Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Brave-P3A-Version header support, ignore requests with older client revision #92

Merged
merged 1 commit into from
Dec 8, 2023
Merged

Add Brave-P3A-Version header support, ignore requests with older client revision #92

merged 1 commit into from
Dec 8, 2023

Conversation

DJAndries
Copy link
Collaborator

No description provided.

@DJAndries DJAndries requested a review from a team as a code owner November 27, 2023 07:09
github-actions[bot]
github-actions bot reviewed Nov 27, 2023
View reviewed changes
src/server.rs
channel,
value
.parse::<usize>()
.expect("minimum channel revision should be non-negative integer"),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] expect or unwrap called in function returning a Result

Source: https://semgrep.dev/r/trailofbits.rs.panic-in-function-returning-result.panic-in-function-returning-result


Cc @thypon @bcaller

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This use is ok. Input is controlled by an environment variable in the launch environment and so under the control of the deployer; outside input cannot trigger a panic here. The check is in startup code, so failing quickly on mis-configuration is appropriate.

rillian
rillian approved these changes Nov 27, 2023
View reviewed changes
src/server.rs
channel,
value
.parse::<usize>()
.expect("minimum channel revision should be non-negative integer"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This use is ok. Input is controlled by an environment variable in the launch environment and so under the control of the deployer; outside input cannot trigger a panic here. The check is in startup code, so failing quickly on mis-configuration is appropriate.

README.md Outdated Show resolved Hide resolved
src/server.rs
v.to_str()
.unwrap_or_default()
.parse::<usize>()
.unwrap_or_default()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to confirm, this means requests without the revision header will be treated as if they sent Brave-Constellation-Rev: 0 so we're not necessarily excluding all currently-deployed clients?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct

@DJAndries DJAndries changed the title Add Brave-Constellation-Rev header support, ignore requests with older client revision Add Brave-P3A-Revision header support, ignore requests with older client revision Nov 29, 2023
rillian
rillian reviewed Dec 1, 2023
View reviewed changes
src/server.rs Show resolved Hide resolved
@DJAndries DJAndries changed the title Add Brave-P3A-Revision header support, ignore requests with older client revision Add Brave-P3A-Version header support, ignore requests with older client revision Dec 8, 2023
@DJAndries DJAndries merged commit 1088a37 into master Dec 8, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@rillian rillian rillian approved these changes

Assignees

@thypon thypon

@bcaller bcaller

Labels
needs-security-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DJAndries @rillian @thypon @bcaller