Fix/ldg 445audit fix

README.md

@@ -154,6 +154,10 @@ Many of our integration tests expect the device to be configured with a known te
 
 ### Loading into your development device
 
+To easily setup a development environment for compilation and loading on a physical device, you can use the [VSCode integration](https://marketplace.visualstudio.com/items?itemName=LedgerHQ.ledger-dev-tools) whether you are on Linux, macOS or Windows.
+
+If you prefer using a terminal to perform the steps manually, you can do the following:
+
 The Makefile will build the firmware in a docker container and leave the binary in the correct directory.
 
 - Build
@@ -163,9 +167,10 @@ The Makefile will build the firmware in a docker container and leave the binary
    ```
 
 - Upload to a device
-   The following command will upload the application to the ledger. _Warning: The application will be deleted before uploading._
+   The following commands will upload the application to the ledger. _Warning: The application will be deleted before uploading._
    ```
-   make load          # Builds and loads the app to the device
+   make shellS          # Or shellS2, shellX
+   make load
    ```
 
 ## APDU Specifications

app/Makefile

@@ -66,7 +66,6 @@ endif
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.platform
 DEFINES += HAVE_HASH HAVE_BLAKE2 HAVE_SHA256 HAVE_SHA512
 CFLAGS += -I$(MY_DIR)/../deps/tinycbor/src
-CFLAGS += -g3 -ggdb3 -O3
 APP_SOURCE_PATH += $(MY_DIR)/../deps/tinycbor-ledger
 APP_SOURCE_PATH += $(MY_DIR)/../deps/jsmn/src
 

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=2
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=3
 # This is the patch version of this release
-APPVERSION_P=0
+APPVERSION_P=1

app/src/chain_config.c

@@ -17,7 +17,7 @@
 #include <zxmacros.h>
 
 address_encoding_e checkChainConfig(uint32_t path) {
-    // Always allowed for 118 (default Cosmos)
+    // Always allowed for 931 (default THORChain)
     if (path == HDPATH_1_DEFAULT) {
         return BECH32_COSMOS;
     }

app/src/crypto.c

@@ -199,7 +199,7 @@ zxerr_t crypto_fillAddress(uint8_t *buffer, uint16_t buffer_len, uint16_t *addrR
                 return zxerr_unknown;
             }
             CHECK_CX_OK(cx_hash_no_throw((cx_hash_t *)&ctx, CX_LAST, uncompressedPubkey+1, sizeof(uncompressedPubkey)-1, hashed1_pk, sizeof(hashed1_pk)));
-            CHECK_ZXERR(bech32EncodeFromBytes(addr, buffer_len - PK_LEN_SECP256K1, bech32_hrp, hashed1_pk + 12, sizeof(hashed1_pk) - 12, 1, BECH32_ENCODING_BECH32));
+            CHECK_ZXERR(bech32EncodeFromBytes(addr, buffer_len - PK_LEN_SECP256K1, bech32_hrp, hashed1_pk + ETH_ADDRESS_OFFSET, sizeof(hashed1_pk) - ETH_ADDRESS_OFFSET, 1, BECH32_ENCODING_BECH32));
             break;
         }
 

app/src/crypto.h

@@ -27,6 +27,7 @@ extern "C" {
 #include "zxerror.h"
 
 #define MAX_BECH32_HRP_LEN      83u
+#define ETH_ADDRESS_OFFSET      12u
 
 extern uint32_t hdPath[HDPATH_LEN_DEFAULT];
 extern char bech32_hrp[MAX_BECH32_HRP_LEN + 1];

app/src/json/json_parser.c

@@ -22,6 +22,10 @@
 #define EQUALS(_P, _Q, _LEN) (MEMCMP( (const void*) PIC(_P), (const void*) PIC(_Q), (_LEN))==0)
 
 parser_error_t json_parse(parsed_json_t *parsed_json, const char *buffer, uint16_t bufferLen) {
+    if (parsed_json == NULL) {
+        return parser_init_context_empty;
+    }
+
     jsmn_parser parser;
     jsmn_init(&parser);
 
@@ -78,7 +82,7 @@ parser_error_t array_get_element_count(const parsed_json_t *json,
                                        uint16_t array_token_index,
                                        uint16_t *number_elements) {
     *number_elements = 0;
-    if (array_token_index < 0 || array_token_index > json->numberOfTokens) {
+    if (array_token_index > json->numberOfTokens) {
         return parser_no_data;
     }
 

app/src/secret.c

@@ -29,7 +29,6 @@ void secret_accept() {
 #endif
 }
 
-//static char *secret_message = "";
 
 zxerr_t secret_getNumItems(uint8_t *num_items) {
     *num_items = 0;

app/src/tx_validate.c

@@ -38,6 +38,10 @@ int8_t is_space(char c) {
 }
 
 int8_t contains_whitespace(parsed_json_t *json) {
+    if (json == NULL){
+        return 1;
+    }
+
     int start = 0;
     const int last_element_index = json->tokens[0].end;
 

tests_zemu/package.json

@@ -18,7 +18,7 @@
     "test": "yarn clean && jest --maxConcurrency 2"
   },
   "dependencies": {
-    "@zondax/ledger-cosmos-js": "^3.0.3",
+    "@blooo/ledger-thorchain-js": "^1.0.1",
     "@zondax/zemu": "^0.46.0"
   },
   "devDependencies": {

tests_zemu/tests/thor.test.ts

@@ -16,7 +16,7 @@
 
 import Zemu, { ClickNavigation, TouchNavigation, IDeviceModel } from '@zondax/zemu'
 // @ts-ignore
-import { CosmosApp } from '@zondax/ledger-cosmos-js'
+import { ThorchainApp } from '@blooo/ledger-thorchain-js'
 import {
   defaultOptions,
   DEVICE_MODELS,
@@ -37,7 +37,7 @@ async function signAndVerifyTransaction(m: IDeviceModel, test_name: String, tran
   const sim = new Zemu(m.path);
   try {
     await sim.start({ ...defaultOptions, model: m.name });
-    const app = new CosmosApp(sim.getTransport());
+    const app = new ThorchainApp(sim.getTransport());
 
     const path = [44, 931, 0, 0, 0];
     const tx = Buffer.from(JSON.stringify(transaction), "utf-8");
@@ -50,7 +50,7 @@ async function signAndVerifyTransaction(m: IDeviceModel, test_name: String, tran
     console.log(respPk);
 
     // do not wait here..
-    const signatureRequest = app.sign(path, tx, hrp, AMINO_JSON_TX);
+    const signatureRequest = app.sign(path, tx, AMINO_JSON_TX);
 
     // Wait until we are not in the main menu
     await sim.waitUntilScreenIsNot(sim.getMainMenuSnapshot());