(fix) Update OFAC list URL and filename

[PavelInjective]

Solves issue 252.

Summary by CodeRabbit

• New Features

  • Updated the source URL and default filename for the OFAC list, enhancing data accuracy and relevance.
  • Added new entries to the OFAC list to improve compliance and monitoring.

• Bug Fixes

  • Ensured that error handling remains intact during file reading and network fetching processes.

[coderabbitai]

Walkthrough

The pull request updates two constants in the pyinjective/ofac.py file: OFAC_LIST_URL and OFAC_LIST_FILENAME_DEFAULT. The URL is changed to point to a new source file, ofacAndRestricted.json, and the default filename is updated accordingly. The functionality of the OfacChecker class remains unchanged, with the constructor, method for constructing the path, and the download method continuing to operate as before, now utilizing the new constants for data retrieval and storage. Additionally, the changelog is updated to reflect these changes, and modifications are made to the pyinjective/ofac.json file, including the addition and removal of specific entries.

Changes

File	Change Summary
pyinjective/ofac.py	Updated OFAC_LIST_URL to the new URL pointing to ofacAndRestricted.json. Updated OFAC_LIST_FILENAME_DEFAULT to ofacAndRestricted.json.
CHANGELOG.md	Added version entry for 1.8.1, noting updates to the OFAC list link and contents.
pyinjective/ofac.json	Removed entry "0xffbac21a641dcfe4552920138d90f3638b3c9fba"; added three new entries.
pyproject.toml	Updated version from 1.8.0 to 1.8.1.

Possibly related PRs

• Implement OFAC list address check #346: This PR implements an OFAC list address check, which directly relates to the changes made in the main PR regarding the OFAC list URL and filename updates in pyinjective/ofac.py.
• Feat/sync dev with v1.7.2 #357: This PR includes modifications to the OFAC_LIST_URL constant in pyinjective/ofac.py, which is relevant to the changes in the main PR that also update this constant.

Suggested reviewers

• aarmoa

Poem

🐰 In the land of code, where rabbits roam,
A new OFAC list finds its home.
From ofac.json to a broader view,
ofacAndRestricted, we bid adieu!
With constants updated, our paths align,
Hopping along, all will be fine! 🌼

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3c1df6b and 9395b55.

📒 Files selected for processing (4)

• CHANGELOG.md (1 hunks)
• pyinjective/ofac.json (1 hunks)
• pyinjective/ofac.py (1 hunks)
• pyproject.toml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• pyproject.toml

🚧 Files skipped from review as they are similar to previous changes (3)

• pyinjective/ofac.py
• CHANGELOG.md
• pyinjective/ofac.json

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

pyinjective/ofac.py (2)

Line range hint 22-24: Update error message to reflect new filename.

The error message still uses the generic term "OFAC list" while we're now dealing with both OFAC and restricted lists.

-                f"Error parsing OFAC list. Please, download it by running python3 pyinjective/ofac_list.py ({e})"
+                f"Error parsing OFAC and restricted list. Please, download it by running python3 pyinjective/ofac_list.py ({e})"

---

8-10: Security Impact Assessment Required

This change expands the scope of blocked addresses by combining OFAC and other restricted lists. Please ensure:

1. The expanded list is properly validated and maintained
2. All stakeholders are aware of the expanded blocking scope
3. Compliance requirements are met with the new combined list

Consider adding:

1. List version tracking
2. Validation of list format and content during download
3. Audit logging for list updates

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between cd67089 and bac8d08.

📒 Files selected for processing (1)

• pyinjective/ofac.py (1 hunks)

🔇 Additional comments (1)

pyinjective/ofac.py (1)

8-8: Verify the new OFAC list endpoint and its implications.

The URL change from ofac.json to ofacAndRestricted.json suggests an expansion in the scope of blocked addresses. This could potentially affect existing integrations.

Let's verify the endpoint and its content:

✅ Verification successful

URL change to ofacAndRestricted.json is safe to proceed

The verification shows:

• Both endpoints are accessible and maintain the same array structure
• The new list contains 159 addresses (slight increase from 156)
• Usage in the codebase is consistent:
  • composer.py only instantiates the checker
  • broadcaster.py uses it for address validation
• No breaking changes in implementation as the data structure remains compatible

The expanded scope with additional restricted addresses enhances security coverage while maintaining backward compatibility.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the new OFAC list endpoint and compare with old endpoint

# Check if the new endpoint exists and is accessible
curl -s -f -I "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" || echo "New endpoint not accessible"

# Compare with old endpoint to understand scope changes
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofac.json" | jq 'length' || echo "Old endpoint not accessible"
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" | jq 'length' || echo "New endpoint not accessible"

Length of output: 1283

---

Script:

#!/bin/bash
# Let's check how the OfacChecker class uses this URL and if there are any dependencies

# First, let's see the full implementation of OfacChecker
ast-grep --pattern 'class OfacChecker {
  $$$
}'

# Check for any other files that might be importing or using OfacChecker
rg "from.*ofac.*import.*OfacChecker|import.*ofac.*OfacChecker" -l

# Check if there are any tests that might need updating
fd "test.*ofac.*\.py$"

Length of output: 199

---

Script:

#!/bin/bash
# Let's check how composer.py and broadcaster.py use OfacChecker

# Check the usage in composer.py
rg -A 5 "OfacChecker" pyinjective/composer.py

# Check the usage in broadcaster.py
rg -A 5 "OfacChecker" pyinjective/core/broadcaster.py

# Let's also verify if the new JSON structure is compatible
# by checking a sample from both endpoints
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofac.json" | jq 'type'
curl -s "https://raw.githubusercontent.com/InjectiveLabs/injective-lists/refs/heads/master/json/wallets/ofacAndRestricted.json" | jq 'type'

Length of output: 1404

[coderabbitai]

🛠️ Refactor suggestion

Consider handling migration from old to new filename.

The filename change might affect existing installations that have cached the old ofac.json file. Consider:

1. Adding migration logic to handle existing installations
2. Adding a warning log when old file exists

Here's a suggested implementation:

 OFAC_LIST_FILENAME_DEFAULT = "ofacAndRestricted.json"
 OFAC_LIST_FILENAME = OFAC_LIST_FILENAME_DEFAULT
+OLD_OFAC_LIST_FILENAME = "ofac.json"  # For migration

 class OfacChecker:
     def __init__(self):
         self._ofac_list_path = self.get_ofac_list_path()
+        old_path = os.path.join(os.path.dirname(__file__), OLD_OFAC_LIST_FILENAME)
+        if os.path.exists(old_path):
+            import warnings
+            warnings.warn(f"Found old OFAC list file {OLD_OFAC_LIST_FILENAME}. Please remove it as it's no longer used.")
         try:
             with open(self._ofac_list_path, "r") as f:

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

CHANGELOG.md (1)

6-8: Enhance the changelog entry with more details.

The current changelog entry could be more informative. Consider expanding it to include:

• The specific URL changes (from/to)
• The nature of content updates
• Any potential impact on existing functionality
• Migration steps if needed

This additional context would help users better understand the scope and impact of these security-related changes.

Example enhancement:

 ## [1.8.1] - 2024-12-04
 ### Changed
-Updated OFAC list link and contents
+- Updated OFAC list URL from `ofac.json` to `ofacAndRestricted.json`
+- Updated OFAC list contents to include latest restricted addresses
+- No changes to existing functionality - automatic migration for existing users

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3ea588e and 3c1df6b.

📒 Files selected for processing (3)

• CHANGELOG.md (1 hunks)
• pyinjective/ofac.json (1 hunks)
• pyinjective/ofac.py (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• pyinjective/ofac.json

🚧 Files skipped from review as they are similar to previous changes (1)

• pyinjective/ofac.py

[aarmoa]

Changes look good, but the version number in pyproject.toml has not been updated yet

[aarmoa]

@PavelInjective please update the PR description to point to the Jira task

[aarmoa]

Changes look good to me