Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(fix) Update OFAC list URL and filename #362

Merged
merged 1 commit into from
Dec 5, 2024
Merged

Conversation

PavelInjective
Copy link
Contributor

@PavelInjective PavelInjective commented Dec 3, 2024

Solves issue 252.

Summary by CodeRabbit

  • New Features

    • Updated the source URL and default filename for the OFAC list, enhancing data accuracy and relevance.
    • Added new entries to the OFAC list to improve compliance and monitoring.
  • Bug Fixes

    • Ensured that error handling remains intact during file reading and network fetching processes.

Copy link
Contributor

coderabbitai bot commented Dec 3, 2024

Walkthrough

The pull request updates two constants in the pyinjective/ofac.py file: OFAC_LIST_URL and OFAC_LIST_FILENAME_DEFAULT. The URL is changed to point to a new source file, ofacAndRestricted.json, and the default filename is updated accordingly. The functionality of the OfacChecker class remains unchanged, with the constructor, method for constructing the path, and the download method continuing to operate as before, now utilizing the new constants for data retrieval and storage. Additionally, the changelog is updated to reflect these changes, and modifications are made to the pyinjective/ofac.json file, including the addition and removal of specific entries.

Changes

File Change Summary
pyinjective/ofac.py Updated OFAC_LIST_URL to the new URL pointing to ofacAndRestricted.json. Updated OFAC_LIST_FILENAME_DEFAULT to ofacAndRestricted.json.
CHANGELOG.md Added version entry for 1.8.1, noting updates to the OFAC list link and contents.
pyinjective/ofac.json Removed entry "0xffbac21a641dcfe4552920138d90f3638b3c9fba"; added three new entries.
pyproject.toml Updated version from 1.8.0 to 1.8.1.

Possibly related PRs

  • Implement OFAC list address check #346: This PR implements an OFAC list address check, which directly relates to the changes made in the main PR regarding the OFAC list URL and filename updates in pyinjective/ofac.py.
  • Feat/sync dev with v1.7.2 #357: This PR includes modifications to the OFAC_LIST_URL constant in pyinjective/ofac.py, which is relevant to the changes in the main PR that also update this constant.

Suggested reviewers

  • aarmoa

Poem

🐰 In the land of code, where rabbits roam,
A new OFAC list finds its home.
From ofac.json to a broader view,
ofacAndRestricted, we bid adieu!
With constants updated, our paths align,
Hopping along, all will be fine! 🌼


📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3c1df6b and 9395b55.

📒 Files selected for processing (4)
  • CHANGELOG.md (1 hunks)
  • pyinjective/ofac.json (1 hunks)
  • pyinjective/ofac.py (1 hunks)
  • pyproject.toml (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • pyproject.toml
🚧 Files skipped from review as they are similar to previous changes (3)
  • pyinjective/ofac.py
  • CHANGELOG.md
  • pyinjective/ofac.json

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@PavelInjective PavelInjective marked this pull request as ready for review December 3, 2024 20:02
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)
pyinjective/ofac.py (2)

Line range hint 22-24: Update error message to reflect new filename.

The error message still uses the generic term "OFAC list" while we're now dealing with both OFAC and restricted lists.

-                f"Error parsing OFAC list. Please, download it by running python3 pyinjective/ofac_list.py ({e})"
+                f"Error parsing OFAC and restricted list. Please, download it by running python3 pyinjective/ofac_list.py ({e})"

8-10: Security Impact Assessment Required

This change expands the scope of blocked addresses by combining OFAC and other restricted lists. Please ensure:

  1. The expanded list is properly validated and maintained
  2. All stakeholders are aware of the expanded blocking scope
  3. Compliance requirements are met with the new combined list

Consider adding:

  1. List version tracking
  2. Validation of list format and content during download
  3. Audit logging for list updates
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between cd67089 and bac8d08.

📒 Files selected for processing (1)
  • pyinjective/ofac.py (1 hunks)
🔇 Additional comments (1)
pyinjective/ofac.py (1)

8-8: Verify the new OFAC list endpoint and its implications.

The URL change from ofac.json to ofacAndRestricted.json suggests an expansion in the scope of blocked addresses. This could potentially affect existing integrations.

Let's verify the endpoint and its content:

✅ Verification successful

URL change to ofacAndRestricted.json is safe to proceed

The verification shows:

  • Both endpoints are accessible and maintain the same array structure
  • The new list contains 159 addresses (slight increase from 156)
  • Usage in the codebase is consistent:
    • composer.py only instantiates the checker
    • broadcaster.py uses it for address validation
  • No breaking changes in implementation as the data structure remains compatible

The expanded scope with additional restricted addresses enhances security coverage while maintaining backward compatibility.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the new OFAC list endpoint and compare with old endpoint

# Check if the new endpoint exists and is accessible
curl -s -f -I "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" || echo "New endpoint not accessible"

# Compare with old endpoint to understand scope changes
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofac.json" | jq 'length' || echo "Old endpoint not accessible"
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" | jq 'length' || echo "New endpoint not accessible"

Length of output: 1283


Script:

#!/bin/bash
# Let's check how the OfacChecker class uses this URL and if there are any dependencies

# First, let's see the full implementation of OfacChecker
ast-grep --pattern 'class OfacChecker {
  $$$
}'

# Check for any other files that might be importing or using OfacChecker
rg "from.*ofac.*import.*OfacChecker|import.*ofac.*OfacChecker" -l

# Check if there are any tests that might need updating
fd "test.*ofac.*\.py$"

Length of output: 199


Script:

#!/bin/bash
# Let's check how composer.py and broadcaster.py use OfacChecker

# Check the usage in composer.py
rg -A 5 "OfacChecker" pyinjective/composer.py

# Check the usage in broadcaster.py
rg -A 5 "OfacChecker" pyinjective/core/broadcaster.py

# Let's also verify if the new JSON structure is compatible
# by checking a sample from both endpoints
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofac.json" | jq 'type'
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" | jq 'type'

Length of output: 1404

)
OFAC_LIST_FILENAME_DEFAULT = "ofac.json"
OFAC_LIST_FILENAME_DEFAULT = "ofacAndRestricted.json"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider handling migration from old to new filename.

The filename change might affect existing installations that have cached the old ofac.json file. Consider:

  1. Adding migration logic to handle existing installations
  2. Adding a warning log when old file exists

Here's a suggested implementation:

 OFAC_LIST_FILENAME_DEFAULT = "ofacAndRestricted.json"
 OFAC_LIST_FILENAME = OFAC_LIST_FILENAME_DEFAULT
+OLD_OFAC_LIST_FILENAME = "ofac.json"  # For migration

 class OfacChecker:
     def __init__(self):
         self._ofac_list_path = self.get_ofac_list_path()
+        old_path = os.path.join(os.path.dirname(__file__), OLD_OFAC_LIST_FILENAME)
+        if os.path.exists(old_path):
+            import warnings
+            warnings.warn(f"Found old OFAC list file {OLD_OFAC_LIST_FILENAME}. Please remove it as it's no longer used.")
         try:
             with open(self._ofac_list_path, "r") as f:

Committable suggestion skipped: line range outside the PR's diff.

@PavelInjective PavelInjective force-pushed the fix/ofac-filename branch 3 times, most recently from 3ea588e to aee17b4 Compare December 3, 2024 20:56
@PavelInjective PavelInjective requested a review from aarmoa December 3, 2024 20:59
@PavelInjective PavelInjective changed the base branch from dev to master December 4, 2024 10:13
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
CHANGELOG.md (1)

6-8: Enhance the changelog entry with more details.

The current changelog entry could be more informative. Consider expanding it to include:

  • The specific URL changes (from/to)
  • The nature of content updates
  • Any potential impact on existing functionality
  • Migration steps if needed

This additional context would help users better understand the scope and impact of these security-related changes.

Example enhancement:

 ## [1.8.1] - 2024-12-04
 ### Changed
-Updated OFAC list link and contents
+- Updated OFAC list URL from `ofac.json` to `ofacAndRestricted.json`
+- Updated OFAC list contents to include latest restricted addresses
+- No changes to existing functionality - automatic migration for existing users
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3ea588e and 3c1df6b.

📒 Files selected for processing (3)
  • CHANGELOG.md (1 hunks)
  • pyinjective/ofac.json (1 hunks)
  • pyinjective/ofac.py (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • pyinjective/ofac.json
🚧 Files skipped from review as they are similar to previous changes (1)
  • pyinjective/ofac.py

Copy link
Collaborator

@aarmoa aarmoa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good, but the version number in pyproject.toml has not been updated yet

@aarmoa
Copy link
Collaborator

aarmoa commented Dec 4, 2024

@PavelInjective please update the PR description to point to the Jira task

@PavelInjective PavelInjective requested a review from aarmoa December 4, 2024 12:26
Copy link
Collaborator

@aarmoa aarmoa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me

@PavelInjective PavelInjective merged commit 62da05d into master Dec 5, 2024
12 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Dec 5, 2024
This was referenced Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants