-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #88 from LedgerHQ/develop
Merge develop into master (B2CA-1730)
- Loading branch information
Showing
6,270 changed files
with
17,553 additions
and
10,682 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,3 +17,4 @@ AllowShortFunctionsOnASingleLine: None | |
| BinPackArguments: false | ||
| BinPackParameters: false | ||
| --- | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,16 @@ | ||
| FROM ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest AS LITE_BUILDER | ||
|
|
||
| # Base image with clang toolchain | ||
| FROM gcr.io/oss-fuzz-base/base-builder:v1 | ||
| RUN apt-get update && apt-get install -y make libssl-dev libbsd-dev | ||
|
|
||
| RUN apt-get update && apt-get install -y libbsd-dev | ||
|
|
||
| # Copy the project's source code. | ||
| COPY . $SRC/app-stellar | ||
| COPY --from=LITE_BUILDER /opt/ledger-secure-sdk $SRC/app-stellar/BOLOS_SDK | ||
|
|
||
| # Working directory for build.sh | ||
| WORKDIR $SRC/app-stellar | ||
|
|
||
| # Copy build.sh into $SRC dir. | ||
| COPY .clusterfuzzlite/build.sh $SRC/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| language: c++ | ||
| language: c++ |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,66 +1,30 @@ | ||
| // For format details, see https://aka.ms/vscode-remote/devcontainer.json or the definition README at | ||
| // https://github.com/microsoft/vscode-dev-containers/tree/master/containers/ubuntu-18.04-git | ||
| // For format details, see https://aka.ms/devcontainer.json. | ||
| { | ||
| "name": "Ledger Dev", | ||
| "dockerFile": "Dockerfile", | ||
| "build": { | ||
| "args": {} | ||
| }, | ||
| // https://code.visualstudio.com/remote/advancedcontainers/environment-variables | ||
| // BOLOS_SDK can be one of NANOS_SDK, NANOX_SDK and NANOSPLUS_SDK | ||
| "remoteEnv": { | ||
| "BOLOS_SDK": "${containerEnv:NANOS_SDK}", | ||
| "MNEMONIC": "other base behind follow wet put glad muscle unlock sell income october", // "${localEnv:MNEMONIC}" | ||
| "CTEST_OUTPUT_ON_FAILURE": "1", | ||
| "PIP_INDEX_URL": "https://mirrors.ustc.edu.cn/pypi/web/simple" | ||
| }, | ||
| // The optional 'runArgs' property can be used to specify additional runtime arguments. | ||
| "runArgs": [ | ||
| // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust. | ||
| "--cap-add=SYS_PTRACE", | ||
| "--security-opt", | ||
| "seccomp=unconfined" | ||
| ], | ||
| // Use 'settings' to set *default* container specific settings.json values on container create. | ||
| // You can edit these settings after create using File > Preferences > Settings > Remote. | ||
| "settings": { | ||
| "terminal.integrated.profiles.linux": { | ||
| "bash": { | ||
| "path": "/bin/bash" | ||
| }, | ||
| "fish": { | ||
| "path": "/bin/fish" | ||
| } | ||
| }, | ||
| "terminal.integrated.defaultProfile.linux": "fish" | ||
| }, | ||
| // Use 'forwardPorts' to make a list of ports inside the container available locally. | ||
| // "forwardPorts": [3000], | ||
| // Use 'portsAttributes' to set default properties for specific forwarded ports. More info: https://code.visualstudio.com/docs/remote/devcontainerjson-reference. | ||
| "portsAttributes": { | ||
| "5000": { | ||
| "label": "Speculos Restful API", | ||
| "onAutoForward": "notify" | ||
| }, | ||
| "9999": { | ||
| "label": "Speculos APDU Server TCP port", | ||
| "onAutoForward": "silent" | ||
| }, | ||
| }, | ||
| // Use 'otherPortsAttributes' to configure any ports that aren't configured using 'portsAttributes'. | ||
| "otherPortsAttributes": { | ||
| "onAutoForward": "silent" | ||
| }, | ||
| // Uncomment the next line to run commands after the container is created. | ||
| // "postCreateCommand": "", | ||
| // Add the IDs of extensions you want installed when the container is created in the array below. | ||
| "extensions": [ | ||
| "ms-vscode.cpptools-extension-pack", | ||
| "spmeesseman.vscode-taskexplorer", | ||
| "webfreak.debug" | ||
| ], | ||
| // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. | ||
| // On Linux, this will prevent new files getting created as root, but you may need to update the USER_UID | ||
| // and USER_GID in .devcontainer/Dockerfile to match your user if not 1000. | ||
| "remoteUser": "ledgerdev" | ||
| "name": "ledgerdev", | ||
