Keys #8
Keys #8
Conversation
implemented Ed25519 signer and verifier
…and then OctetString
changed client ips for tests removed code smells
# Conflicts: # build.gradle # src/test/java/com/syntifi/casper/sdk/model/AbstractJsonTests.java # src/test/java/com/syntifi/casper/sdk/model/clvalue/encdec/EncoderDecoderTests.java # src/test/java/com/syntifi/casper/sdk/service/AbstractJsonRpcTests.java # src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java
|
|
||
| implementation "com.syntifi.crypto:crypto-key-common:${cryptokeyVersion}" | ||
| implementation "com.syntifi.crypto:crypto-key-ed25519:${cryptokeyVersion}" | ||
| implementation "com.syntifi.crypto:crypto-key-secp256k1:${cryptokeyVersion}" | ||
| implementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}" | ||
| implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}" |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1
1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1
CRITICAL Vulnerabilities (1)
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
(at-me in a reply with help or ignore)
|
|
||
| implementation "com.syntifi.crypto:crypto-key-common:${cryptokeyVersion}" | ||
| implementation "com.syntifi.crypto:crypto-key-ed25519:${cryptokeyVersion}" | ||
| implementation "com.syntifi.crypto:crypto-key-secp256k1:${cryptokeyVersion}" |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/com.syntifi.crypto/crypto-key-secp256k1@0.2.0
5 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 5 dependencies
Components
pkg:maven/com.squareup.okhttp3/okhttp@4.3.1
CRITICAL Vulnerabilities (1)
[CVE-2021-0341] CWE-295: Improper Certificate Validation
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-295
pkg:maven/org.web3j/rlp@5.0.0
CRITICAL Vulnerabilities (1)
[sonatype-2020-0823] CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
rlp - Buffer Overflow
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVSS Score: 8.4
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1
CRITICAL Vulnerabilities (1)
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
pkg:maven/org.java-websocket/Java-WebSocket@1.3.8
CRITICAL Vulnerabilities (1)
[CVE-2020-11050] CWE-295: Improper Certificate Validation
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
CVSS Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-295
pkg:maven/com.github.jnr/jnr-posix@3.0.47
CRITICAL Vulnerabilities (1)
[sonatype-2021-1118] CWE-416: Use After Free
jnr-posix - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVSS Score: 7.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-416
(at-me in a reply with help or ignore)
| } | ||
|
|
||
| dependencies { | ||
| implementation "com.github.briandilley.jsonrpc4j:jsonrpc4j:${jsonrpc4jVersion}" | ||
|
|
||
| implementation "com.syntifi.crypto:crypto-key-common:${cryptokeyVersion}" |
There was a problem hiding this comment.
Moderate OSS Vulnerability:
pkg:maven/com.syntifi.crypto/crypto-key-common@0.2.0
0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69
MODERATE Vulnerabilities (1)
[sonatype-2019-0673] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
BouncyCastle - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 3.7
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
(at-me in a reply with help or ignore)
| @@ -14,17 +14,20 @@ version = '0.2.0-SNAPSHOT' | |||
| sourceCompatibility = '8' | |||
|
|
|||
| repositories { | |||
| mavenCentral() | |||
| mavenCentral() | |||
| maven { url 'https://s01.oss.sonatype.org/content/repositories/snapshots' } | |||
| } | |||
|
|
|||
| dependencies { | |||
| implementation "com.github.briandilley.jsonrpc4j:jsonrpc4j:${jsonrpc4jVersion}" | |||
There was a problem hiding this comment.
Severe OSS Vulnerability:
pkg:maven/com.github.briandilley.jsonrpc4j/jsonrpc4j@1.6
0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/commons-codec/commons-codec@1.10
SEVERE Vulnerabilities (1)
[sonatype-2012-0050] CWE-20: Improper Input Validation
commons-codec - Base32 would decode some invalid Base32 encoded string into arbitrary value
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
CVSS Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-20
(at-me in a reply with help or ignore)
| @Data | ||
| @Getter | ||
| @Setter | ||
| @Builder |
There was a problem hiding this comment.
