feat: add endpoint to report false Blockaid scan results (COR-636)#2815
Merged
feat: add endpoint to report false Blockaid scan results (COR-636)#2815
Conversation
Fbartoli
force-pushed
the
feature/cor-636-report-false-blockaid-result
branch
from
713ddce to
a38b991
Compare
PooyaRaki
reviewed
Dec 2, 2025
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/threat-analysis/threat-analysis.service.ts
Outdated
Show resolved
Hide resolved
| * Extended TransactionScanResponse that includes the request_id from x-request-id header. | ||
| */ | ||
| export type TransactionScanResponseWithRequestId = TransactionScanResponse & { | ||
| request_id: string | null; |
Contributor
There was a problem hiding this comment.
I would make it string | undefined unless we explicitly need to send null to Blockaid.
Collaborator
Author
There was a problem hiding this comment.
fixed, not necessary to send null
| /** | ||
| * Extended TransactionScanResponse that includes the request_id from x-request-id header. | ||
| */ | ||
| export type TransactionScanResponseWithRequestId = TransactionScanResponse & { |
Contributor
There was a problem hiding this comment.
Nit: Since it's in the interface file I would make it an interface.
Contributor
There was a problem hiding this comment.
maybe it would make sense to extract it to a separate entity or types file?
|
|
||
| describe('reportFalseResult', () => { | ||
| const mockReportRequest = { | ||
| event: 'FALSE_POSITIVE' as const, |
Contributor
There was a problem hiding this comment.
Can we remove as const from all the parameters here?
|
|
||
| expect(result).toEqual({ success: false }); | ||
| expect(mockLoggingService.error).toHaveBeenCalledWith( | ||
| `Failed to report false result for request_id ${mockReportRequest.request_id}: Blockaid API error`, |
Contributor
There was a problem hiding this comment.
Nit: What if there’s an error on our end that prevents us from calling the Blockaid endpoint? In that case, the error message wouldn’t be entirely accurate.
Collaborator
Author
There was a problem hiding this comment.
error message updated
| ); | ||
| }); | ||
|
|
||
| it('should handle null request_id from header', async () => { |
Contributor
There was a problem hiding this comment.
request_id is not null here it's undefined.
LucieFaire
reviewed
Dec 2, 2025
Contributor
LucieFaire
left a comment
LucieFaire
left a comment
There was a problem hiding this comment.
looks great! Some small comments
| /** | ||
| * Extended TransactionScanResponse that includes the request_id from x-request-id header. | ||
| */ | ||
| export type TransactionScanResponseWithRequestId = TransactionScanResponse & { |
Contributor
There was a problem hiding this comment.
maybe it would make sense to extract it to a separate entity or types file?
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/entities/dtos/report-false-result.dto.ts
Outdated
Show resolved
Hide resolved
src/modules/safe-shield/threat-analysis/threat-analysis.service.ts
Outdated
Show resolved
Hide resolved
LucieFaire
reviewed
Dec 3, 2025
src/modules/safe-shield/threat-analysis/blockaid/blockaid-api.interface.ts
Outdated
Show resolved
Hide resolved
LucieFaire
approved these changes
Dec 3, 2025
LucieFaire
approved these changes
Dec 3, 2025
- Add POST /v1/chains/:chainId/security/:safeAddress/report-false-result endpoint - Support reporting FALSE_POSITIVE and FALSE_NEGATIVE scan results - Use request_id from original scan response to identify the transaction - Add reportTransaction method to BlockaidApi and ThreatAnalysisService - Handle errors gracefully with logging and success: false response - Add chain ID to Blockaid chain name mapping (for future use) - Add comprehensive unit tests
- Extract request_id from x-request-id header in Blockaid API response - Extend TransactionScanResponse with request_id field - Include request_id in ThreatAnalysisResponse for reporting false positives
- Refactor ReportEvent to follow ContractStatus pattern with const array - Add comprehensive documentation for enum types and DTOs - Explain 1000 char limit is CGW-imposed safeguard - Remove underscore prefixes from controller params - Add comment explaining params are for URL validation
…reatAnalysis services - Change request_id type from string | null to string | undefined in various services and DTOs. - Update logging messages to use 'warn' instead of 'error' for reporting failures in SafeShieldService. - Adjust unit tests to reflect changes in request_id handling and logging behavior. - Ensure consistency in request_id usage across the threat analysis module.
…ndefined request_id - Modify the mock response in the ThreatAnalysisService unit tests to set request_id as undefined instead of null, ensuring consistency with recent refactoring changes in request_id handling.
- Change the event parameter type in reportTransaction method across ThreatAnalysisService, IBlockaidApi, and BlockaidApi from string literals to ReportEvent type for improved type safety and consistency. - Add BLOCKAID_REQUEST_ID_HEADER constant for better readability and maintainability in Blockaid API service.
Fbartoli
force-pushed
the
feature/cor-636-report-false-blockaid-result
branch
from
a1ec9b0 to
ea89619
Compare
This was referenced Dec 3, 2025
PooyaRaki
pushed a commit
that referenced
this pull request
Dec 9, 2025
…2815) * feat: add endpoint to report false Blockaid scan results (COR-636) - Add POST /v1/chains/:chainId/security/:safeAddress/report-false-result endpoint - Support reporting FALSE_POSITIVE and FALSE_NEGATIVE scan results - Use request_id from original scan response to identify the transaction - Add reportTransaction method to BlockaidApi and ThreatAnalysisService - Handle errors gracefully with logging and success: false response - Add chain ID to Blockaid chain name mapping (for future use) - Add comprehensive unit tests * feat: add request_id to threat analysis response - Extract request_id from x-request-id header in Blockaid API response - Extend TransactionScanResponse with request_id field - Include request_id in ThreatAnalysisResponse for reporting false positives * refactor: address PR review comments for COR-636 - Refactor ReportEvent to follow ContractStatus pattern with const array - Add comprehensive documentation for enum types and DTOs - Explain 1000 char limit is CGW-imposed safeguard - Remove underscore prefixes from controller params - Add comment explaining params are for URL validation * refactor: update request_id handling and logging in SafeShield and ThreatAnalysis services - Change request_id type from string | null to string | undefined in various services and DTOs. - Update logging messages to use 'warn' instead of 'error' for reporting failures in SafeShieldService. - Adjust unit tests to reflect changes in request_id handling and logging behavior. - Ensure consistency in request_id usage across the threat analysis module. * test: update mock response in ThreatAnalysisService tests to handle undefined request_id - Modify the mock response in the ThreatAnalysisService unit tests to set request_id as undefined instead of null, ensuring consistency with recent refactoring changes in request_id handling. * refactor: update reportTransaction method to use ReportEvent type - Change the event parameter type in reportTransaction method across ThreatAnalysisService, IBlockaidApi, and BlockaidApi from string literals to ReportEvent type for improved type safety and consistency. - Add BLOCKAID_REQUEST_ID_HEADER constant for better readability and maintainability in Blockaid API service. * chore: trigger CI --------- Co-authored-by: SafeFB <fb@SafeFBs-MBP.fritz.box> Co-authored-by: SafeFB <fb@SafeFBs-MacBook-Pro.fritz.box>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.