Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security best practices with journaling #2356

Merged
merged 25 commits into from
Apr 24, 2024
Merged

Update security best practices with journaling #2356

merged 25 commits into from
Apr 24, 2024

Conversation

andrew-lee-work
Copy link
Contributor

  • Update how handle risks of outcalls to possibly untrusted canisters.
  • Update how to handle traps.
  • Add journaling section

Thank you for your contribution to the IC Developer Portal.
Before submitting your Pull Request, please make sure that:

@andrew-lee-work
Update security best practices with journaling
d8cc528 
- Update how handle risks of outcalls to possibly untrusted canisters.
- Update how to handle traps.
- Add journaling section
@andrew-lee-work andrew-lee-work requested a review from a team as a code owner January 18, 2024 00:30
@andrew-lee-work
Add journaling impl to rust-canister-development-security-best-practi…
f511dbb 
…ces.md

Reference the GoldDAO/gldt-swap implementation as an example of journaling.
oggy-dfin
oggy-dfin reviewed Jan 30, 2024
View reviewed changes
Copy link
Member

@oggy-dfin oggy-dfin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the approach in theory but I'm not sure if it can be easily put into practice with the main IC canisters as they stand right now - see comments below.

docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
robin-kunzler
robin-kunzler reviewed Jan 31, 2024
View reviewed changes
Copy link
Contributor

@robin-kunzler robin-kunzler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @andrew-lee-work ! LGTM, left a few comments / questions, see below. I think we need to decide what to do given @oggy-dfin 's concerns.

docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
docs/developer-docs/security/rust-canister-development-security-best-practices.md Outdated Show resolved Hide resolved
andrew-lee-work and others added 2 commits February 12, 2024 21:21
@andrew-lee-work @robin-kunzler
Update docs/developer-docs/security/rust-canister-development-securit…
7bf8b31 
…y-best-practices.md


Accept Robin's suggestion to fix a typo in the text he wrote.

Co-authored-by: Robin Künzler <[email protected]>
@andrew-lee-work @robin-kunzler
Lower the level of Journaling Section in rust-canister-development-se…
9467697 
…curity-best-practices.md


Lower the section level of Journaling.

Co-authored-by: Robin Künzler <[email protected]>
andrew-lee-work and others added 6 commits February 20, 2024 11:15
@andrew-lee-work
Update link to be more permanent
d37080d 
Old link was to a branch that had the underlying commit changed. The new tag link is fixed to a commit as long as normal version tag conventions are followed by the project.
@andrew-lee-work
Security best practices / Journaling: Invoke guaranteed message order…
e53f6b6 
…ing in recovery

Apply guaranteed message ordering to simplify example recovery process.
@andrew-lee-work
Security-best-practices/journaling: Emphasize manual recovery for led…
0b8139e 
…gers

Emphasize manual recovery. This is because ICP ledger and ICRC ledgers make it difficult to determine whether a particular transaction has succeeded in an automated way.
@andrew-lee-work
security-best-practices/journaling: Minor edit
e0af220
@andrew-lee-work
Security-best-practices / Journaling: Another note on manually recovery
e4910c9 
Add another note on encouraging manual recovery when finding out the result of a call is difficult to automate.
@andrew-lee-work @robin-kunzler
Security-best-practices / Journaling: Add an internal link
4568b84 
Co-authored-by: Robin Künzler <[email protected]>
@andrew-lee-work andrew-lee-work mentioned this pull request Apr 2, 2024
Closed
@andrew-lee-work
Copy link
Contributor Author

Follow-up issue: #2727

@andrew-lee-work
Security-best-practices/Journaling: Detail retries
3d04fea 
Add details on idempotent retries for task flows.
@andrew-lee-work
Security-best-practices/Journaling: Improve journaling example
f351e74 
Give more context for journal example structures and flows and clarify the examples.
@roelstorms
Copy link
Contributor

I believe all references to IC documentation need to be made relatively. So all https://internetcomputer.org/docs/current/... need to be replaced. If had someone change my PR to fix this but maybe we can try to do that ourselves?

andrew-lee-work and others added 7 commits April 4, 2024 11:48
@andrew-lee-work @roelstorms
Security-best-practices/callback-cleanup: Fix missing text
a7f3320 
Fix missing text in callback cleanup section.

Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work @oggy-dfin
Security-best-practices/Journaling: Add clarification on trap handling
ceae487 
Add clarification that results may be lost if a trap occurs AND there is no self-call to commit it.

Co-authored-by: oggy-dfin <[email protected]>
@andrew-lee-work
Security-best-practices/Journaling: Fix numbering abstract flow example
6f60ed9
@andrew-lee-work @roelstorms
Security-best-practices/Journaling: Improve wording
f8dbdc5 
Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work @roelstorms
Security-best-practices/Journaling: Improve wording
7d23528 
Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work @roelstorms
Security-best-practices/Journaling: Improve wording
4ac7190 
Suggestion from @roelstorms.

Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work @robin-kunzler
Security-best-practices/Journaling: Improve wording
1f67a3b 
Suggestion from @oggy-dfin.

Co-authored-by: Robin Künzler <[email protected]>
This was referenced Apr 24, 2024
Open
Closed
andrew-lee-work and others added 5 commits April 24, 2024 14:38
@andrew-lee-work @roelstorms
Security-best-practices/Journaling: Improve wording
0b812dd 
Suggestion from @roelstorms.

Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work @roelstorms
Security-best-practices/Journaling: Improve wording
0e99e92 
Suggestion from @roelstorms.

Co-authored-by: Roel Storms <[email protected]>
@andrew-lee-work
Security-best-practices/Journaling: Add tx uniqueness requirement
543a6db 
Add uniqueness requirement for transaction hash.
@andrew-lee-work
Security-best-practices/Journaling: Add detail to GoldDAO example
2a8e016
@andrew-lee-work
Security-best-practices/Journaling: Remove example section
9dc6f9b 
Remove section `Example journaling structures and flows`. Readers should refer to GoldDAO example instead.
@andrew-lee-work andrew-lee-work mentioned this pull request Apr 24, 2024
Closed
@andrew-lee-work andrew-lee-work merged commit ac1d201 into master Apr 24, 2024
3 of 4 checks passed
@andrew-lee-work andrew-lee-work deleted the andrew-lee-work/security-best-practices-journaling branch April 24, 2024 23:30
@github-actions GitHub Actions
Copy link

🤖 Preview build failed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roelstorms roelstorms roelstorms left review comments

@domwoe domwoe domwoe left review comments

@oggy-dfin oggy-dfin oggy-dfin left review comments

@robin-kunzler robin-kunzler robin-kunzler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andrew-lee-work @roelstorms @domwoe @robin-kunzler @oggy-dfin