Zondax
diff --git a/‎.clang-format
Lines changed: 10 additions & 0 deletions b/‎.clang-format
Lines changed: 10 additions & 0 deletions
diff --git a/‎.clang-tidy
Lines changed: 23 additions & 0 deletions b/‎.clang-tidy
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/workflows/check_version.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check_version.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/lint.yml
Lines changed: 14 additions & 7 deletions b/‎.github/workflows/lint.yml
Lines changed: 14 additions & 7 deletions
diff --git a/‎.github/workflows/main.yml
Lines changed: 85 additions & 0 deletions b/‎.github/workflows/main.yml
Lines changed: 85 additions & 0 deletions
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile
Lines changed: 2 additions & 1 deletion b/‎Makefile
Lines changed: 2 additions & 1 deletion
diff --git a/‎app/FUZZING.md
Lines changed: 8 additions & 1 deletion b/‎app/FUZZING.md
Lines changed: 8 additions & 1 deletion
diff --git a/‎app/hfuzz-parser/Cargo.lock
Lines changed: 33 additions & 0 deletions b/‎app/hfuzz-parser/Cargo.lock
Lines changed: 33 additions & 0 deletions
diff --git a/‎app/hfuzz-parser/corpus/Cargo.lock
Lines changed: 16 additions & 0 deletions b/‎app/hfuzz-parser/corpus/Cargo.lock
Lines changed: 16 additions & 0 deletions
@@ -0,0 +1,10 @@
+BasedOnStyle: Google
+IndentWidth: 4
+ColumnLimit: 125
+DerivePointerAlignment: false
+PointerAlignment: Right
+AllowShortFunctionsOnASingleLine: None
+AlignConsecutiveMacros:
+  Enabled: true
+  AcrossEmptyLines: true
+  AcrossComments: false
@@ -0,0 +1,23 @@
+Checks: "-*,
+  clang-diagnostic-*,
+  clang-analyzer-*,
+  cppcoreguidelines-init-variables,
+  google-runtime-int,
+  google-readability-avoid-underscore-in-googletest-name,
+  misc-*,
+  performance-*,
+  portability-*,
+  readability-*,
+  -misc-no-recursion,
+  -readability-function-cognitive-complexity
+  -readability-magic-numbers"
+WarningsAsErrors: "*"
+CheckOptions:
+  - key: readability-identifier-length.MinimumVariableNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumParameterNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumLoopCounterNameLength
+    value: 1
+  - key: readability-magic-numbers.IgnorePowersOf2IntegerValues
+    value: true
@@ -7,7 +7,7 @@ on:
       - main
       - develop
       - master # for safety reasons
-      - dev  # for safety reasons
+      # - dev  # for safety reasons
 
 jobs:
   configure:
 
@@ -2,27 +2,34 @@ name: Lint and format 💅
 
 on:
   workflow_dispatch:
-  # push:
-  # pull_request:
-  #   branches:
-  #     - main
-  #     - develop
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev # for safety reasons
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
     container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Add missing deps
+        env:
+          DEBIAN_FRONTEND: noninteractive
         run: |
-          DEBIAN_FRONTEND=noninteractive
           apt-get update
           apt-get install -y bear sudo
       - name: Generate compilation database
         run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
       - name: Lint and format 💅
         uses: cpp-linter/cpp-linter-action@v2
         id: linter
 
@@ -57,6 +57,10 @@ jobs:
         run: |
           cd ./app/rust
           cargo clippy --all-targets --features "clippy"
+      - name: cargo fmt
+        run: |
+          cd ./app/rust
+          cargo fmt
 
   build_ledger:
     needs: configure
@@ -264,3 +268,84 @@ jobs:
           tag_name: ${{ steps.flex.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  fuzzing:
+    name: fuzzing
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container:
+      image: rust:latest
+    steps:
+      - uses: actions/checkout@v3
+
+      # Install only the additional dependencies needed for honggfuzz
+      - name: Install system dependencies
+        run: |
+          apt-get update && apt-get install -y \
+            binutils-dev \
+            libunwind-dev \
+            libblocksruntime-dev \
+            liblzma-dev
+
+      - name: Install honggfuzz
+        run: cargo install honggfuzz
+
+      - name: Generate corpus
+        run: |
+          cd app/hfuzz-parser/corpus
+          cargo run
+
+      # Different fuzzing durations based on trigger
+      - name: Quick fuzz (PR)
+        if: github.event_name == 'push'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 5m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Medium fuzz (main)
+        if: github.event_name == 'pull_request'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 15m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Extended fuzz (weekly)
+        if: github.event_name == 'schedule'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 30m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Check for crashes
+        run: |
+          if ls app/hfuzz-parser/hfuzz_workspace/transaction/SIGABRT.PC.* 1> /dev/null 2>&1; then
+            echo "::error::Crashes found during fuzzing!"
+            exit 1
+          fi
+
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: crash-reports
+          path: |
+            app/hfuzz-parser/hfuzz_workspace/transaction/SIGABRT.PC.*
+            app/hfuzz-parser/hfuzz_workspace/transaction/HONGGFUZZ.REPORT.TXT
+            app/hfuzz-parser/hfuzz_workspace/transaction/input/
+
+      - name: Cache corpus
+        uses: actions/cache@v3
+        with:
+          path: app/hfuzz_corpus
+          key: ${{ runner.os }}-fuzz-corpus-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-fuzz-corpus-
+
+      - name: Notify on failure
+        if: failure()
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: 'Fuzzing found crashes',
+              body: 'Fuzzing job failed. Check the artifacts in the workflow run.'
+            })
@@ -90,5 +90,6 @@ app/output/*.sha256
 app/pkg/*
 
 app/rust/.cargo/.package-cache-mutate
+app/hfuzz_corpus
 
 
@@ -45,7 +45,8 @@ prod:
 	make PRODUCTION_BUILD=1
 
 rust_fuzz:
-	cd app/hfuzz-parser/ && cargo hfuzz run transaction
+	cd app/hfuzz-parser/corpus/ && cargo run
+	cd app/hfuzz-parser/ && cargo hfuzz run transaction app/hfuzz_corpus
 
 
 
@@ -35,6 +35,13 @@ cargo hfuzz run-debug transaction hfuzz_workspace/*/*.fuzz
 
 ```
 
-This will deploy a gdb console with a backtrace with the first crash
+To opt to use _gdb_ instead of `lldb`, you can configure it before running the debugger with:
+
+```bash
+export HFUZZ_DEBUGGER="rust-gdb"
+
+```
+
+This will deploy a **gdb** console with a backtrace with the first crash
 
 _note_: There could be more than one _.fuzz_ file.
Original file line number	Diff line number	Diff line change
`@@ -90,5 +90,6 @@ app/output/*.sha256`
`90`	`90`	`app/pkg/*`
`91`	`91`
`92`	`92`	`app/rust/.cargo/.package-cache-mutate`
	`93`	`+app/hfuzz_corpus`
`93`	`94`
`94`	`95`