LedgerHQ · sgliner-ledger · Nov 13, 2023 · Nov 6, 2023 · Nov 10, 2023 · Nov 13, 2023
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -12,56 +12,37 @@ on:
  types: [opened, synchronize, reopened]
 
 jobs:
- build:
- name: Build
+ sonarcloud:
  runs-on: ubuntu-latest
  container:
  image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
  env:
- SONAR_SCANNER_VERSION: 4.4.0.2170
- SONAR_SERVER_URL: "https://sonarcloud.io"
  BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
  steps:
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- - name: Set up JDK 11
- uses: actions/setup-java@v1
- with:
- java-version: 11
- - name: Download and set up sonar-scanner
- env:
- SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
- run: |
- apt-get update -y
- apt-get upgrade -y
- DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata
- apt-get install -y
- curl -sL https://deb.nodesource.com/setup_16.x | bash -
- apt-get install -y gcovr nodejs unzip libcmocka-dev lcov
- mkdir -p $HOME/.sonar
- curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} 
- unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
- echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
- - name: Download and set up build-wrapper
- env:
- BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip
- run: |
- curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }}
- unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
- echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- - name: Generate code coverage
- run: |
- cd unit-tests/
- cmake -Bbuild -H. && make -C build
- make -C build test
- gcovr --root .. --sonarqube coverage.xml
- - name: Run build-wrapper
- run: |
+ - uses: actions/checkout@v3
+ with:
+ # Disabling shallow clone is recommended for improving relevancy of reporting
+ fetch-depth: 0
+ - name: Install dependencies
+ run: |
+ apt-get update -y
+ apt-get upgrade -y
+ DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata
+ apt-get install -y libcmocka-dev gcovr unzip
+ - name: Install sonar-scanner and build-wrapper
+ uses: sonarsource/sonarcloud-github-c-cpp@v2
+ - name: Generate code coverage
+ run: |
+ cd unit-tests/
+ cmake -Bbuild -H. && make -C build
+ make -C build test
+ gcovr --root .. --sonarqube coverage.xml
+ - name: Run build-wrapper
+ run: |
  build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make clean all
- - name: Run sonar-scanner
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- run: |
- sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
+ - name: Run sonar-scanner
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ run: sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" #Consult https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarscanner-cli/ for more information and options
diff --git a/bitcoin_client/ledger_bitcoin/exception/device_exception.py b/bitcoin_client/ledger_bitcoin/exception/device_exception.py
@@ -12,6 +12,7 @@ class DeviceException(Exception): # pylint: disable=too-few-public-methods
  0x6A82: NotSupportedError,
  0x6A86: WrongP1P2Error,
  0x6A87: WrongDataLengthError,
+ 0x6A8E: SwapError,
  0x6D00: InsNotSupportedError,
  0x6E00: ClaNotSupportedError,
  0xB000: WrongResponseLengthError,

diff --git a/bitcoin_client/ledger_bitcoin/exception/errors.py b/bitcoin_client/ledger_bitcoin/exception/errors.py
@@ -26,6 +26,10 @@ class WrongDataLengthError(Exception):
  pass
 
 
+class SwapError(Exception):
+ pass
+
+
 class InsNotSupportedError(Exception):
  pass
 

diff --git a/src/boilerplate/sw.h b/src/boilerplate/sw.h
@@ -36,6 +36,11 @@
  */
 #define SW_WRONG_DATA_LENGTH 0x6A87
 
+/**
+ * Status word for fail in Swap
+ */
+#define SW_FAIL_SWAP 0x6A8E
+
 /**
  * Status word for unknown command with this INS.
  */

diff --git a/src/handler/get_wallet_address.c b/src/handler/get_wallet_address.c
@@ -34,6 +34,7 @@
 #include "../ui/menu.h"
 
 #include "../swap/swap_globals.h"
+#include "../swap/handle_swap_sign_transaction.h"
 
 #include "lib/policy.h"
 #include "lib/get_preimage.h"
@@ -167,8 +168,8 @@ void handler_get_wallet_address(dispatcher_context_t *dc, uint8_t protocol_versi
  // Swap feature: check that the wallet policy is a default one
  if (G_swap_state.called_from_swap && !is_wallet_default) {
  PRINTF("Must be a default wallet policy for swap feature\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
 
  {

diff --git a/src/handler/sign_psbt.c b/src/handler/sign_psbt.c
@@ -53,6 +53,7 @@
 #include "sign_psbt/update_hashes_with_map_value.h"
 
 #include "../swap/swap_globals.h"
+#include "../swap/handle_swap_sign_transaction.h"
 
 // common info that applies to either the current input or the current output
 typedef struct {
@@ -649,8 +650,8 @@ init_global_state(dispatcher_context_t *dc, sign_psbt_state_t *st) {
  // Swap feature: check that wallet policy is a default one
  if (G_swap_state.called_from_swap && !st->is_wallet_default) {
  PRINTF("Must be a default wallet policy for swap feature\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
 
  // If it's not a default wallet policy, ask the user for confirmation, and abort if they deny
@@ -1032,8 +1033,8 @@ show_alerts(dispatcher_context_t *dc,
  // Swap feature: no external inputs allowed
  if (G_swap_state.called_from_swap) {
  PRINTF("External inputs not allowed in swap transactions\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
 
  // some internal and some external inputs, warn the user first
@@ -1135,8 +1136,8 @@ static bool __attribute__((noinline)) display_output(dispatcher_context_t *dc,
  0 != strncmp(G_swap_state.destination_address, output_address, address_len)) {
  // address did not match
  PRINTF("Mismatching address for swap\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
  } else {
  // Show address to the user
@@ -1311,21 +1312,21 @@ confirm_transaction(dispatcher_context_t *dc, sign_psbt_state_t *st) {
  // Swap feature: there must be only one external output
  if (st->outputs.n_external != 1) {
  PRINTF("Swap transaction must have exactly 1 external output\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
 
  // Swap feature: check total amount and fees are as expected
  if (fee != G_swap_state.fees) {
  PRINTF("Mismatching fee for swap\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
  uint64_t spent_amount = st->outputs.total_amount - st->outputs.change_total_amount;
  if (spent_amount != G_swap_state.amount) {
  PRINTF("Mismatching spent amount for swap\n");
- SEND_SW(dc, SW_INCORRECT_DATA);
- return false;
+ SEND_SW(dc, SW_FAIL_SWAP);
+ finalize_exchange_sign_transaction(false);
  }
  } else {
  // if the value of fees is 10% or more of the amount, and it's more than 10000