-
Notifications
You must be signed in to change notification settings - Fork 109
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #41 from LedgerHQ/develop
Merge develop into master (B2CA-1398)
- Loading branch information
Showing
564 changed files
with
18,167 additions
and
897 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
name: Sonarcloud | ||
|
||
on: | ||
push: | ||
branches: | ||
- disable | ||
pull_request: | ||
branches: | ||
- disable | ||
types: [opened, synchronize, reopened] | ||
|
||
jobs: | ||
build: | ||
name: SonarQube analyze | ||
runs-on: ubuntu-latest | ||
container: | ||
image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder@sha256:877adc3ff619222aaf03a490d546ea9001f02faa0c6ac7c06c876c99584f9cdb | ||
env: | ||
SONAR_SCANNER_VERSION: 4.7.0.2747 | ||
SONAR_SERVER_URL: "https://sonarcloud.io" | ||
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: | ||
submodules: true | ||
- name: Set up JDK 11 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 11 | ||
- name: Download and set up sonar-scanner | ||
env: | ||
SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip | ||
run: | | ||
apt-get update -y | ||
apt-get upgrade -y | ||
curl -sL https://deb.nodesource.com/setup_16.x | bash - | ||
apt-get install -y gcovr nodejs unzip | ||
mkdir -p $HOME/.sonar | ||
curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} | ||
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ | ||
echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH | ||
- name: Download and set up build-wrapper | ||
env: | ||
BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip | ||
run: | | ||
curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} | ||
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ | ||
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH | ||
- name: Run build-wrapper | ||
run: | | ||
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make clean all | ||
- name: Run sonar-scanner | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
run: | | ||
sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Path to sources | ||
# sonar.sources= | ||
# sonar.exclusions= | ||
# sonar.inclusions= | ||
|
||
# Path to tests | ||
# sonar.tests= | ||
# sonar.test.exclusions= | ||
# sonar.test.inclusions= | ||
|
||
# Source encoding | ||
# sonar.sourceEncoding= | ||
|
||
# Exclusions for copy-paste detection | ||
# sonar.cpd.exclusions= | ||
# Python version (for python projects only) | ||
# sonar.python.version= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Coordinated Vulnerability Disclosure Policy | ||
|
||
The Cosmos ecosystem believes that strong security is a blend of highly | ||
technical security researchers who care about security and the forward | ||
progression of the ecosystem and the attentiveness and openness of Cosmos core | ||
contributors to help continually secure our operations. | ||
|
||
> **IMPORTANT**: *DO NOT* open public issues on this repository for security | ||
> vulnerabilities. | ||
## Scope | ||
|
||
| Scope | | ||
|-----------------------| | ||
| last release (tagged) | | ||
| main branch | | ||
|
||
The latest **release tag** of this repository is supported for security updates | ||
as well as the **main** branch. Security vulnerabilities should be reported if | ||
the vulnerability can be reproduced on either one of those. | ||
|
||
## Reporting a Vulnerability | ||
|
||
| Reporting methods | | ||
|---------------------------------------------------------------| | ||
| [GitHub Private Vulnerability Reporting][gh-private-advisory] | | ||
| [HackerOne bug bounty program][h1] | | ||
|
||
All security vulnerabilities can be reported under GitHub's [Private | ||
vulnerability reporting][gh-private-advisory] system. This will open a private | ||
issue for the developers. Try to fill in as much of the questions as possible. | ||
If you are not familiar with the CVSS system for assessing vulnerabilities, just | ||
use the Low/High/Critical severity ratings. A partially filled in report for a | ||
critical vulnerability is still better than no report at all. | ||
|
||
Vulnerabilities associated with the **Go, Rust or Protobuf code** of the | ||
repository may be eligible for a [bug bounty][h1]. Please see the bug bounty | ||
page for more details on submissions and rewards. If you think the vulnerability | ||
is eligible for a payout, **report on HackerOne first**. | ||
|
||
Vulnerabilities in services and their source codes (JavaScript, web page, Google | ||
Workspace) are not in scope for the bug bounty program, but they are welcome to | ||
be reported in GitHub. | ||
|
||
### Guidelines | ||
|
||
We require that all researchers: | ||
|
||
* Abide by this policy to disclose vulnerabilities, and avoid posting | ||
vulnerability information in public places, including GitHub, Discord, | ||
Telegram, and Twitter. | ||
* Make every effort to avoid privacy violations, degradation of user experience, | ||
disruption to production systems (including but not limited to the Cosmos | ||
Hub), and destruction of data. | ||
* Keep any information about vulnerabilities that you’ve discovered confidential | ||
between yourself and the Cosmos engineering team until the issue has been | ||
resolved and disclosed. | ||
* Avoid posting personally identifiable information, privately or publicly. | ||
|
||
If you follow these guidelines when reporting an issue to us, we commit to: | ||
|
||
* Not pursue or support any legal action related to your research on this | ||
vulnerability | ||
* Work with you to understand, resolve and ultimately disclose the issue in a | ||
timely fashion | ||
|
||
### More information | ||
|
||
* See [TIMELINE.md] for an example timeline of a disclosure. | ||
* See [DISCLOSURE.md] to see more into the inner workings of the disclosure | ||
process. | ||
* See [EXAMPLES.md] for some of the examples that we are interested in for the | ||
bug bounty program. | ||
|
||
[gh-private-advisory]: /../../security/advisories/new | ||
[h1]: https://hackerone.com/cosmos | ||
[TIMELINE.md]: https://github.com/cosmos/security/blob/main/TIMELINE.md | ||
[DISCLOSURE.md]: https://github.com/cosmos/security/blob/main/DISCLOSURE.md | ||
[EXAMPLES.md]: https://github.com/cosmos/security/blob/main/EXAMPLES.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# This is the `transaction_version` field of `Runtime` | ||
APPVERSION_M=2 | ||
# This is the `spec_version` field of `Runtime` | ||
APPVERSION_N=34 | ||
APPVERSION_N=35 | ||
# This is the patch version of this release | ||
APPVERSION_P=14 | ||
APPVERSION_P=22 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.