Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve SignHash error message to clarify intentional security design #2141

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Improve SignHash error message to clarify intentional security design #2141

wants to merge 1 commit into from

Conversation

neithanmo
Copy link
Contributor

Motivation

see #2114

Solution

Update the UnsupportedSignerOperation error display to explicitly mention that blind signing is intentionally disabled as a security best practice

PR Checklist

  • Added Tests
  • Added Documentation
  • Breaking changes

@neithanmo
Improve SignHash error message to clarify intentional security design
a006fc8 
Update the UnsupportedSignerOperation error display to explicitly mention
that blind signing is intentionally disabled as a security best practice,
rather than appearing as a technical limitation. This provides clearer
guidance to users encountering this error.
DaniPopes
DaniPopes reviewed Mar 5, 2025
View reviewed changes
crates/signer/src/error.rs
@@ -79,7 +79,12 @@ pub enum UnsupportedSignerOperation {

impl fmt::Display for UnsupportedSignerOperation {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.as_str().fmt(f)
match self {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you want to change this above in enum Error, but i think it should be another variant

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean convert UnsupportedSignerOperation into an error via thiserror?

I think we should do this because otherwise this new message will mess with the error message here:

alloy/crates/signer/src/error.rs

Lines 13 to 14 in 750004c

#[error("operation `{0}` is not supported by the signer")]
UnsupportedOperation(UnsupportedSignerOperation),

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should keep things as is and just add another variant with a message that it is intentionally unimplemented

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right. Your suggestion is better by making a distinction between what is unsupported and what is opted out due to security reasons. maybe a new variant to the Error definition:

pub enum Error {
    // ...
    
    /// The operation is deliberately disabled for security reasons
    #[error("Operation {0} is restricted due to security restrictions")]
    SecurityRestriction(String),
    
    // ...
}

mattsse
mattsse requested changes Mar 5, 2025
View reviewed changes
crates/signer/src/error.rs
@@ -79,7 +79,12 @@ pub enum UnsupportedSignerOperation {

impl fmt::Display for UnsupportedSignerOperation {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.as_str().fmt(f)
match self {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean convert UnsupportedSignerOperation into an error via thiserror?

I think we should do this because otherwise this new message will mess with the error message here:

alloy/crates/signer/src/error.rs

Lines 13 to 14 in 750004c

#[error("operation `{0}` is not supported by the signer")]
UnsupportedOperation(UnsupportedSignerOperation),

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaniPopes DaniPopes DaniPopes left review comments

@mattsse mattsse mattsse requested changes

@gakonst gakonst Awaiting requested review from gakonst gakonst is a code owner

@onbjerg onbjerg Awaiting requested review from onbjerg onbjerg is a code owner

@klkvr klkvr Awaiting requested review from klkvr klkvr is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Alloy
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neithanmo @mattsse @DaniPopes