feat: add ledger guidelines enforcer CI workflow (#68)

* feat: add ledger guidelines enforcer CI workflow * fix: use ledgerHQ workflow * fix: remove nanox support from ledger app toml * feat: add dev branch on ci workflow * feat: make env vars optional for clippy to work * fix: issue and format * fix: format * fix: clippy warning on nanosplus * fix: format * fix: clippy warnings on flex
Zondax · Oct 3, 2024 · 8828249 · 8828249
1 parent 600995a
commit 8828249
Show file tree

Hide file tree

Showing 23 changed files with 79 additions and 58 deletions.
diff --git a/.github/workflows/coding_style_checks.yml b/.github/workflows/coding_style_checks.yml
@@ -16,7 +16,7 @@ on:
 jobs:
   check_linting:
     name: Check linting using the reusable workflow
-    uses: Zondax/ledger-app-workflows/.github/workflows/reusable_lint.yml@v1
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_lint.yml@v1
     with:
       source: './app'
 
diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml
@@ -0,0 +1,24 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+      - dev # for safety reasons
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
diff --git a/app/src/app_ui/menu.rs b/app/src/app_ui/menu.rs
@@ -73,12 +73,11 @@ pub fn ui_menu_main(_: &mut Comm) -> Event<Instruction> {
     let production_build = option_env!("PRODUCTION_BUILD").unwrap_or("1");
     let app_version = option_env!("APPVERSION_STR").unwrap_or("v0.0.0");
 
-    let name: &str;
-    if production_build == "0" {
-        name = "Ironfish DKG DEMO";
+    let name: &str = if production_build == "0" {
+        "Ironfish DKG DEMO"
     } else {
-        name = "Ironfish DKG";
-    }
+        "Ironfish DKG"
+    };
 
     // Display the home screen.
     NbglHomeAndSettings::new()

diff --git a/app/src/app_ui/run_action.rs b/app/src/app_ui/run_action.rs
@@ -97,7 +97,7 @@ pub fn ui_review_transaction<'a>(
 }
 
 #[inline(never)]
-pub fn ui_review_get_identity<'a>(i_index: u8) -> Result<bool, AppSW> {
+pub fn ui_review_get_identity(i_index: u8) -> Result<bool, AppSW> {
     zlog_stack("s review_get_identity\0");
     app_canary();
 
@@ -112,7 +112,7 @@ pub fn ui_review_get_identity<'a>(i_index: u8) -> Result<bool, AppSW> {
 }
 
 #[inline(never)]
-pub fn ui_review_get_keys<'a>(data: &Vec<u8>, key_type: u8) -> Result<bool, AppSW> {
+pub fn ui_review_get_keys(data: &Vec<u8>, key_type: u8) -> Result<bool, AppSW> {
     zlog_stack("s ui_review_get_keys\0");
     app_canary();
 
@@ -178,7 +178,7 @@ pub fn ui_review_get_keys<'a>(data: &Vec<u8>, key_type: u8) -> Result<bool, AppS
 }
 
 #[inline(never)]
-pub fn ui_review_get_current_identity<'a>(i_index: u8) -> Result<bool, AppSW> {
+pub fn ui_review_get_current_identity(i_index: u8) -> Result<bool, AppSW> {
     zlog_stack("s review_current_identity\0");
     app_canary();
 
@@ -199,11 +199,7 @@ pub fn ui_review_get_current_identity<'a>(i_index: u8) -> Result<bool, AppSW> {
 }
 
 #[inline(never)]
-pub fn ui_review_dkg_round1<'a>(
-    i_index: u8,
-    min_signers: u8,
-    participants: u8,
-) -> Result<bool, AppSW> {
+pub fn ui_review_dkg_round1(i_index: u8, min_signers: u8, participants: u8) -> Result<bool, AppSW> {
     zlog_stack("s review_dkg_round1\0");
 
     let i_index_str = int_to_str(i_index);
@@ -229,7 +225,7 @@ pub fn ui_review_dkg_round1<'a>(
 }
 
 #[inline(never)]
-pub fn ui_review_dkg_round2<'a>(i_index: u8, round1_public_package_len: u8) -> Result<bool, AppSW> {
+pub fn ui_review_dkg_round2(i_index: u8, round1_public_package_len: u8) -> Result<bool, AppSW> {
     zlog_stack("s review_dkg_round2\0");
     app_canary();
 
@@ -251,7 +247,7 @@ pub fn ui_review_dkg_round2<'a>(i_index: u8, round1_public_package_len: u8) -> R
 }
 
