Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Message validation for the rest of Federation messages #1959

Merged
merged 3 commits into from
Jun 28, 2024

Conversation

quadcopterman
Copy link
Contributor

Added message validation on all federation messages that hadn't validation before

@quadcopterman quadcopterman requested a review from Kaz-ookid June 27, 2024 19:49
@quadcopterman quadcopterman self-assigned this Jun 27, 2024
@quadcopterman quadcopterman requested a review from a team as a code owner June 27, 2024 19:49
Copy link

Pull reviewers stats

Stats of the last 30 days for popstellar:

User Total reviews Time to review Total comments
K1li4nL
🥇
24
▀▀▀▀
1d 19h 44m
12
▀▀
arnauds5
🥈
7
4h 29m
4
matteosz
🥉
7
3d 16h 27m
21
▀▀▀
emonnin-epfl
6
8h 20m
8
sgueissa
3
7h 59m
5
quadcopterman
3
10d 7h 3m
▀▀▀
1
1florentin
2
10d 5h 50m
▀▀▀
0
MariemBaccari
2
22h 39m
6
simone-kalbermatter
2
5h 32m
0
onsriahi14
2
6d 4h 27m
▀▀
4
Kaz-ookid
1
3d 19h 13m
5
⚡️ Pull request stats

Copy link
Contributor

@Kaz-ookid Kaz-ookid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job !

I have multiple comments :

  • some picky comments in the review. Good and complete validation enhances security, but also robustness of the code : other tests using some federation data will not be able to instantiate wrong data, therefore avoiding any case of uncatched bugs and issues. From my experience, as I was adding validations a lot of tests aside were failing due to bad data instantiation. This showed how important it is to give clear and strict guidelines. In principle, the documentation provided in the protocol is all that is needed to know what to check 👍
  • you should edit the Issue Complete message validation #1751 with the new classes and check the classes done :)
  • I feel like there is a lack of tests. There should be one tests for every construction scenario, checking if the constructor fails or succeeds accordingly. A great example can be found here. I know it looks big but it really is quick, and enforces the well definitions of the validations.

@@ -19,6 +20,7 @@ class Challenge

init {
this.validUntil = max(0L, validUntil)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

validation should ideally be before instantiating attributes, since if the input is wrong and it is meant to crash, no need to fill the attribute beforehand.

@@ -19,6 +20,7 @@ class Challenge

init {
this.validUntil = max(0L, validUntil)
MessageValidator.verify().isNotEmptyBase64(value, "challenge").validFutureTimes(this.validUntil)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By checking the protocol, it seems that the value argument has some guidelines that should probably be checked (the regex pattern and encoding, the 32 byte length). Also the encoding seems to be Hex and not base64, I am not sure it this changes something about it.

json protocol
// ../protocol/query/method/message/data/dataFederationChallenge.json

{
    "$schema": "http://json-schema.org/draft-07/schema#",
    "$id": "https://raw.githubusercontent.com/dedis/popstellar/master/protocol/query/method/message/data/dataFederationChallenge.json",
    "description": "Challenge object in the context of federation authentication",
    "type": "object",
    "properties": {
        "object": {
            "const": "federation"
        },
        "action": {
            "const": "challenge"
        },
        "value": {
            "type": "string",
            "contentEncoding": "hex",
            "pattern": "^[0-9a-fA-F]{64}$",
            "$comment": "A 32 bytes array encoded in hexadecimal"
        },
        "valid_until": {
            "type": "integer",
            "description": "[Timestamp] of the expiration time",
            "minimum": 0
        }
    },
    "additionalProperties": false,
    "required": [
        "object",
        "action",
        "value",
        "valid_until"
    ]
}
Also, why is this.value never assigned? I might just not have catch the thing

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooh true, good catch ! I thought it was base64. However the challenges are not always hex, I need to check that with the team. For now, I'll check that it is not empty, otherwise it would break everything. Oh and this.value is set when constructing the challenge

@@ -15,6 +16,10 @@ class ChallengeRequest
*/
(val timestamp: Long) : Data {

init {
MessageValidator.verify().validPastTimes(timestamp)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

given the protocol :

        "timestamp": {
            "type": "integer",
            "description": "[Timestamp] of the request",
            "minimum": 0
        }

timestamp should be >= 0, however validPastTime does not check this. I think that this check should be preceded by greaterOrEqualThan

init {
MessageValidator.verify()
.isNotEmptyBase64(laoId, "lao_id")
.stringNotEmpty(serverAddress, "server_address")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am wondering if it would be a good idea to create a function in MessageValidator to check for server addresses pattern. It is specified in the protocol :

"server_address": {
            "type": "string",
            "pattern": "^(ws|wss):\/\/.*(:\\d{0,5})?\/.*$",
            "$comment": "public address of the remote organizer server"
        },

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For that point, the pattern might change as (if I remember well) some addresses didn't fit in the pattern. It will be added once the protocol is updated.

Copy link

Copy link

Copy link

Copy link

@quadcopterman quadcopterman requested a review from Kaz-ookid June 28, 2024 01:06
Copy link
Contributor

@Kaz-ookid Kaz-ookid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

Maybe you should just write self-explanatory TODOs for the value validation (encoding, regex), and for the server address. The thing is, by the time these points are clearer in the protocol, nobody will still be there to remember that this was to do to finalize a clean validation of the data.

I think very clear TODOs with your name + date would be a good addition 👍

@quadcopterman
Copy link
Contributor Author

Yes it's a good idea to write that somewhere. However we might forget a TODO in the code (nobody will see it unless working on these specific lines of the project), so I think it's better if I mention that in issue #1751 so we can see what still needs validation more globally :)

Copy link
Contributor

@matteosz matteosz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@quadcopterman quadcopterman added this pull request to the merge queue Jun 28, 2024
Merged via the queue into master with commit 69b0e0a Jun 28, 2024
17 checks passed
@quadcopterman quadcopterman deleted the work-fe2-johan-message-validation branch June 28, 2024 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants