Skip to content

Commit

Permalink
Merge pull request #12 from blooo-io/fix/audit-fix
Browse files Browse the repository at this point in the history
fix: audit fix
  • Loading branch information
Z4karia authored Oct 4, 2024
2 parents 2d4a233 + 91ca8a3 commit 136559d
Show file tree
Hide file tree
Showing 185 changed files with 97 additions and 147 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,4 @@ doc/html
doc/latex

tests/snapshots-tmp
tests/bitcoin
3 changes: 1 addition & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ include $(BOLOS_SDK)/Makefile.defines
CURVE_APP_LOAD_PARAMS = secp256k1

# Application allowed derivation paths.
PATH_APP_LOAD_PARAMS = ""
PATH_APP_LOAD_PARAMS = "44'/0'" "44'/1'" "84'/0'" "84'/1'" "86'/0'" "86'/1'"

# Allowed SLIP21 paths
PATH_SLIP21_APP_LOAD_PARAMS = "LEDGER-Wallet policy"
Expand Down Expand Up @@ -76,7 +76,6 @@ endif
# Application custom permissions #
########################################
HAVE_APPLICATION_FLAG_DERIVE_MASTER = 1
HAVE_APPLICATION_FLAG_GLOBAL_PIN = 1
HAVE_APPLICATION_FLAG_BOLOS_SETTINGS = 1
HAVE_APPLICATION_FLAG_LIBRARY = 1

Expand Down
9 changes: 9 additions & 0 deletions src/boilerplate/dispatcher.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,15 @@ static inline void SEND_SW(struct dispatcher_context_s *dc, uint16_t sw) {
dc->send_response();
}

#define SAFE_SEND_SW(dc, sw) \
do { \
if (dc != NULL) { \
SEND_SW(dc, sw); \
} else { \
PRINTF("Error: Null dispatcher context\n"); \
} \
} while (0)

static inline void SET_RESPONSE(struct dispatcher_context_s *dc,
void *rdata,
size_t rdata_len,
Expand Down
214 changes: 83 additions & 131 deletions src/handler/withdraw.c

Large diffs are not rendered by default.

10 changes: 0 additions & 10 deletions src/ui/display.c
Original file line number Diff line number Diff line change
Expand Up @@ -172,16 +172,6 @@ bool ui_validate_withdraw_data_and_confirm(dispatcher_context_t *context,
return io_ui_process(context, SET_UX_DIRTY);
}

// bool ui_display_message_confirm(dispatcher_context_t *context) {
// #ifdef HAVE_AUTOAPPROVE_FOR_PERF_TESTS
// return true;
// #endif

// (void) context;
// ui_sign_message_confirm_flow();

// return io_ui_process(context, SET_UX_DIRTY);
// }
#ifdef HAVE_BAGL
bool ui_display_register_wallet(dispatcher_context_t *context,
const policy_map_wallet_header_t *wallet_header,
Expand Down
2 changes: 1 addition & 1 deletion test_utils/authproxy.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
import time
import urllib.parse

HTTP_TIMEOUT = 30
HTTP_TIMEOUT = 60
USER_AGENT = "AuthServiceProxy/0.1"

log = logging.getLogger("BitcoinRPC")
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests/snapshots/flex/test_sighash_all_anyone_sign_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sighash_all_anyone_sign_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sighash_all_sign_psbt_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sighash_all_sign_psbt_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sighash_none_anyone_sign_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sighash_none_sign_psbt_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sighash_none_sign_psbt_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sighash_single_sign_psbt_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sighash_unsupported_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sighash_unsupported_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_highfee_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_highfee_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_multisig_wsh_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_multisig_wsh_0_1/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_with_opreturn_0_2/00000.png
Binary file modified tests/snapshots/flex/test_sign_psbt_with_opreturn_0_3/00000.png
Binary file modified tests/snapshots/flex/test_sign_withdraw_0_0/00000.png
Binary file modified tests/snapshots/flex/test_sign_withdraw_0_0/00001.png
4 changes: 2 additions & 2 deletions tests/test_register_wallet.py
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ def test_register_wallet_unsupported_policy(navigator: Navigator, firmware: Firm
assert DeviceException.exc.get(e.value.status) == NotSupportedError
assert len(e.value.data) == 0


@pytest.mark.timeout(0) # disable timeout
def test_register_miniscript_long_policy(navigator: Navigator, firmware: Firmware, client:
RaggerClient, test_name: str, speculos_globals):
# This test makes sure that policies longer than 256 bytes work as expected on all devices
Expand Down Expand Up @@ -397,7 +397,7 @@ def test_register_wallet_tr_with_nums_keypath(navigator: Navigator, firmware: Fi
instructions=register_wallet_instruction_approve(firmware),
test_name=test_name)


@pytest.mark.timeout(0) # disable timeout
def test_register_wallet_tr_script_sortedmulti(navigator: Navigator, firmware: Firmware, client:
RaggerClient, test_name: str, speculos_globals):
run_register_test(navigator, client, speculos_globals, WalletPolicy(
Expand Down
1 change: 0 additions & 1 deletion tests/test_sign_psbt_with_sighash_types.py
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,6 @@ def test_sighash_single_3_ins_2_out(navigator: Navigator, firmware: Firmware, cl
assert DeviceException.exc.get(e.value.status) == NotSupportedError
assert len(e.value.data) == 0


def test_sighash_all_anyone_sign(navigator: Navigator, firmware: Firmware, client: RaggerClient, test_name: str):
psbt = open_psbt_from_file(f"{tests_root}/psbt/sighash/sighash-all-anyone-can-pay-sign.psbt")

Expand Down

0 comments on commit 136559d

Please sign in to comment.