Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(gnovm): forbid importing realms in packages #3042

Open
wants to merge 42 commits into
base: master
Choose a base branch
from

Conversation

MikaelVallenet
Copy link
Contributor

@MikaelVallenet MikaelVallenet commented Oct 28, 2024

Closes #3040
80% of the work comes from @harry-hov's PR #1393 (let's repay to Caesar what belongs to Caesar) 🚀

Notable additions:

  • handle different domains (e.g github.com/p/demo/...)
  • skip non .gno files (LICENSE, README, ...) or empty files
Contributors' checklist...
  • Added new tests, or not needed, or not feasible
  • Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory
  • Updated the official documentation or not needed
  • No breaking changes were made, or a BREAKING CHANGE: xxx message was included in the description
  • Added references to related issues and PRs
  • Provided any useful hints for running manual tests

@github-actions github-actions bot added the 📦 🤖 gnovm Issues or PRs gnovm related label Oct 28, 2024
Copy link

codecov bot commented Oct 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.32%. Comparing base (af05780) to head (9ff76f7).

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3042      +/-   ##
==========================================
- Coverage   63.32%   63.32%   -0.01%     
==========================================
  Files         548      548              
  Lines       78511    78528      +17     
==========================================
+ Hits        49719    49729      +10     
- Misses      25438    25447       +9     
+ Partials     3354     3352       -2     
Flag Coverage Δ
contribs/gnodev 60.57% <ø> (ø)
contribs/gnofaucet 14.82% <ø> (ø)
gno.land 67.18% <ø> (ø)
gnovm 67.90% <100.00%> (+0.01%) ⬆️
misc/genstd 79.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions github-actions bot added the 📦 ⛰️ gno.land Issues or PRs gno.land package related label Oct 29, 2024
@github-actions github-actions bot added the 🧾 package/realm Tag used for new Realms or Packages. label Oct 29, 2024
@Kouteki Kouteki added the review/triage-pending PRs opened by external contributors that are waiting for the 1st review label Oct 29, 2024
Copy link
Member

@omarsy omarsy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be a good idea to include additional tests, such as checking what happens when we publish a package or testing case. WDYT?

Copy link
Contributor

@n0izn0iz n0izn0iz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic LGTM, optimization comments since it's part of consensus

gnovm/memfile.go Outdated Show resolved Hide resolved
gnovm/memfile.go Outdated Show resolved Hide resolved
continue // can be other files like LICENSE, README or empty gno files
}
for _, imp := range astFile.Imports {
// ensure the pkg is a realm by checking if the path contains /r/ and no other / character before it (i.e protect from gno.land/p/demo/r/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we should add a test for the case gno.land/p/demo/r/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gnovm/memfile.go Outdated Show resolved Hide resolved
gnovm/memfile.go Outdated Show resolved Hide resolved
Comment on lines 96 to 102
## 16. MsgRun -> run.main -> bar.A: PANIC
! gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barA.gno
stderr 'invalid non-origin call'

## 17. MsgRun -> run.main -> bar.B: PASS
gnokey maketx run -gas-fee 100000ugnot -gas-wanted 4000000 -broadcast -chainid tendermint_test test1 $WORK/run/barB.gno
stdout 'OK!'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did these get removed?

Msgrun should be able to import packages.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remove it because it tested the flow: msgRun -> run.main -> package -> realm
But indeed, i should have keep the flow with just removing the link to the realm
fix here: 21f15fe

@jefft0
Copy link
Contributor

jefft0 commented Oct 31, 2024

Hello @MikaelVallenet . Please merge master. This should fix the CI check errors for "unknown revision v0.1.1".

Copy link
Contributor

@n0izn0iz n0izn0iz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably add tests cases with

  • non-gno file
  • invalid gno file that will trigger a parser error

Also I feel this PR should not remove the MsgCall tests since it does not change this behavior. Think we may add them back with a package that does not import a realm. But it's not very important

Comment on lines 15 to 18
# | 11 | | through /p/demo/bar | bar.A() | user address |
# | 12 | | | bar.B() | user address |
# | 9 | MsgCall | wallet direct | std.PrevRealm() | user address |
# | 10 | MsgRun | wallet direct | std.PrevRealm() | user address |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

order and index do not match the actual tests below

@MikaelVallenet
Copy link
Contributor Author

we should probably add tests cases with

  • non-gno file
  • invalid gno file that will trigger a parser error

Also I feel this PR should not remove the MsgCall tests since it does not change this behavior. Think we may add them back with a package that does not import a realm. But it's not very important

we should probably add tests cases with

  • non-gno file
  • invalid gno file that will trigger a parser error

Also I feel this PR should not remove the MsgCall tests since it does not change this behavior. Think we may add them back with a package that does not import a realm. But it's not very important

i added test 6081a7b
In case of the MsgCall i deleted, they were comments so i thought it does need to stay here
I could adapt them to do like pkg -> realm, but i'm not sure it would be a useful thing

@n0izn0iz
Copy link
Contributor

n0izn0iz commented Oct 31, 2024

what I meant is that the MsgCall tests that call into a package should probably be removed by the actual PR that will prevent MsgCall into /p/

we could keep them like the MsgRun tests but with a /p/ that does not imports a /r/

I'm not sure this is very important so if it's a pain nevermind

the test summary tables and actual tests seems still off, for example, test 8 in assertorigincall.txtar is a MsgRun type but it's not marked as such in the summary

@MikaelVallenet
Copy link
Contributor Author

what I meant is that the MsgCall tests that call into a package should probably be removed by the actual PR that will prevent MsgCall into /p/

we could keep them like the MsgRun tests but with a /p/ that does not imports a /r/

I'm not sure this is very important so if it's a pain nevermind

the test summary tables and actual tests seems still off, for example, test 8 in assertorigincall.txtar is a MsgRun type but it's not marked as such in the summary @n0izn0iz

I think i get your point -> 9ff76f7 wdyt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
📦 ⛰️ gno.land Issues or PRs gno.land package related 📦 🤖 gnovm Issues or PRs gnovm related 🧾 package/realm Tag used for new Realms or Packages. review/triage-pending PRs opened by external contributors that are waiting for the 1st review
Projects
Status: In Progress
Status: In Review
Development

Successfully merging this pull request may close these issues.

forbid importing realms from pure packages (r/ from p/)
6 participants