Node security meta-issue

[damip]

Functional tests

The goal of functional tests is to run a network of nodes and interact with them to check if consensus is properly achieved, that the network propagates data correctly etc...

Tasks:

• [x] k8s cluster deployment @aoudiamoncef
• [x] connection of the python test framework with the node cluster @sydhds
• [ ] #4480 => TODO: test in securenet
• [x] Bootstrap protocol workflow: https://github.com/massalabs/massa-functional-tests/pull/10
• [ ] #4456: Hard to have a clean setup, in standby
• [x] try bootstrapping with large ledgers. Done in functional tests
• [x] #4479 @aoudiamoncef Done for the local tests. More extended tests may not be relevant.
• [ ] fuzzing

Unit tests and code review

• [x] General considerations
  • [x] #4396 (waiting on https://github.com/wasmerio/wasmer/issues/4222, the rest is done) => not under our control
  • [x] #4450 @aoudiamoncef
  • [x] aim for better test coverage https://github.com/massalabs/massa/issues/4418
  • [x] update to rust 1.72.1 (fixes some CVEs)
• [x] fix all tagged security issues: https://github.com/massalabs/massa/labels/Security%20team%20input @AurelienFT
• [ ] Models:TODO ASSIGN
  • [ ] for all object deserializations (coming from the API, from network, or from bootstrap)
    • [x] #4593
    • [x] #4556
    • [ ] write unit tests with objects/arrays of exactly the maximum allowed sizes
• [ ] Protocol/network https://github.com/massalabs/massa/pull/4461
  • [x] audit the code to ensure safe operation
  • [x] implement unit tests with various connect/disconnect/flood scenarios
  • [ ] calibrate bandwidth limits
• [ ] #4430
  • [x] ensure that a bootstrapping client can not make a bootstrap server panic by sending invalid data
  • [x] make sure a client cannot deny service by staying connected too long or flooding => #4509
  • [x] implement unit tests for those aspects #4509
  • [x] calibrate bandwidth limits and timeout values: #4518
  • [x] Fix Massa-db change history that leads to bootstrap desync. https://github.com/massalabs/massa/pull/4533
  • [ ] Finish the main tasks of #4430
• [x] API @modship
  • [x] ensure that no inputs to the API will make the system panic nor stay locked for a lot of time (input checks, length checks)
  • [x] Other limits checks: https://github.com/massalabs/massa/issues/4475
  • [x] implement API unit tests with edge cases for each public API endpoint #4426
• [x] Consensus
  • [x] Check which parts are not covered by unit test coverage and cover them
• [x] Execution @damip
  • [x] Unit test massa-sc-runtime => #4504 https://github.com/massalabs/massa-sc-runtime/pull/314
  • [x] #4503
  • [x] Audit code
  • [x] #4464
  • [x] #4501 In progress: https://github.com/massalabs/massa/pull/4532
  • [x] Remove events in snapshot: https://github.com/massalabs/massa/issues/4511
• [x] Final State @sydhds
  • https://github.com/massalabs/massa/issues/4435
• [x] POS Worker:
  • https://github.com/massalabs/massa/pull/4529