-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Audit Textual any
, coins
, message
#15550
Conversation
any
, coins
any
, coins
, message
if isMsgRenderer && subscreens[0].Content == fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()) { | ||
if isMsgRenderer { | ||
if subscreens[0].Content != fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()) { | ||
return nil, fmt.Errorf("any internal message expects %s, got %s", fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()), subscreens[0].Content) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the first condition isMsgRenderer
is true, then the second condition also must be true, or else it's an implementation error upstream (e.g. in the protobuf values passed into Textual), and the user should be aware of it.
I propose to return an error here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This puts some constraints on the future evolution of messageValueRenderer
. E.g. suppose we decide to allow localization and render "%s objeto"
when the account's locale is "PT". With the previous code we just skip the header suppression, but now it becomes an error.
Of course, the current code is sensitive to the future evolution of messageValueRenderer
as well. We should at least add a cross-reference to this header recognition code from messageValueRenderer.header()
so that we can update this code if we ever modify the header.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know if I fully understand your point @JimLarson it seems like if we don't return an error here, it should fail at signature verification right?
I think returning an error is fine, as long as we check against msgRenderer.header()
(and stop using fmt.Sprintf; I have that in a separate PR).
To evolve the message renderer we could modify the header()
to do stuff based on the message, or something like that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JimLarson I'll merge this, we can re-discuss this in my follow up pr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Following up on this - since we're always adding the expected header back in Parse()
, it wouldn't round-trip correctly if MessageValueRenderer
didn't add the expected header, so it's probably the best to do as this code does - throw an error if you don't see the expected header. I withdraw my suggestion.
Co-authored-by: 0000 1000 1101 0010 <96826920+08d2@users.noreply.github.com>
Co-authored-by: 0000 1000 1101 0010 <96826920+08d2@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good with some minor changes.
if isMsgRenderer && subscreens[0].Content == fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()) { | ||
if isMsgRenderer { | ||
if subscreens[0].Content != fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()) { | ||
return nil, fmt.Errorf("any internal message expects %s, got %s", fmt.Sprintf("%s object", internalMsg.ProtoReflect().Descriptor().Name()), subscreens[0].Content) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This puts some constraints on the future evolution of messageValueRenderer
. E.g. suppose we decide to allow localization and render "%s objeto"
when the account's locale is "PT". With the previous code we just skip the header suppression, but now it becomes an error.
Of course, the current code is sensitive to the future evolution of messageValueRenderer
as well. We should at least add a cross-reference to this header recognition code from messageValueRenderer.header()
so that we can update this code if we ever modify the header.
…5549-textual-audit
…smos-sdk into am/15549-textual-audit
Description
ref: #15549
Internal audit of the following pieces:
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change