 #[inline(never)]
-pub fn ui_review_backup_keys<'a>(
+pub fn ui_review_backup_keys(
     public_address: Vec<u8>,
     participants: u8,
     min_signers: u8,
@@ -283,7 +279,7 @@ pub fn ui_review_backup_keys<'a>(
 }
 
 #[inline(never)]
-pub fn ui_review_dkg_round3<'a>(
+pub fn ui_review_dkg_round3(
     i_index: u8,
     round1_public_package_len: u8,
     round2_public_package_len: u8,
@@ -326,7 +322,7 @@ pub fn ui_review_dkg_round3<'a>(
 }
 
 #[inline(never)]
-pub fn ui_review_restore_keys<'a>(
+pub fn ui_review_restore_keys(
     public_address: Vec<u8>,
     participants: u8,
     min_signers: u8,
@@ -397,6 +393,6 @@ pub fn ui_review<'a>(
             .titles(title, _subtitle, _finish_title)
             .glyph(&ICON);
 
-        Ok(review.show(&fields))
+        Ok(review.show(fields))
     }
 }
diff --git a/app/src/context.rs b/app/src/context.rs
@@ -25,3 +25,9 @@ impl TxContext {
         self.done = false;
     }
 }
+
+impl Default for TxContext {
+    fn default() -> Self {
+        Self::new()
+    }
+}
diff --git a/app/src/crypto/chacha20poly.rs b/app/src/crypto/chacha20poly.rs
@@ -76,9 +76,9 @@ pub fn compute_key() -> EncryptionKeyGuard {
     let path_0: Vec<u32> = vec![
         (0x80000000 | 0x2c),
         (0x80000000 | 0x53a),
-        (0x80000000 | 0x0),
-        (0x80000000 | 0x0),
-        (0x80000000 | 0x0),
+        (0x80000000), // (0x80000000 | 0x0)
+        (0x80000000), // (0x80000000 | 0x0)
+        (0x80000000), // (0x80000000 | 0x0)
     ];
 
     let mut secret_key_0 = Secret::<ED25519_KEY_LEN>::new();

diff --git a/app/src/crypto/keys.rs b/app/src/crypto/keys.rs
@@ -111,15 +111,15 @@ pub(crate) fn compute_dkg_secret(index: u8) -> IronfishSecretGuard {
     let path_0: Vec<u32> = vec![
         (0x80000000 | 0x2c),
         (0x80000000 | 0x53a),
-        (0x80000000 | 0x0),
-        (0x80000000 | 0x0),
+        (0x80000000), // (0x80000000 | 0x0)
+        (0x80000000), // (0x80000000 | 0x0)
         (0x80000000 | index_1),
     ];
     let path_1: Vec<u32> = vec![
         (0x80000000 | 0x2c),
         (0x80000000 | 0x53a),
-        (0x80000000 | 0x0),
-        (0x80000000 | 0x0),
+        (0x80000000), // (0x80000000 | 0x0)
+        (0x80000000), //(0x80000000 | 0x0)
         (0x80000000 | index_2),
     ];
 

diff --git a/app/src/handlers/dkg_backup_keys.rs b/app/src/handlers/dkg_backup_keys.rs
@@ -42,7 +42,7 @@ pub fn handler_dkg_backup_keys(comm: &mut Comm, ctx: &mut TxContext) -> Result<(
     let data = DkgKeys.backup_keys()?;
     let key = compute_key();
 
-    let resp = encrypt(&key, data.as_slice().as_ref())?;
+    let resp = encrypt(&key, data.as_slice())?;
 
     let total_chunks = save_result(ctx, resp.as_slice())?;
     comm.append(&total_chunks);

diff --git a/app/src/handlers/dkg_round_1.rs b/app/src/handlers/dkg_round_1.rs
@@ -102,13 +102,13 @@ fn parse_tx(buffer: &Buffer) -> Result<Tx, AppSW> {
 fn compute_dkg_round_1(_comm: &mut Comm, secret: &Secret, tx: &mut Tx) -> Result<Vec<u8>, AppSW> {
     zlog("start compute_dkg_round_1\n\0");
 
-    let mut rng = LedgerRng {};
+    let rng = LedgerRng {};
 
     let (mut round1_secret_package_vec, round1_public_package) = dkg::round1::round1(
         &secret.to_identity(),
         tx.min_signers as u16,
         &tx.identities,
-        &mut rng,
+        rng,
     )
     .unwrap();
 

diff --git a/app/src/handlers/dkg_round_2.rs b/app/src/handlers/dkg_round_2.rs
@@ -112,21 +112,21 @@ fn compute_dkg_round_2(
 ) -> Result<(Vec<u8>, CombinedPublicPackage), AppSW> {
     zlog_stack("start compute_dkg_round_2\0");
 
