Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.0: ignore tonic audit report #3051

Merged
merged 2 commits into from
Oct 2, 2024
Merged

v2.0: ignore tonic audit report #3051

merged 2 commits into from
Oct 2, 2024

Conversation

yihau
Copy link
Member

@yihau yihau commented Oct 2, 2024
edited
Loading

Problem

related to #3050

If I’m not missing anything, we don’t use the fn, so it should be okay to ignore it in the channel branch

Summary of Changes

ignore it

@yihau yihau requested a review from a team as a code owner October 2, 2024 04:52
@yihau
Copy link
Member Author

yihau commented Oct 2, 2024

block on #3048

@yihau yihau requested a review from willhickey October 2, 2024 04:56
@yihau yihau changed the title fix audit v2.0: ignore tonic audit report Oct 2, 2024
@willhickey
Copy link

Agreed. We don't have any risk on this one

willhickey
willhickey previously approved these changes Oct 2, 2024
View reviewed changes
bw-solana
bw-solana reviewed Oct 2, 2024
View reviewed changes
ci/do-audit.sh
@@ -33,6 +33,9 @@ cargo_audit_ignores=(

# curve25519-dalek
--ignore RUSTSEC-2024-0344

# tonic
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be nice to add more to the comment. Something like:
"When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream.

Ignoring because we do not use this functionality."

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more specifically, we don't use the server side of tonic at all

@willhickey willhickey mentioned this pull request Oct 2, 2024
Merged
@yihau
Copy link
Member Author

yihau commented Oct 2, 2024
edited
Loading

sorry guys, I did a force push because I wanted to ensure everything goes green 🫠

updated: TIL it won't dismiss your approves :trollface:

@yihau
Copy link
Member Author

yihau commented Oct 2, 2024

all green!

@yihau yihau merged commit 4cc7b90 into anza-xyz:v2.0 Oct 2, 2024
17 checks passed
@yihau yihau deleted the v2.0-audit branch October 2, 2024 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-nelson t-nelson t-nelson left review comments

@bw-solana bw-solana bw-solana approved these changes

@willhickey willhickey willhickey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yihau @willhickey @t-nelson @bw-solana