Bug WikiSecurity & Access ControlHardcoded timestamp
2 examples

Hardcoded timestamp

Explicit timestamp coded, causing incorrect date/time data.

[ FAQ1 ]

What is a hardcoded timestamp?

A hardcoded timestamp is a fixed date or time value written directly into application code, rather than being dynamically generated at runtime. Developers might use hardcoded timestamps temporarily for testing or debugging purposes, but if left in production code, these timestamps can cause incorrect behavior, logic errors, or flaky tests as real-world time progresses. For example, code relying on a fixed timestamp might incorrectly handle date-sensitive logic or fail to accommodate time-based scenarios. Hardcoded timestamps lead to maintainability challenges, test instability, and unreliable application behavior.
[ FAQ2 ]

How to replace hardcoded timestamps in code

To replace hardcoded timestamps, use dynamic functions like Date.now() or appropriate libraries to generate timestamps at runtime based on actual system time or configuration settings. For testing scenarios, leverage time-mocking libraries or frameworks that simulate and control timestamps reliably, ensuring tests remain stable and predictable. Clearly separate test-specific time values from production logic, utilizing dependency injection or configurable time sources. Regularly review and audit code for embedded date values, proactively removing hardcoded timestamps to ensure accurate and maintainable application logic.
posthog/posthog·#32516
diff block
+import { EventType } from '@posthog/rrweb-types'
+import posthog from 'posthog-js'
+
+import { RecordingSnapshot } from '~/types'
+
+import { patchMetaEventIntoWebData, ViewportResolution } from './patch-meta-event'
+import { clearThrottle } from './throttle-capturing'
+
+describe('patchMetaEventIntoWebData', () => {
+ const mockViewportForTimestamp = (): ViewportResolution => ({
+ width: '1024',
+ height: '768',
+ href: 'https://blah.io',
+ })
+
+ function createFullSnapshot(): RecordingSnapshot {
+ return {
+ type: EventType.FullSnapshot,
+ timestamp: 1000,
+ windowId: 'window1',
+ data: {} as any,
+ }
+ }
+
+ function createMeta(width: number, height: number, href: string = 'https://blah.io'): RecordingSnapshot {
+ return {
+ type: EventType.Meta,
+ timestamp: 1000,
Greptile
greptile
logic: Meta event uses hardcoded timestamp 1000, which may cause issues if timestamp matching is important between meta and full snapshot events
johnsaigle/wormhole·#8
diff block
+pub use anchor_lang::prelude::*;
+use wormhole_solana_consts::CORE_BRIDGE_PROGRAM_ID;
+
+#[derive(Debug, AnchorSerialize, AnchorDeserialize, Clone)]
+pub struct WormholeGuardianSet {
+ /// Index representing an incrementing version number for this guardian set.
+ pub index: u32,
+
+ /// Ethereum-style public keys.
+ pub keys: Vec<[u8; 20]>,
+
+ /// Timestamp representing the time this guardian became active.
+ pub creation_time: u32,
+
+ /// Expiration time when VAAs issued by this set are no longer valid.
+ pub expiration_time: u32,
+}
+
+// TODO: does there need to be some sort of seed check as well?
+impl Owner for WormholeGuardianSet {
+ fn owner() -> Pubkey {
+ CORE_BRIDGE_PROGRAM_ID
+ }
+}
+
+// workaround for anchor 0.30.1
+// https://github.com/coral-xyz/anchor/blob/e6d7dafe12da661a36ad1b4f3b5970e8986e5321/spl/src/idl_build.rs#L11
+impl anchor_lang::Discriminator for WormholeGuardianSet {
+ const DISCRIMINATOR: [u8; 8] = [0; 8];
+}
+
+impl AccountSerialize for WormholeGuardianSet {}
+
+impl AccountDeserialize for WormholeGuardianSet {
+ fn try_deserialize_unchecked(buf: &mut &[u8]) -> Result<Self> {
+ Self::deserialize(buf).map_err(Into::into)
+ }
+}
+
+impl WormholeGuardianSet {
+ pub const SEED_PREFIX: &'static [u8] = b"GuardianSet";
+
+ pub fn is_active(&self, timestamp: &u32) -> bool {
+ // Note: This is a fix for Wormhole on mainnet. The initial guardian set was never expired
+ // so we block it here.
+ if self.index == 0 && self.creation_time == 1628099186 {
+ false
+ } else {
+ self.expiration_time == 0 || self.expiration_time >= *timestamp
+ }
Greptile
greptile
style: Consider extracting the hardcoded timestamp 1628099186 into a named constant for better maintainability
suggested fix
pub fn is_active(&self, timestamp: &u32) -> bool {
+ const INITIAL_GUARDIAN_SET_CREATION_TIME: u32 = 1628099186;
// Note: This is a fix for Wormhole on mainnet. The initial guardian set was never expired
// so we block it here.
+ if self.index == 0 && self.creation_time == INITIAL_GUARDIAN_SET_CREATION_TIME {
false
} else {
self.expiration_time == 0 || self.expiration_time >= *timestamp
}