-    let mut rng = LedgerRng {};
+    let rng = LedgerRng {};
     let secret = compute_dkg_secret(identity_index);
 
     dkg::round2::round2(
         &secret,
         round_1_secret_package,
         &round_1_public_packages,
-        &mut rng,
+        rng,
     )
     .map_err(|_| AppSW::DkgRound2Fail)
 }
 
 #[inline(never)]
 fn generate_response(
-    mut round2_secret_package_vec: &mut Vec<u8>,
+    round2_secret_package_vec: &mut Vec<u8>,
     round2_public_package: &CombinedPublicPackage,
 ) -> Vec<u8> {
     let mut resp: Vec<u8> = Vec::new();
@@ -141,7 +141,7 @@ fn generate_response(
         ]
         .to_vec(),
     );
-    resp.append(&mut round2_secret_package_vec);
+    resp.append(round2_secret_package_vec);
     resp.append(
         &mut [
             (round2_public_package_len >> 8) as u8,

diff --git a/app/src/ironfish/multisig.rs b/app/src/ironfish/multisig.rs
@@ -44,7 +44,7 @@ pub fn derive_account_keys(
         .expect("failied to derive authorizing key");
 
     // Nullifier keys (nsk and nk), derived from the gsk
-    let proof_authorizing_key = Fr::from(group_secret_key.sapling_proof_generation_key().nsk);
+    let proof_authorizing_key = group_secret_key.sapling_proof_generation_key().nsk;
     let nullifier_deriving_key_ep =
         PROOF_GENERATION_KEY_GENERATOR.multiply_bits(&proof_authorizing_key.to_bytes());
     let nullifier_deriving_key = AffinePoint::from(&nullifier_deriving_key_ep);

diff --git a/app/src/ironfish/public_address.rs b/app/src/ironfish/public_address.rs
@@ -44,7 +44,7 @@ impl PublicAddress {
     pub fn new(bytes: &[u8; PUBLIC_ADDRESS_SIZE]) -> Result<Self, IronfishError> {
         Option::from(AffinePoint::from_bytes(*bytes))
             .map(PublicAddress)
-            .ok_or_else(|| IronfishError::InvalidPaymentAddress)
+            .ok_or(IronfishError::InvalidPaymentAddress)
     }
 
     /// Initialize a public address from a sapling key. Typically constructed from

diff --git a/app/src/nvm.rs b/app/src/nvm.rs
@@ -41,5 +41,5 @@ pub(crate) fn get_and_clear_tx_hash() -> Option<[u8; 32]> {
 pub(crate) fn get_tx_hash() -> Option<[u8; 32]> {
     zlog_stack("copy tx hash\0");
     let global = GLOBAL.lock();
-    global.clone()
+    *global
 }
diff --git a/app/src/nvm/dkg_keys.rs b/app/src/nvm/dkg_keys.rs
@@ -172,7 +172,7 @@ impl DkgKeys {
         self.set_u16(pos, (identities.len() * IDENTITY_LEN) as u16)?;
         pos += 2;
 
-        for i in identities.into_iter() {
+        for i in identities.iter() {
             let slice = i.serialize();
             self.set_slice(pos, slice.as_slice())?;
             pos += IDENTITY_LEN;

diff --git a/app/src/parser/asset_identifier.rs b/app/src/parser/asset_identifier.rs
@@ -23,7 +23,7 @@ impl AssetIdentifier {
 
 impl Display for AssetIdentifier {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
-        write!(f, "{}", hex::encode(&self.0))
+        write!(f, "{}", hex::encode(self.0))
     }
 }
 

diff --git a/app/src/parser/merkle_note.rs b/app/src/parser/merkle_note.rs
@@ -112,7 +112,7 @@ impl<'a> MerkleNote<'a> {
         let encryption_key = calculate_key_for_encryption_keys(
             spender_key,
             &self.value_commitment,
-            &self.note_commitment,
+            self.note_commitment,
             &self.ephemeral_public_key.to_bytes(),
         );
 
@@ -125,7 +125,7 @@ impl<'a> MerkleNote<'a> {
             read_fr(&note_encryption_keys[32..]).map_err(|_| IronfishError::InvalidScalar)?;
         let shared_key = shared_secret(&secret_key, &public_address.0, &self.ephemeral_public_key);
         let note =
-            Note::from_spender_encrypted(public_address.0, &shared_key, &self.encrypted_note)?;
+            Note::from_spender_encrypted(public_address.0, &shared_key, self.encrypted_note)?;
 
