Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include Context information in config response #58

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Include Context information in config response #58

wants to merge 4 commits into from

Conversation

lizard-boy
Copy link

@lizard-boy lizard-boy commented Oct 19, 2024
edited by greptile-apps bot
Loading

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [x] Other

Objective

Adds feature flag context to config response. This is useful for debugging purposes.

Question: Is there a reason to consider this sensitive? It uses the same bearer token to, say, retrieve full sync data, so all information is retrievable through other endpoints.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

Greptile Summary

This pull request adds feature flag context to the configuration response, including user ID and organization IDs, to enhance debugging capabilities.

  • Added GetFlagContext() method to IFeatureService interface and implemented in LaunchDarklyFeatureService
  • Modified ConfigController to include feature flag context in ConfigResponseModel
  • Updated ConfigResponseModel to incorporate new FeatureFlagContext struct
  • Introduced new tests in LaunchDarklyFeatureServiceTests for authenticated and unauthenticated user scenarios
  • Consider potential security implications of exposing user and organization IDs in the config response

greptile-apps[bot]
greptile-apps bot reviewed Oct 19, 2024
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

5 file(s) reviewed, 6 comment(s)
Edit PR Review Bot Settings | Greptile

src/Api/Models/Response/ConfigResponseModel.cs
@@ -11,6 +12,7 @@ public class ConfigResponseModel : ResponseModel
public ServerConfigResponseModel Server { get; set; }
public EnvironmentConfigResponseModel Environment { get; set; }
public IDictionary<string, object> FeatureStates { get; set; }
public ContextResponseModel Context { get; set; }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Including sensitive context information in the config response may expose user data unnecessarily. Consider the security implications of this change.

src/Api/Models/Response/ConfigResponseModel.cs
Comment on lines +63 to +64
public Guid? UserId { get; set; }
public Guid[] OrganizationIds { get; set; }
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Exposing UserId and OrganizationIds in the response could potentially be used for user enumeration attacks. Evaluate the necessity of including this information.

src/Api/Models/Response/ConfigResponseModel.cs
Comment on lines +65 to +69
public ContextResponseModel(Guid? userId, Guid[] organizationIds)
{
UserId = userId;
OrganizationIds = organizationIds;
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider adding input validation to ensure userId and organizationIds are not null or empty before assigning.

src/Core/Services/IFeatureService.cs
@@ -37,4 +43,5 @@ public interface IFeatureService
/// </summary>
/// <returns>A dictionary of feature keys and their values.</returns>
Dictionary<string, object> GetAll();
FeatureFlagContext GetFlagContext();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider adding XML documentation for the new GetFlagContext() method

src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
Comment on lines +99 to +106
public FeatureFlagContext GetFlagContext()
{
return new FeatureFlagContext()
{
UserId = _currentContext.UserId,
OrganizationIds = _currentContext.Organizations?.Select(o => o.Id).ToArray()
};
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Consider adding null checks for _currentContext and its properties to prevent potential null reference exceptions.

src/Core/Services/Implementations/LaunchDarklyFeatureService.cs
return new FeatureFlagContext()
{
UserId = _currentContext.UserId,
OrganizationIds = _currentContext.Organizations?.Select(o => o.Id).ToArray()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: This line may return null if _currentContext.Organizations is null. Consider using the null-coalescing operator to return an empty array instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lizard-boy @MGibson1