Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: check links on setting and sanitise on encoding #92

Merged
merged 4 commits into from
Oct 4, 2022
Merged

feat: check links on setting and sanitise on encoding #92

merged 4 commits into from
Oct 4, 2022

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Sep 29, 2022

Attempt to keep ProtoNode always in a state that can be encoded without errors to avoid cases where the panicing methods may be forced to panic on error.

go-codec-dagpb will error when encoding either of the following cases:

  • The Hash field in links should always be set, cannot be cid.Undef
  • The Tsize field needs to fit into an int64, otherwise it'll overflow to negative which is not allowed

Error on cases where a user may attempt to set links that will eventually error on encode. Then when we do encode, silently handle these cases if they manage to slip through (e.g. if they come in from a decoded block with a bad form).

@rvagg rvagg requested a review from Jorropo September 29, 2022 12:01
@rvagg rvagg mentioned this pull request Sep 30, 2022
Merged
@rvagg
feat: check links on setting and sanitise on encoding
ecb66fe 
Attempt to keep ProtoNode always in a state that can be encoded without errors
to avoid cases where the panicing methods may be forced to panic on error.

go-codec-dagpb will error when encoding either of the following cases:

* The Hash field in links should always be set, cannot be cid.Undef
* The Tsize field needs to fit into an int64, otherwise it'll overflow to
  negative which is not allowed

Error on cases where a user may attempt to set links that will eventually
error on encode. Then when we do encode, silently handle these cases if they
manage to slip through (e.g. if they come in from a decoded block with a
bad form).
@rvagg
fix: simplify Cid generation cache & usage
76e85a4
@rvagg rvagg mentioned this pull request Sep 30, 2022
Merged
hannahhoward
hannahhoward approved these changes Oct 3, 2022
View reviewed changes
Copy link
Contributor

@hannahhoward hannahhoward left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

node.go Outdated Show resolved Hide resolved
@rvagg
Copy link
Member Author

rvagg commented Oct 4, 2022

merging along with a bump to 0.8.0

@github-actions
Copy link

github-actions bot commented Oct 4, 2022

Suggested version: v0.8.0
Comparing to: v0.7.0 (diff)

Changes in go.mod file(s):

diff --git a/go.mod b/go.mod
index d084820..197ce60 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/ipfs/go-ipld-legacy v0.1.0
 	github.com/ipld/go-codec-dagpb v1.3.1
 	github.com/ipld/go-ipld-prime v0.16.0
-	github.com/multiformats/go-multihash v0.1.0
+	github.com/multiformats/go-multihash v0.2.1
 )
 
 require (
@@ -60,7 +60,6 @@ require (
 	github.com/libp2p/go-sockaddr v0.1.1 // indirect
 	github.com/mattn/go-isatty v0.0.13 // indirect
 	github.com/miekg/dns v1.1.41 // indirect
-	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/multiformats/go-base32 v0.0.3 // indirect
@@ -80,9 +79,9 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.16.0 // indirect
-	golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf // indirect
-	golang.org/x/net v0.0.0-20210423184538-5f58ad60dda6 // indirect
-	golang.org/x/sys v0.0.0-20210426080607-c94f62235c83 // indirect
+	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
 	golang.org/x/text v0.3.6 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/grpc v1.33.2 // indirect

gorelease says:

# github.com/ipfs/go-merkledag
## incompatible changes
(*ProtoNode).SetCidBuilder: changed from func(github.com/ipfs/go-cid.Builder) to func(github.com/ipfs/go-cid.Builder) error
(*ProtoNode).SetLinks: changed from func([]*github.com/ipfs/go-ipld-format.Link) to func([]*github.com/ipfs/go-ipld-format.Link) error

# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.1 retracted by module author: Retract older versions as only latest is to be depended upon

# summary
Suggested version: v0.8.0

gocompat says:

(empty)

@rvagg rvagg merged commit 0e4726d into master Oct 4, 2022
@rvagg rvagg deleted the rvagg/link-checking branch October 4, 2022 08:02
@rvagg rvagg mentioned this pull request Oct 4, 2022
Closed
@GoVulnBot GoVulnBot mentioned this pull request Dec 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hannahhoward hannahhoward hannahhoward approved these changes

@Jorropo Jorropo Awaiting requested review from Jorropo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rvagg @hannahhoward