Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow overwrite_key and force_update in Config File #218

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

anipaul2
Copy link
Contributor

@anipaul2 anipaul2 commented May 11, 2023

fixes #217

@anipaul2
Copy link
Contributor Author

Screenshot 2023-05-12 at 1 36 42 AM

I have added the complete line and pushed it but only half gets pushed. What maybe the possible error?

@mariocynicys
Copy link
Collaborator

save the file maybe 🤔

@anipaul2
Copy link
Contributor Author

save the file maybe 🤔

Done. Actually, I thought it does it automatically but saw now I have not enabled the feature. Showing now.

.gitignore Outdated
.idea
.DS_Store
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't add this change to the PR, these are entirely unrelated.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I raise a pr, it gets attached automatically and pr gets two commits. So, rebased it and squashed it. What Should I do to make the commit ignore in this pr?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Delete it, amend and rebase so it is a single commit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Delete it, amend and rebase so it is a single commit

okay.

@@ -203,6 +203,12 @@ impl Config {
self.tor_support |= options.tor_support;
self.debug |= options.debug;
self.deps_debug |= options.deps_debug;
if self.overwrite_key {
panic!("The 'overwrite_key' parameter cannot be set in the configuration file. Please pass it as a command-line argument if necessary.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't panic. Make the method return a Result and check it on main, if it's an error, eprintln!("{e}") and std::process::exit(1)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't panic. Make the method return a Result and check it on main, if it's an error, eprintln!("{e}") and std::process::exit(1)

if path_with_options have to updated with result, I have to add Result<(), String> in the function to make the error message work. But the problem is I have to change all the code path function to return a result.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't panic. Make the method return a Result and check it on main, if it's an error, eprintln!("{e}") and std::process::exit(1)

Screenshot 2023-05-12 at 10 50 54 AM

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should do such sanity checks in config::from_file instead of patch_with_options.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should do such sanity checks in config::from_file instead of patch_with_options.

config::from_file is in main.rs where I don't see any changes can be made regarding this issue. In config.rs, from_file function can be modified to return a Result<T, String> instead of T.

@anipaul2
Copy link
Contributor Author

anipaul2 commented May 12, 2023

I made changes only in the main.rs file because modifying the config.rs file's from_file function would have resulted in errors. The reason for this is that when we removed the generic type T and added Config directly, it caused errors related to the opt variable being linked with overwrite_key and force_update.

Since opt is specific to the command line options, it cannot be directly used in the from_file function, which is responsible for loading the configuration from a file. Therefore, I decided to handle the sanity checks in the main.rs file instead.

@anipaul2 anipaul2 requested review from sr-gi and mariocynicys May 15, 2023 07:00
Copy link
Collaborator

@mariocynicys mariocynicys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should have these checks inside config.rs.
What you could do is modify the from_filefunction like so:

pub fn from_file<T: Default + serde::de::DeserializeOwned>(path: PathBuf) -> Result<T, String> {
    match std::fs::read(path) {
        Ok(file_content) => match toml::from_slice::<T>(&file_content) {
            Err(e) => {
                Err(format!("Couldn't parse config file: {e}"))
            }
            Ok(config) => {
                // do the sanity checks here.
                if config.overwrite_key {
                    return Err(format!("Overwrite key isn't allowed in the config file."))
                }
                Ok(config)
            }
        },
        Err(_) => Ok(T::default()),
    }
}

This won't work right away, you will need to adapt some stuff in main.rs and probably cli.rs because it uses the same parsing function.

teos/src/main.rs Outdated
Comment on lines 79 to 86
if conf.overwrite_key {
eprintln!("The 'overwrite_key' parameter cannot be set in the configuration file. Please pass it as a command-line argument if necessary.");
std::process::exit(1);
}
if conf.force_update {
eprintln!("The 'force_update' parameter cannot be set in the configuration file. Please pass it as a command-line argument if necessary.");
std::process::exit(1);
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't belong here.

@anipaul2
Copy link
Contributor Author

You should have these checks inside config.rs. What you could do is modify the from_filefunction like so:

pub fn from_file<T: Default + serde::de::DeserializeOwned>(path: PathBuf) -> Result<T, String> {
    match std::fs::read(path) {
        Ok(file_content) => match toml::from_slice::<T>(&file_content) {
            Err(e) => {
                Err(format!("Couldn't parse config file: {e}"))
            }
            Ok(config) => {
                // do the sanity checks here.
                if config.overwrite_key {
                    return Err(format!("Overwrite key isn't allowed in the config file."))
                }
                Ok(config)
            }
        },
        Err(_) => Ok(T::default()),
    }
}

This won't work right away, you will need to adapt some stuff in main.rs and probably cli.rs because it uses the same parsing function.

Got it.