         // FIXME: Verify the node commitment
         // note.verify_commitment(self.note_commitment)?;

diff --git a/app/src/parser/transaction.rs b/app/src/parser/transaction.rs
@@ -146,7 +146,7 @@ impl<'a> Transaction<'a> {
         zlog_stack("Transaction::review_fields\n");
 
         let mut fields = Vec::new();
-        let mut buffer = [b'0'; INT_BUFFER_SIZE as usize];
+        let mut buffer = [b'0'; INT_BUFFER_SIZE];
 
         // Add transaction version
         fields.push((
@@ -210,26 +210,26 @@ impl<'a> Transaction<'a> {
         hasher.update(&[self.tx_version as u8]);
 
         let expiration = self.expiration.to_le_bytes();
-        let fee = (self.fee as i64).to_le_bytes();
+        let fee = (self.fee).to_le_bytes();
         hasher.update(&expiration);
         hasher.update(&fee);
 
         hasher.update(self.random_pubkey);
 
         for spend in self.spends.iter() {
-            spend.hash(&mut hasher);
+            spend.run_hash(&mut hasher);
         }
 
         for output in self.outputs.iter() {
-            output.hash(&mut hasher);
+            output.run_hash(&mut hasher);
         }
 
         for mint in self.mints.iter() {
-            mint.hash(&mut hasher);
+            mint.run_hash(&mut hasher);
         }
 
         for burn in self.burns.iter() {
-            burn.hash(&mut hasher);
+            burn.run_hash(&mut hasher);
         }
 
         let mut hash_result = [0; 32];

diff --git a/app/src/parser/transaction/burns.rs b/app/src/parser/transaction/burns.rs
@@ -35,7 +35,7 @@ impl<'a> FromBytes<'a> for Burn<'a> {
 
 impl<'a> Burn<'a> {
     #[inline(never)]
-    pub fn hash(&self, hasher: &mut State) {
+    pub fn run_hash(&self, hasher: &mut State) {
         // both serialization and
         // hashing uses the same serialize_signature_fields
         // function so we can be sure inner data is correctly passed

diff --git a/app/src/parser/transaction/mints.rs b/app/src/parser/transaction/mints.rs
@@ -45,8 +45,7 @@ impl<'a> MintList<'a> {
             let rem = Mint::parse_into(remaining, version, &mut mint)?;
             let obj_ptr = mint.as_mut_ptr();
             unsafe {
-                if !version.has_mint_transfer_ownership_to()
-                    && (&*obj_ptr).has_transfer_ownership_to
+                if !version.has_mint_transfer_ownership_to() && (*obj_ptr).has_transfer_ownership_to
                 {
                     return Err(ParserError::InvalidMint.into());
                 }
@@ -140,7 +139,7 @@ impl<'a> Mint<'a> {
     }
 
     #[inline(never)]
-    pub fn hash(&self, hasher: &mut State) {
+    pub fn run_hash(&self, hasher: &mut State) {
         // both serialization and
         // hashing uses the same serialize_signature_fields
         // function so we can be sure inner data is correctly passed

diff --git a/app/src/parser/transaction/outputs.rs b/app/src/parser/transaction/outputs.rs
@@ -71,7 +71,7 @@ impl<'a> Output<'a> {
     }
 
     #[inline(never)]
-    pub fn hash(&self, hasher: &mut State) {
+    pub fn run_hash(&self, hasher: &mut State) {
         // both serialization and
         // hashing uses the same serialize_signature_fields
         // function so we can be sure inner data is correctly passed

diff --git a/app/src/parser/transaction/spends.rs b/app/src/parser/transaction/spends.rs
@@ -34,7 +34,7 @@ impl<'a> FromBytes<'a> for Spend<'a> {
 
 impl<'a> Spend<'a> {
     #[inline(never)]
-    pub fn hash(&self, hasher: &mut State) {
+    pub fn run_hash(&self, hasher: &mut State) {
         const PUBLIC_KEY_RANDOMNESS_LEN: usize = 32;
         const AUTHORIZING_SIGNATURE_LEN: usize = 64;
 

diff --git a/app/src/utils.rs b/app/src/utils.rs
@@ -18,11 +18,11 @@ pub fn str_to_array<const SIZE: usize>(string: &str) -> [u8; SIZE] {
 }
 
 #[inline(never)]
-pub fn int_to_str<'a>(num: u8) -> String {
+pub fn int_to_str(num: u8) -> String {
     use lexical_core::BUFFER_SIZE as INT_BUFFER_SIZE;
 
     zlog_stack("start int_to_str\0");
-    let mut buffer = [b'0'; INT_BUFFER_SIZE as usize];
+    let mut buffer = [b'0'; INT_BUFFER_SIZE];
     let raw = lexical_core::write(num, &mut buffer);
     let num_str = core::str::from_utf8(raw).unwrap();
     zlog_stack("after int_to_str\0");