Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to disallow rpc api endpoints #9055

Open
mattsse opened this issue Oct 7, 2024 · 7 comments · May be fixed by #9056
Open

Add support to disallow rpc api endpoints #9055

mattsse opened this issue Oct 7, 2024 · 7 comments · May be fixed by #9056
Assignees
Labels
C-anvil Command: anvil first issue A good way to start contributing T-feature Type: feature

Comments

@mattsse
Copy link
Member

mattsse commented Oct 7, 2024

Component

Anvil

Describe the feature you would like

anvil's api is quite massive and some endpoints are considered "god mode"

there are usecases where these should be restricted.

this should be done on the rpc server level because this is how the server is exposed and the easiest solution here is:

  1. introduce a blacklist (HashSet of string) of certain endpoints in the config:
    pub struct ServerConfig {
  2. if at least 1 blacklisted method, install another layer, similar to
    if no_request_size_limit {
    router = router.layer(DefaultBodyLimit::disable());
    }

this layer should deserialize the request and reject disallowed methods, this is likely slightly inefficient but this deserialization overhead should be fine because we only need to check for method.

Additional context

No response

@mattsse mattsse added first issue A good way to start contributing T-feature Type: feature C-anvil Command: anvil labels Oct 7, 2024
@github-project-automation github-project-automation bot moved this to Todo in Foundry Oct 7, 2024
@teodorstupnicki
Copy link

Hi, I would like to give this one a try

@grandizzy
Copy link
Collaborator

related #8731

@teodorstupnicki
Copy link

teodorstupnicki commented Oct 13, 2024

@mattsse I have 2 questions:

  1. What do you think about this usage and command line format:
anvil --blacklist eth_sendTransaction,eth_sendRawTransaction

or is this one better:

anvil --blacklist eth_sendTransaction --blacklist eth_sendRawTransaction
  1. What should be the expected response for a blacklisted method call - just a regular "Method not found"?

@mattsse
Copy link
Member Author

mattsse commented Oct 14, 2024

yeah method not found or method not whitelisted

@mattsse
Copy link
Member Author

mattsse commented Oct 14, 2024

I'd also like to support some presets, like unsafe or something that by makes cli usage easier

@teodorstupnicki
Copy link

I'd also like to support some presets, like unsafe or something that by makes cli usage easier

@mattsse Could you elaborate on that? Maybe provide an example

@grandizzy grandizzy changed the title Add support for blacklisted rpc endpoints Add support to disallow rpc api endpoints Nov 7, 2024
@grandizzy
Copy link
Collaborator

just to simplify tracking, going to dupe it in favor of #8731 which is the same request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C-anvil Command: anvil first issue A good way to start contributing T-feature Type: feature
Projects
Status: Todo
Development

Successfully merging a pull request may close this issue.

3 participants