Skip to content

fix: Risk of key collision for monitor custom scripts #258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 29, 2025
Merged

fix: Risk of key collision for monitor custom scripts #258

merged 10 commits into from
May 29, 2025
+428 −13

Conversation

NicoMolinaOZ
Copy link
Contributor

@NicoMolinaOZ NicoMolinaOZ commented May 27, 2025
edited
Loading

Summary

https://linear.app/openzeppelin-development/issue/PLAT-6648/risk-of-key-collision-and-script-data-overwrite-in

  • Extending monitor, network and triggers validation to avoid having duplicate names.

Related issue:
#236

Testing Process

Checklist

  • Add a reference to related issues in the PR description.
  • Add unit tests if applicable.
  • Add integration tests if applicable.
  • Add property-based tests if applicable.
  • Update documentation if applicable.

Sorry, something went wrong.

@codecov Codecov
Copy link

codecov bot commented May 27, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 99.72222% with 1 line in your changes missing coverage. Please review.

Project coverage is 96.0%. Comparing base (56a9f9e) to head (99edd92).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/models/config/network_config.rs 99.3% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##            main    #258     +/-   ##
=======================================
+ Coverage   95.9%   96.0%   +0.1%     
=======================================
  Files         66      66             
  Lines      19645   20002    +357     
=======================================
+ Hits       18849   19213    +364     
+ Misses       796     789      -7
Flag Coverage Δ
integration 59.1% <32.6%> (-0.4%) ⬇️
properties 20.9% <0.0%> (-0.3%) ⬇️
unittests 85.3% <96.9%> (+0.3%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

shahnami
shahnami reviewed May 27, 2025
View reviewed changes
NicoMolinaOZ
NicoMolinaOZ commented May 27, 2025
View reviewed changes
shahnami
shahnami reviewed May 28, 2025
View reviewed changes
shahnami
shahnami reviewed May 28, 2025
View reviewed changes
Copy link
Member

@shahnami shahnami left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should move the name uniqueness validation to the more appropriate validate function, instead of inside load_all.

Additionally, we should add a test that ensures the collision is no longer possible (as described in #236)

shahnami
shahnami reviewed May 28, 2025
View reviewed changes
tirumerla
tirumerla approved these changes May 29, 2025
View reviewed changes
Copy link
Collaborator

@tirumerla tirumerla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks...added couple of minor comments

src/models/config/monitor_config.rs
Comment on lines +671 to +681
fs::write(temp_dir.path().join("monitor1.json"), valid_config_1).unwrap();
fs::write(temp_dir.path().join("monitor2.json"), valid_config_2).unwrap();

let result: Result<HashMap<String, Monitor>, _> =
Monitor::load_all(Some(temp_dir.path())).await;

assert!(result.is_err());
if let Err(ConfigError::ValidationError(err)) = result {
assert!(err.message.contains("Duplicate monitor name found"));
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it's necessary to do fs calls for testing JSON parsing and validation instead of checking in memory skipping disk i/o calls..seems much faster no? Also not a fan of flakiness with temp dir paths

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's not the best, but since we are testing the loading of JSON files from disk (that's the real scenario when the monitor starts), we should probably find another way. Thanks for the comment Sai.

@NicoMolinaOZ NicoMolinaOZ merged commit 2aa4cd7 into main May 29, 2025
21 checks passed
@NicoMolinaOZ NicoMolinaOZ deleted the plat-6648-risk-of-key-collision-and-script-data-overwrite-in branch May 29, 2025 11:53
@github-actions github-actions bot locked and limited conversation to collaborators May 29, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shahnami shahnami

@tirumerla tirumerla

@collins-w collins-w

@d-carmo d-carmo

@zeljkoX zeljkoX

Assignees
No one assigned
Labels
cla: allowlist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@NicoMolinaOZ @shahnami @tirumerla