Skip to content

Copy WIP from #16708 #20380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 16 commits into
base: develop
Choose a base branch
from
Draft

Copy WIP from #16708 #20380

wants to merge 16 commits into from
+6,724 −0

Conversation

@cll-gg
Copy link
Contributor

@cll-gg cll-gg commented Nov 19, 2025

Requires

Supports

@github-actions
Copy link
Contributor

github-actions bot commented Nov 19, 2025

I see you updated files related to core. Please run pnpm changeset in the root directory to add a changeset as well as in the text include at least one of the following tags:

  • #added For any new functionality added.
  • #breaking_change For any functionality that requires manual action for the node to boot.
  • #bugfix For bug fixes.
  • #changed For any change to the existing functionality.
  • #db_update For any feature that introduces updates to database schema.
  • #deprecation_notice For any upcoming deprecation functionality.
  • #internal For changesets that need to be excluded from the final changelog.
  • #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
  • #removed For any functionality/config that is removed.
  • #updated For any functionality that is updated.
  • #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

@trunk-io
Copy link

trunk-io bot commented Nov 19, 2025
edited
Loading

Static BadgeStatic BadgeStatic BadgeStatic Badge

View Full Report ↗︎Docs

cll-gg added 12 commits November 19, 2025 15:24
@cll-gg
Add imports for log verification in SVR test
e99f4c2 
- Add 'strings' package for log message searching
- Add 'gomega' package for Eventually pattern to wait for transmissions
@cll-gg
Fix compilation: remove unused rpc import
b07984d
@cll-gg
Update log search patterns to match actual TXM log messages
99bfe31 
- Add search for 'Created primary transaction' log message
- Add search for 'Created secondary transaction' log message
- These are the actual log messages emitted by the dual contract transmitter
- Improve secondary transmission detection patterns
@cll-gg
Fix log verification: persist found state across iterations
8e5c225 
- Remove reset of primaryFound/secondaryFound inside Eventually loop
- Once found, keep the state true to avoid false negatives
- This ensures the test correctly detects both transmissions
@cll-gg
Refine log search patterns to match exact TXM log messages
144e57a 
- Use exact match for 'Created primary transaction' log message
- Use exact match for 'Created secondary transaction' log message
- Remove broader patterns that could match false positives
- These are the specific DEBUG logs emitted by OCR2DualContractTransmitter
@cll-gg
More log writing helpers
04feb36
@cll-gg
Run mock Flashbots to write to chain
d933f19
@cll-gg
Update test
15b3394
@cll-gg
Add check to install protoc script (seems to fail)
c39ea1e
@cll-gg
Revert "Add check to install protoc script (seems to fail)"
78f1561 
This reverts commit c39ea1e.
@cll-gg
Extract flashbots mock from test
ac65c06
@cll-gg
Refactor flashbots mock into struct
ca89e94
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2025
View reviewed changes
core/internal/features/svr/flashbots_mock.go

// Return success response
w.WriteHeader(http.StatusOK)
w.Write([]byte(fmt.Sprintf(`{"status": "success", "txHash": "%s"}`, txHash)))

Check warning

Code scanning / CodeQL

Reflected cross-site scripting Medium

Cross-site scripting vulnerability due to
user-provided value
Loading
.

Copilot Autofix

AI about 9 hours ago

The correct fix is to ensure that all user-supplied data interpolated into responses is sanitized/escaped, particularly for contexts like HTML or JavaScript but also for JSON if not using safe methods. In Go, the safest way to construct a JSON response is to use json.Marshal to encode a struct/map, which takes care of necessary escaping automatically. For this file, replace the manual fmt.Sprintf with a standard struct containing status and txHash, and marshal it using json.Marshal. On error, fall back to a safe error response. No changes are needed outside this file. You only need to import the well-known encoding/json package (already imported).

Suggested changeset 1
core/internal/features/svr/flashbots_mock.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/core/internal/features/svr/flashbots_mock.go b/core/internal/features/svr/flashbots_mock.go
--- a/core/internal/features/svr/flashbots_mock.go
+++ b/core/internal/features/svr/flashbots_mock.go
@@ -188,5 +188,14 @@
 
 	// Return success response
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf(`{"status": "success", "txHash": "%s"}`, txHash)))
+	resp := map[string]string{
+		"status": "success",
+		"txHash": txHash,
+	}
+	jsonBytes, err := json.Marshal(resp)
+	if err != nil {
+		w.Write([]byte(`{"status": "success", "txHash": ""}`))
+		return
+	}
+	w.Write(jsonBytes)
 }
EOF
@@ -188,5 +188,14 @@

// Return success response
w.WriteHeader(http.StatusOK)
w.Write([]byte(fmt.Sprintf(`{"status": "success", "txHash": "%s"}`, txHash)))
resp := map[string]string{
"status": "success",
"txHash": txHash,
}
jsonBytes, err := json.Marshal(resp)
if err != nil {
w.Write([]byte(`{"status": "success", "txHash": ""}`))
return
}
w.Write(jsonBytes)
}
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
@cl-sonarqube-production
Copy link

cl-sonarqube-production bot commented Nov 21, 2025

Quality Gate failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)
38 New Major Issues (required ≤ 5)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarQube IDE SonarQube IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cll-gg