Skip to content

Disable jrpc2 built-in rpc.* methods#828

Merged
urvisavla merged 1 commit into
stellar:mainfrom
urvisavla:disable-serverinfo
Jun 29, 2026
Merged

Disable jrpc2 built-in rpc.* methods#828
urvisavla merged 1 commit into
stellar:mainfrom
urvisavla:disable-serverinfo

Conversation

@urvisavla

Copy link
Copy Markdown
Contributor

The jhttp bridge was constructed without DisableBuiltin, leaving rpc.serverInfo reachable. It leaks node lifetime metrics and process start time, and bypasses the handler allowlist plus backlog/duration limiters.

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings June 29, 2026 18:28

This comment was marked as resolved.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2fd9b8d84f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread cmd/stellar-rpc/internal/jsonrpc.go
@urvisavla urvisavla requested a review from Shaptic June 29, 2026 18:42
The jhttp bridge was constructed without DisableBuiltin, so rpc.serverInfo
was reachable by any unauthenticated client, leaking node lifetime metrics
and process start time. It also bypassed the handler allowlist and the
backlog/duration limiters since jrpc2 dispatches built-ins ahead of the
handler map.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@urvisavla urvisavla force-pushed the disable-serverinfo branch from 2fd9b8d to 7ac7f81 Compare June 29, 2026 18:44
@urvisavla urvisavla merged commit 6790408 into stellar:main Jun 29, 2026
17 checks passed
@urvisavla urvisavla deleted the disable-serverinfo branch June 29, 2026 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants