LedgerHQ · cedelavergne-ledger · Jan 28, 2025 · Jan 2, 2025 · Jan 6, 2025 · Jan 3, 2025
diff --git a/.clang-format b/.clang-format
@@ -1,7 +1,6 @@
 ---
 BasedOnStyle: Google
 IndentWidth: 4
----
 Language: Cpp
 ColumnLimit: 100
 PointerAlignment: Right

diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
@@ -6,4 +6,4 @@ pushd fuzzing
 cmake -DBOLOS_SDK=../BOLOS_SDK -Bbuild -H.
 make -C build
 mv ./build/fuzz_tx_parser "${OUT}"
-popd
+popd
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
@@ -1 +1 @@
-language: c
+language: c
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,8 +1,11 @@
 # Checklist
+
 <!-- Put an `x` in each box when you have completed the items. -->
+
 - [ ] App update process has been followed <!-- See comment below -->
 - [ ] Target branch is `develop` <!-- unless you have a very good reason -->
 - [ ] Application version has been bumped <!-- required if your changes are to be deployed -->
 
-<!-- Make sure you followed the process described in https://developers.ledger.com/docs/device-app/deliver/maintenance before opening your Pull Request.
+<!-- Make sure you followed the process described in https://developers.ledger.com/docs/device-app/deliver/maintenance
+before opening your Pull Request.
 Don't hesitate to contact us directly on Discord if you have any questions ! https://developers.ledger.com/discord -->
diff --git a/.github/workflows/build_and_functional_tests.yml b/.github/workflows/build_and_functional_tests.yml
@@ -16,7 +16,7 @@ on:
         type: choice
         required: true
         default: 'Raise an error (default)'
-        description: CI behavior if the test snaphots are different than expected.
+        description: CI behavior if the test snapshots are different than expected.
         options:
           - 'Raise an error (default)'
           - 'Open a PR'

diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml
@@ -23,19 +23,18 @@ jobs:
           - mode: coverage
             sanitizer: coverage
     steps:
-    - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        language: c # Change this to the language you are fuzzing.
-        sanitizer: ${{ matrix.sanitizer }}
-    - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: ${{ matrix.mode }}
-        sanitizer: ${{ matrix.sanitizer }}
-
+      - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          language: c # Change this to the language you are fuzzing.
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300 # 5 minutes
+          mode: ${{ matrix.mode }}
+          sanitizer: ${{ matrix.sanitizer }}
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
@@ -13,31 +13,31 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+        sanitizer: [address, undefined, memory]  # Override this with the sanitizers you want.
     steps:
-    - name: Build Fuzzers (${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        language: c # Change this to the language you are fuzzing.
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        sanitizer: ${{ matrix.sanitizer }}
-        # Optional but recommended: used to only run fuzzers that are affected
-        # by the PR.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
-    - name: Run Fuzzers (${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: 'code-change'
-        sanitizer: ${{ matrix.sanitizer }}
-        output-sarif: true
-        # Optional but recommended: used to download the corpus produced by
-        # batch fuzzing.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: c  # Change this to the language you are fuzzing.
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sanitizer: ${{ matrix.sanitizer }}
+          # Optional but recommended: used to only run fuzzers that are affected
+          # by the PR.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300  # 5 minutes
+          mode: 'code-change'
+          sanitizer: ${{ matrix.sanitizer }}
+          output-sarif: true
+          # Optional but recommended: used to download the corpus produced by
+          # batch fuzzing.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
diff --git a/.github/workflows/codeql_checks.yml b/.github/workflows/codeql_checks.yml
@@ -17,20 +17,21 @@ jobs:
   analyse:
     name: Analyse
     strategy:
+      fail-fast: false
       matrix:
         sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
-        #'cpp' covers C and C++
-        language: [ 'cpp' ]
+        # 'cpp' covers C and C++
+        language: ['cpp']
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
@@ -41,4 +42,4 @@ jobs:
           make BOLOS_SDK=${{ matrix.sdk }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/coding_style_checks.yml b/.github/workflows/coding_style_checks.yml
@@ -22,4 +22,4 @@ jobs:
     with:
       source: './src'
       extensions: 'h,c'
-      version: 11
+      version: 12
diff --git a/.github/workflows/documentation_generation.yml b/.github/workflows/documentation_generation.yml
@@ -18,12 +18,12 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: HTML documentation
         run: doxygen .doxygen/Doxyfile
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: documentation
           path: doc/html
diff --git a/.github/workflows/misspellings_checks.yml b/.github/workflows/misspellings_checks.yml
@@ -18,11 +18,11 @@ jobs:
     name: Check misspellings
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
+      - name: Clone
+        uses: actions/checkout@v4
 
