Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merging develop to master #3

Merged
merged 23 commits into from
Feb 14, 2025
Merged

Merging develop to master #3

merged 23 commits into from
Feb 14, 2025

Conversation

iartemov-ledger
Copy link

No description provided.

0xPxt and others added 21 commits October 29, 2024 11:54
@0xPxt
Stax & Flex porting (Zondax#13) (Zondax#14)
98f7054 
* Stax & Flex porting (Zondax#13)

* flex_porting

* bump version

* update readme

* set production build flag accordingly

* bump minor version instead of patch

* update ledger_app.toml

* resize flex icon

* Add support for coston testnet
@0xPxt
New release (Zondax#16)
8f99334 
* update zxlib

* bump version
@chcmedeiros
Fix coston network_id (Zondax#17)
aa98ba7 
* update deps

* update coston network_id & add new chain ids

* update snapshots
@yogh333
Merge pull request #1 from Zondax/main
a2db779 
Stax/Flex Support and Support for Coston Testnet (chain_id = 16) for ETH transactions
@chcmedeiros
Update js package (Zondax#18)
9acfcd9 
* remove js package

* add js submodule

* update tests

* update snapshots
@chcmedeiros
Feat/blindsign flow (Zondax#19)
074b37d 
* update submodules

* add blindsign ui

* update tests

* update snapshots

* update test and snapshots for sign hash

* fix error return
@chcmedeiros
Feat/eip1559 (Zondax#20)
25e2b44
@chcmedeiros
Merge pull request Zondax#21 from Zondax/dev
492e344 
New release
@chcmedeiros
Evm improvements (Zondax#22)
13e8363 
* update deps and submodules

* coin asset depending on chain id

* update zxlib

* add blindsign required flag

* update tests

* update snapshots
@chcmedeiros
update flex snapshots folder (Zondax#23)
735526d
@chcmedeiros
fix: update v computation (Zondax#25)
1d7ff20
@chcmedeiros
Rearrange eth (Zondax#26)
2a73783 
* move files to evm folder

* update remaining code structure

* update fuzzer and tests

* small argument fix
@chcmedeiros
Sign personal (Zondax#27)
c347914 
* add sign_personal

* update js package

* update snapshots
@chcmedeiros
Merge pull request Zondax#24 from Zondax/dev
a11b5f1 
New release
@chcmedeiros
Update (Zondax#28)
8fa3d4b 
* update zxlib

* update deps

* update snapshots
@chcmedeiros
Merge pull request Zondax#29 from Zondax/dev
76b5eb4 
New release
@chcmedeiros
Fix (Zondax#30)
cb21225 
* add switch to coin asset

* update snapshots

* add test

* update snapshots
@chcmedeiros
Merge pull request Zondax#31 from Zondax/dev
41f01e6 
New Release
@chcmedeiros
Audit fixes (Zondax#32)
6d61786 
* add  flare CLA extra verification

* remove not needed DER signature from response

* update zxlib

* bump version

* update fuzzer

* update docs

* update docs
@emmanuelm41
Audit fixes (Zondax#32) (Zondax#33)
f78227d 
* add  flare CLA extra verification

* remove not needed DER signature from response

* update zxlib

* bump version

* update fuzzer

* update docs

* update docs
@iartemov-ledger
Merge pull request #2 from Zondax/main
f281b8f 
Improve Blindsign UI
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 14, 2025
View reviewed changes
app/src/evm/apdu_handler_eth.c
Comment on lines +143 to +218
switch (payloadType) {
case P1_ETH_FIRST:
tx_initialize();
tx_reset();
extract_eth_path(rx, OFFSET_DATA);
// there is not warranties that the first chunk
// contains the serialized path only;
// so we need to offset the data to point to the first transaction
// byte
uint32_t path_len = sizeof(uint32_t) * hdPathEth_len;

// plus the first offset data containing the path len
data += path_len + 1;
if (len < path_len) {
THROW(APDU_CODE_WRONG_LENGTH);
}

// now process the chunk
len -= path_len + 1;
if (get_tx_rlp_len(data, len, &read, &to_read) != rlp_ok) {
THROW(APDU_CODE_DATA_INVALID);
}

// get remaining data len
max_len = saturating_add(read, to_read);
max_len = MIN(max_len, len);

added = tx_append(data, max_len);
if (added != max_len) {
THROW(APDU_CODE_OUTPUT_BUFFER_TOO_SMALL);
}

tx_initialized = true;

// if the number of bytes read and the number of bytes to read
// is the same as what we read...
if ((saturating_add(read, to_read) - len) == 0) {
return true;
}
return false;
case P1_ETH_MORE:
if (!tx_initialized) {
THROW(APDU_CODE_TX_NOT_INITIALIZED);
}

uint64_t buff_len = tx_get_buffer_length();
uint8_t *buff_data = tx_get_buffer();

if (get_tx_rlp_len(buff_data, buff_len, &read, &to_read) != rlp_ok) {
THROW(APDU_CODE_DATA_INVALID);
}

uint64_t rlp_read = buff_len - read;

// either the entire buffer of the remaining bytes we expect
uint64_t missing = to_read - rlp_read;
max_len = len;

if (missing < len) {
max_len = missing;
}
added = tx_append(data, max_len);

if (added != max_len) {
tx_initialized = false;
THROW(APDU_CODE_OUTPUT_BUFFER_TOO_SMALL);
}

// check if this chunk was the last one
if (missing - len == 0) {
tx_initialized = false;
return true;
}

return false;
}

Check notice

Code scanning / CodeQL

Long switch case Note

Switch has at least one case that is too long:
0 (38 lines)
Loading
.
Switch has at least one case that is too long:
128 (34 lines)
Loading
.
@socket-security Socket Security
Copy link

socket-security bot commented Feb 14, 2025
edited
Loading

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@ethereumjs/common@4.4.0 🔁 npm/@ethereumjs/common@2.6.5 None 0 713 kB holgerd77
npm/@ethereumjs/tx@5.4.0 🔁 npm/@ethereumjs/tx@3.5.2 None +5 3.57 MB holgerd77
npm/@typescript-eslint/eslint-plugin@8.24.0 🔁 npm/@typescript-eslint/eslint-plugin@5.62.0, npm/@typescript-eslint/eslint-plugin@6.21.0 Transitive: environment, filesystem +36 7.88 MB bradzacher, jameshenry
npm/@typescript-eslint/parser@8.24.0 🔁 npm/@typescript-eslint/parser@5.62.0, npm/@typescript-eslint/parser@6.21.0 Transitive: environment, filesystem +28 2.88 MB bradzacher, jameshenry
npm/@zondax/zemu@0.53.0 🔁 npm/@zondax/zemu@0.49.0 Transitive: eval, network, shell +99 23.7 MB jleni
npm/eslint-plugin-jest@28.11.0 🔁 npm/eslint-plugin-jest@27.9.0 Transitive: environment +31 3.91 MB aaronabramov, jeysal, jsonp, ...6 more
npm/eslint@9.20.1 🔁 npm/eslint@8.57.1 Transitive: eval, shell, unsafe +85 10.8 MB eslintbot, openjsfoundation
npm/js-sha256@0.11.0 🔁 npm/js-sha256@0.9.0 None 0 39.5 kB emn178

🚮 Removed packages: npm/@ledgerhq/hw-app-eth@6.35.7, npm/@types/node@18.19.76, npm/@zondax/ledger-js@0.2.2, npm/eslint-config-prettier@8.10.0, npm/eslint-config-standard-with-typescript@34.0.1, npm/eslint-plugin-n@15.7.0, npm/eslint-plugin-promise@6.6.0

View full report↗︎

@iartemov-ledger iartemov-ledger merged commit 0d44f75 into master Feb 14, 2025
57 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@iartemov-ledger @0xPxt @chcmedeiros @yogh333 @emmanuelm41