplete or inconsistent.
x/move/types/connector.go
(line 42):FunctionNameCoinTransfer
is defined alongsideFunctionNameCoinSudoTransfer
.benchmark/app_test.go
(line 147):FunctionNameCoinTransfer
is used in a test case.
This confirms that the renaming process has not been fully propagated across the codebase.
x/move/types/connector.go
: Line 42benchmark/app_test.go
: Line 147
Please ensure that all instances of FunctionNameCoinTransfer
are updated to FunctionNameCoinSudoTransfer
where appropriate to maintain consistency.
Analysis chain
Ensure consistency in function naming conventions.
The renaming of FunctionNameCoinTransfer
to FunctionNameCoinSudoTransfer
suggests a similar elevation in privilege requirements as seen with the managed coin functions. Confirm that all related function calls across the codebase have been updated to reflect these changes.
Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for consistent usage of renamed coin functions.
# Test: Search for old function names to ensure they are no longer used.
rg --type go $'FunctionNameCoinTransfer'
Length of output: 183
Script:
#!/bin/bash
# Check the context and usage of FunctionNameCoinTransfer in the identified files.
# Extract relevant lines from x/move/types/connector.go
rg --type go --line-number 'FunctionNameCoinTransfer' x/move/types/connector.go
# Extract relevant lines from benchmark/app_test.go
rg --type go --line-number 'FunctionNameCoinTransfer' benchmark/app_test.go
Length of output: 258
Script:
#!/bin/bash
# Extract surrounding lines for context in the identified files.
# Extract lines around the definition in x/move/types/connector.go
rg --type go --context 5 --line-number 'FunctionNameCoinTransfer' x/move/types/connector.go
# Extract lines around the usage in benchmark/app_test.go
rg --type go --context 5 --line-number 'FunctionNameCoinTransfer' benchmark/app_test.go
Length of output: 1039
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
need to bump movevm
initia-labs/movevm#73