search

biow0lf / evedev-kb

Automatically exported from code.google.com/p/evedev-kb
1 stars 0 forks source link

Logic-Bug in IDFeed Trust Management #202

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
In common/includes/class.idfeed.php:

Documentation for function setAcceptedTrust says: If the remote kill has a 
trust level below this, it will not be verified.

But the actual code who does the check, which is in line 488, is:

(int)$row['trust'] > $this->trust

Which will not accept a kill as verified if remoteTrust == this->Trust, even 
though the remoteTrust is NOT below the local trust.

So either the documentation is wrong, or it's a bug. This leads to kills not 
getting verified from trusted idfeeds, as the idfeed-api-pull-cronscript sets 
the acceptedTrust to 0, and not -1, so for example eve-kill.net Kills don't get 
verified.

Original issue reported on code.google.com by timo@rothenpieler.org on 21 Jan 2012 at 11:17

GoogleCodeExporter commented 9 years ago 
Forgot to mention, obvious fix is to use >= instead of >

Original comment by timo@rothenpieler.org on 21 Jan 2012 at 11:18

GoogleCodeExporter commented 9 years ago 
The error was in the documentation, it should have been equal to or less than, 
but I'll change the code to make it more obvious. 'setAcceptedTrust' does imply 
that the level you set is accepted.

The new code accepts verification at the level of trust you set, or greater. 
cron and admin panel then set the trust to 1 rather than 0. It is intended that 
remote kills with a trust of 0 are not verified. This is Eve trust, not actual 
trust. ^^

New documentation is:
Set level of trust to accept. Kills with a trust level greater than or equal to 
this will be accepted as verified. If the remote kill has a trust level below 
this, it will not be verified.

e.g.
We fetch a KillLog from the API and use setKillTrust to force it to a  trust 
level of 3. Another board then fetches from us, and is willing to  accept a 
trust level of 1, so the kills are fetched and accepted as verified. The trust 
level is reduced to 2 by that board. The next board will also accept them as 
verified and set trust to 1, and the next 0. 

If a board accepts all kills with a trust level of 1 it will accept the kill 
from the first three boards (3, 2, 1) as verified. The fourth board trusts the 
kill itself , but the level of trust is too low for other boards to accept that 
kill as verified from the fourth board.

Untrusted kills are still accepted, but not marked as verified. (Future 
versions may also have minimum standards to accept unverified kills.) Note that 
it is possible for trust levels to change. e.g. A kill is manually posted so 
has a trust level of 0 but then the same kill is fetched from the API and the 
trust level changed to 3. Thus a kill may be untrusted when a remote board 
fetches but become trusted later on.

Original comment by kovellia on 22 Jan 2012 at 2:04

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision beafd796d82b.

Original comment by kovellia on 22 Jan 2012 at 2:26