-    - name: Check misspellings
-      uses: codespell-project/actions-codespell@v1
-      with:
-        builtin: clear,rare
-        check_filenames: true
+      - name: Check misspellings
+        uses: codespell-project/actions-codespell@v2
+        with:
+          builtin: clear,rare
+          check_filenames: true
diff --git a/.github/workflows/python_client_checks.yml b/.github/workflows/python_client_checks.yml
@@ -14,31 +14,28 @@ on:
   pull_request:
 
 jobs:
-
   lint:
     name: Boilerplate client linting
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install pylint
-        pip install -r tests/requirements.txt
-    - name: Lint Python code
-      run: |
-        pylint --rc tests/setup.cfg tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - name: Installing PIP dependencies
+        run: |
+          pip install pylint
+          pip install -r tests/requirements.txt
+      - name: Lint Python code
+        run: pylint --rc tests/setup.cfg tests/application_client/
 
   mypy:
     name: Type checking
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install mypy
-        pip install -r tests/requirements.txt
-    - name: Mypy type checking
-      run: |
-        mypy tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - name: Installing PIP dependencies
+        run: |
+          pip install mypy
+          pip install -r tests/requirements.txt
+      - name: Mypy type checking
+        run: mypy tests/application_client/
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
@@ -18,10 +18,10 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Clone SDK
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ledgerHQ/ledger-secure-sdk
           path: sdk
@@ -41,7 +41,7 @@ jobs:
           lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info && \
           genhtml coverage.info -o coverage
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: code-coverage
           path: unit-tests/coverage

diff --git a/.mdl.rb b/.mdl.rb
@@ -0,0 +1,11 @@
+# Style file for mdl
+# https://github.com/markdownlint/markdownlint/blob/main/docs/creating_styles.md
+
+# Include all rules
+all
+
+# Disable specific rules
+#exclude_rule 'MD012'
+
+# Update rules configuration
+rule 'MD013', :line_length => 120
diff --git a/.mdlrc b/.mdlrc
@@ -0,0 +1,14 @@
+# markdownlint config file
+
+# Use custom style file
+style "#{File.dirname(__FILE__)}/.mdl.rb"
+
+# MD002 - First header in file should be a top level header
+# MD005 - Inconsistent indentation for list items at the same level
+# MD007 - Unordered list indentation
+# MD014 - Dollar signs used before commands without showing output
+# MD024 - Multiple headers with the same content
+# MD029 - Ordered list item prefix
+# MD033 - Inline HTML
+# MD041 - First line in file should be a top level header
+rules "~MD002,~MD005,~MD007,~MD014,~MD024,~MD029,~MD033,~MD041"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,47 @@
+# To install hooks, run:
+# pre-commit install --hook-type pre-commit
+# pre-commit install --hook-type commit-msg
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-case-conflict
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+
+  - repo: https://github.com/pre-commit/mirrors-clang-format
+    rev: v12.0.1
+    hooks:
+      - id: clang-format
+        types_or: [c]
+
+  - repo: https://github.com/Mateusz-Grzelinski/actionlint-py
+    rev: v1.7.6.22
+    hooks:
+      - id: actionlint
+        types_or: [yaml]
+        args: [-shellcheck='' -pyflakes='']
+
+  - repo: https://github.com/markdownlint/markdownlint
+    rev: v0.12.0
+    hooks:
+      - id: markdownlint
+        types_or: [markdown]
+
+  - repo: https://github.com/PyCQA/pylint
+    rev: v3.3.3
+    hooks:
+      - id: pylint
+        language: system
+        types: [python]
+        args: ['--jobs=0', '--rcfile=tests/setup.cfg']
+        files: '^tests/.*$'