@anipaul2
Copy link
Contributor Author

anipaul2 commented May 19, 2023

You should have these checks inside config.rs. What you could do is modify the from_filefunction like so:

pub fn from_file<T: Default + serde::de::DeserializeOwned>(path: PathBuf) -> Result<T, String> {
    match std::fs::read(path) {
        Ok(file_content) => match toml::from_slice::<T>(&file_content) {
            Err(e) => {
                Err(format!("Couldn't parse config file: {e}"))
            }
            Ok(config) => {
                // do the sanity checks here.
                if config.overwrite_key {
                    return Err(format!("Overwrite key isn't allowed in the config file."))
                }
                Ok(config)
            }
        },
        Err(_) => Ok(T::default()),
    }
}

This won't work right away, you will need to adapt some stuff in main.rs and probably cli.rs because it uses the same parsing function.

I've tried implementing the changes you've suggested. Specifically, I updated the from_file function to include checks for overwrite_key. However, I'm encountering an issue. The from_file function is a generic function, which takes any type T that implements Default + serde::de::DeserializeOwned. This means it can't access fields specific to Config like overwrite_key directly, because these fields aren't part of the constraints we've put on T. This seems to lead to a type mismatch. I tried updating main.rs and cli.rs to adapt to these changes as well, but the issue persists. Could you kindly provide some guidance on how I could implement the desired checks while preserving the generic nature of the from_file function?

I am thinking of removing the T and make it config.

@anipaul2 anipaul2 requested a review from mariocynicys May 21, 2023 13:47
@mariocynicys
Copy link
Collaborator

I think a good solution is to serialize the config as a serde object and disallowing the fields we want disallowed. @anipaul2

@anipaul2
Copy link
Contributor Author

I think a good solution is to serialize the config as a serde object and disallowing the fields we want disallowed. @anipaul2

Yes sounds like a reasonable approach.

…d force_update fields from serialization. By using the #[serde(skip_serializing)] attribute, these fields will not be included when the Config struct is serialized.
@anipaul2
Copy link
Contributor Author

@sr-gi @mariocynicys I have first made the changes in cli.rs, main.rs, and config.rs to disallow overwrite_key and force_update but only skipping the serializing in the flags part does this. Let me know if this approach is wrong but it worked on my end.

@sr-gi
Copy link
Member

sr-gi commented May 23, 2023

I don't think what you are doing is right. This is only preventing Coinf from serializing those two items. You could prevent it from deserializing it, which will prevent us from reading that, but I don't think that'll be correct either.

Giving this a closer look, I'm starting to lean toward two different solutions:

Either reworking the Config logic to specify where the data comes from, potentially using an enum, which will help towards #204 (comment), or doing this either with a custom deserializer or in patch_with_options.

I think @anipaul2 has a point in that from_file may not be the best place to handle this, given that is used for both reading from teosd conf and teos-cli conf, and these two params have nothing to do with the latter.

@mariocynicys
Copy link
Collaborator

given that is used for both reading from teosd conf and teos-cli conf, and these two params have nothing to do with the latter.

Agreed. Even though these two parameter should just default to None when queried in the cli config. But doesn't make a lot of sense querying it in the first place.

Either reworking the Config logic to specify where the data comes from, potentially using an enum, which will help towards #204 (comment), or doing this either with a custom deserializer or in patch_with_options.

Not sure how the enum would help regarding the comment you linked. I'm thinking now of copying this function over to cli_config and not make it generic anymore. Could this help the issue you linked?

@sr-gi
Copy link
Member

sr-gi commented May 24, 2023

given that is used for both reading from teosd conf and teos-cli conf, and these two params have nothing to do with the latter.

Agreed. Even though these two parameter should just default to None when queried in the cli config. But doesn't make a lot of sense querying it in the first place.

Either reworking the Config logic to specify where the data comes from, potentially using an enum, which will help towards #204 (comment), or doing this either with a custom deserializer or in patch_with_options.

Not sure how the enum would help regarding the comment you linked. I'm thinking now of copying this function over to cli_config and not make it generic anymore. Could this help the issue you linked?

This is what I'm thinking about give or take. However, I haven't been able to make the deserialization of ConfigParam work, looks like there's an issue with the trait bounds that I'm still scratching my head about:

master...sr-gi:rust-teos:config-rework

@mariocynicys
Copy link
Collaborator

looks like there's an issue with the trait bounds that I'm still scratching my head about

@sr-gi Fixed the compilation issues in this branch. Acking the approach :).
https://github.com/mariocynicys/rust-teos/tree/config-rework-fix

@anipaul2
Copy link
Contributor Author

anipaul2 commented Jun 4, 2023

@sr-gi @mariocynicys how to approach this issue now? any ideas? I am thinking of making a change in patch_with_options and defining a new struct for overwrite_key and force_update.

@sr-gi
Copy link
Member

sr-gi commented Jun 5, 2023

I think I'd make more sense to fix this one by reworking the config as I was trying to do here: master...sr-gi:rust-teos:config-rework

I haven't had much time lately to finish it, so no worries about this for now, it's not critical, or you can pick up when I left it if you like

@anipaul2
Copy link
Contributor Author

anipaul2 commented Jun 5, 2023

I think I'd make more sense to fix this one by reworking the config as I was trying to do here: master...sr-gi:rust-teos:config-rework

I haven't had much time lately to finish it, so no worries about this for now, it's not critical, or you can pick up when I left it if you like

okay.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Disallow dangerous parameters in the config file
3 participants