| "image": "ghcr.io/lightsail-network/ledger-devcontainer:latest", | ||
| // https://code.visualstudio.com/remote/advancedcontainers/environment-variables | ||
| // BOLOS_SDK can be one of NANOS_SDK, NANOSP_SDK, NANOX_SDK, STAX_SDK and FLEX_SDK | ||
| "remoteEnv": { | ||
| "BOLOS_SDK": "${containerEnv:NANOS_SDK}", | ||
| "MNEMONIC": "${localEnv:MNEMONIC}" // you can set this in your local environment to avoid typing it in every time | ||
| }, | ||
| "forwardPorts": [ | ||
| 9999 // APDU port | ||
| ], | ||
| "appPort": 5000, | ||
| "customizations": { | ||
| "vscode": { | ||
| "extensions": [ | ||
| "ms-vscode.cpptools-extension-pack" | ||
| ], | ||
| "settings": { | ||
| "terminal.integrated.defaultProfile.linux": "fish", | ||
| "terminal.integrated.shell.linux": { | ||
| "fish": { | ||
| "path": "/usr/bin/fish" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,32 +1,53 @@ | ||
| name: ClusterFuzzLite batch fuzzing | ||
| name: ClusterFuzzLite cron tasks | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| fuzz-seconds: | ||
| description: "Number of seconds to run fuzzers" | ||
| required: false | ||
| default: "600" | ||
| push: | ||
| branches: | ||
| - develop # Use your actual default branch here. | ||
| schedule: | ||
| - cron: '1 * * * 0' # Every sunday | ||
| - cron: "0 8 * * 1" # At 08:00 on Monday. | ||
| permissions: read-all | ||
| jobs: | ||
| BatchFuzzing: | ||
| Fuzzing: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| sanitizer: [address, undefined, memory] | ||
| include: | ||
| - mode: batch | ||
| sanitizer: address | ||
| - mode: batch | ||
| sanitizer: undefined | ||
| - mode: batch | ||
| sanitizer: memory | ||
| - mode: prune | ||
| sanitizer: address | ||
| - mode: coverage | ||
| sanitizer: coverage | ||
| steps: | ||
| - name: Build Fuzzers (${{ matrix.sanitizer }}) | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: c++ | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| - name: Run Fuzzers (${{ matrix.sanitizer }}) | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: 3600 # 1 hour | ||
| mode: 'batch' | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| # Optional but recommended: For storing certain artifacts from fuzzing. | ||
| # See later section on "Git repo for storage". | ||
| #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git | ||
| #storage-repo-branch: main # Optional. Defaults to "main" | ||
| #storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". | ||
| - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) | ||
| id: build | ||
| uses: google/clusterfuzzlite/actions/build_fuzzers@v1 | ||
| with: | ||
| language: c # Change this to the language you are fuzzing. | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/lightsail-network/app-stellar-fuzz-corpus | ||
| storage-repo-branch: main | ||
| storage-repo-branch-coverage: gh-pages | ||
| - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) | ||
| id: run | ||
| uses: google/clusterfuzzlite/actions/run_fuzzers@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| fuzz-seconds: ${{ github.event.inputs.fuzz-seconds || '600' }} # Defaults to 10 minutes | ||
| mode: ${{ matrix.mode }} | ||
| sanitizer: ${{ matrix.sanitizer }} | ||
| storage-repo: ${{ secrets.PERSONAL_ACCESS_TOKEN && format('https://{0}@github.com/lightsail-network/app-stellar-fuzz-corpus', secrets.PERSONAL_ACCESS_TOKEN) || '' }} | ||
| storage-repo-branch: ${{ secrets.PERSONAL_ACCESS_TOKEN && 'main' || '' }} | ||
| storage-repo-branch-coverage: ${{ secrets.PERSONAL_ACCESS_TOKEN && 'gh-pages' || '' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| - develop | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| analyse: | ||
| name: Analyse | ||
| strategy: | ||
| matrix: | ||
| sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK"] | ||
| #'cpp' covers C and C++ | ||
| language: ["cpp"] | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest | ||
|
|
||
| steps: | ||
| - name: Clone | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v2 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| queries: security-and-quality | ||
|
|
||
| # CodeQL will create the database during the compilation | ||
| - name: Build | ||
| run: | | ||
| make BOLOS_SDK=${{ matrix.sdk }} | ||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v2 |
Oops, something went wrong.