fix(console,internal/ethapi,node,rpc): restrict debug_setHead to local transports#2297
fix(console,internal/ethapi,node,rpc): restrict debug_setHead to local transports#2297gzliudan wants to merge 1 commit intoXinFinOrg:v2.6.x-betafrom
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
gzliudan
requested review from
AnilChinchawale,
anunay-xin,
benjamin202410,
liam-lai and
wanwiset25
and removed request for
Copilot
There was a problem hiding this comment.
Pull request overview
Introduces a “local-only” RPC API classification to keep debug_setHead available over IPC and in-process RPC while preventing exposure over HTTP/WebSocket, and adds regression tests to ensure transport filtering and console visibility behave as intended.
Changes:
- Add
rpc.API.Localand split node RPC API registration into “open” (HTTP/WS) vs “local” (IPC/in-proc) sets. - Mark the
internal/ethapiprivate debug API as local-only and update admin RPC startup paths to use the open set. - Add tests covering local-only API leakage (node/admin + ethapi) and console hiding of
debug.setHeadwhen unavailable.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| rpc/types.go | Adds API.Local flag to classify APIs as local-transport only. |
| node/node.go | Splits API exposure by transport; registers local APIs for IPC/in-proc and open APIs for HTTP/WS. |
| node/api.go | Ensures admin_startRPC / admin_startWS only enable open APIs. |
| node/api_test.go | Adds regression test ensuring local-only APIs remain hidden from HTTP even when started via admin APIs. |
| internal/ethapi/backend.go | Marks private debug API as local-only to prevent debug_setHead exposure over HTTP/WS. |
| internal/ethapi/api_local_test.go | Adds transport-exposure test for debug_setHead vs other debug methods. |
| console/console.go | Hides debug.setHead in the JS console when the RPC method is not available. |
| console/console_test.go | Adds coverage for console behavior when debug_setHead exists vs does not exist on the RPC backend. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
from
639299e to
d20ff10
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
2 times, most recently
from
00207c2 to
d3c8b8c
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
2 times, most recently
from
f446c2d to
873614d
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
from
873614d to
1ff8bca
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
from
1ff8bca to
93a63c0
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
from
93a63c0 to
bda407f
Compare
…l transports Add a local-only RPC API classification and use it to keep debug_setHead available over in-process RPC and IPC while hiding it from HTTP and WebSocket transports. This also updates the admin RPC startup path and adds regression coverage for console visibility, transport exposure, and local-only API leakage.
gzliudan
force-pushed
the
disable-v268-debug-set-head
branch
from
bda407f to
1aa143d
Compare
Proposed changes
Add a local-only RPC API classification and use it to keep debug_setHead available over in-process RPC and IPC while hiding it from HTTP and WebSocket transports.
This also updates the admin RPC startup path and adds regression coverage for console visibility, transport exposure, and local-only API leakage.
Types of changes
What types of changes does your code introduce to XDC network?
Put an
✅in the boxes that applyImpacted Components
Which parts of the codebase does this PR touch?
Put an
✅in the boxes that applyChecklist
Put an
✅in the boxes once you have confirmed below actions (or provide reasons on not doing so) that