MissingSummary: A summary fragment is required; consider using the value of the @return block as a summary fragment instead. (details)
| @Builder | |
| Returns {@code this}. |
(at-me in a reply with help or ignore)
| @Data | ||
| @Getter | ||
| @Setter | ||
| @Builder |
There was a problem hiding this comment.
MissingSummary: A summary fragment is required; consider using the value of the @return block as a summary fragment instead. (details)
| @Builder | |
| Returns {@code this}. |
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
| public class CLTypeU128 extends AbstractCLTypeBasic { | |||
| private final String typeName = AbstractCLType.U128; | |||
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.U128; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
| public class CLTypeU256 extends AbstractCLTypeBasic { | |||
| private final String typeName = AbstractCLType.U256; | |||
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.U256; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @see AbstractCLType | ||
| * @since 0.0.1 | ||
| */ | ||
| @Getter | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | ||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | ||
| public class CLTypeU32 extends AbstractCLTypeBasic { | ||
| private final String typeName = AbstractCLType.U32; |
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.U32; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @see AbstractCLType | ||
| * @since 0.0.1 | ||
| */ | ||
| @Getter | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | ||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) |
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
| public class CLTypeU512 extends AbstractCLTypeBasic { | |||
| private final String typeName = AbstractCLType.U512; | |||
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.U512; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @see AbstractCLType | ||
| * @since 0.0.1 | ||
| */ | ||
| @Getter | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | ||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | ||
| public class CLTypeU8 extends AbstractCLTypeBasic { | ||
| private final String typeName = AbstractCLType.U8; |
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.U8; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @see AbstractCLType | ||
| * @since 0.0.1 | ||
| */ | ||
| @Getter | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | ||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) |
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
| public class CLTypeURef extends AbstractCLTypeBasic { | |||
| private final String typeName = AbstractCLType.UREF; | |||
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.UREF; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode(callSuper = false, of = {"typeName"}) refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @@ -17,7 +16,7 @@ | |||
|
|
|||
| @Getter | |||
| @NoArgsConstructor | |||
| @EqualsAndHashCode(callSuper = false, of = { "typeName" }) | |||
| @EqualsAndHashCode(callSuper = false, of = {"typeName"}) | |||
| public class CLTypeUnit extends AbstractCLTypeBasic { | |||
| private final String typeName = AbstractCLType.UNIT; | |||
There was a problem hiding this comment.
SameNameButDifferent: The name typeName = AbstractCLType.UNIT; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @Getter | ||
| @Setter | ||
| @Builder | ||
| @AllArgsConstructor |
There was a problem hiding this comment.
SameNameButDifferent: The name @AllArgsConstructor refers to [java.lang.SuppressWarnings, com.syntifi.casper.sdk.model.deploy.EraInfo] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @Builder | ||
| @AllArgsConstructor | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode |
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @Getter | ||
| @Setter | ||
| @Builder | ||
| @AllArgsConstructor |
There was a problem hiding this comment.
SameNameButDifferent: The name @AllArgsConstructor refers to [java.lang.SuppressWarnings, com.syntifi.casper.sdk.model.transfer.Transfer] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| @Data | ||
| @Getter | ||
| @Setter | ||
| @Builder |
There was a problem hiding this comment.
SameNameButDifferent: The name @Builder refers to [java.lang.SuppressWarnings, com.syntifi.casper.sdk.model.transfer.Transfer, com.syntifi.casper.sdk.model.storedvalue.StoredValueTransfer.StoredValueTransferBuilder, com.syntifi.casper.sdk.model.storedvalue.StoredValueTransfer, java.lang.Override, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
| @Builder | |
| StoredValueTransfer.@Builder |
(at-me in a reply with help or ignore)
| @Builder | ||
| @AllArgsConstructor | ||
| @NoArgsConstructor | ||
| @EqualsAndHashCode |
There was a problem hiding this comment.
SameNameButDifferent: The name @EqualsAndHashCode refers to [java.lang.Override, java.lang.SuppressWarnings, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @see StoredValue | ||
| * @since 0.0.1 | ||
| */ | ||
| @Data | ||
| @Getter | ||
| @Setter |
There was a problem hiding this comment.
SameNameButDifferent: The name @Setter refers to [com.fasterxml.jackson.annotation.JsonProperty, java.lang.SuppressWarnings, com.syntifi.casper.sdk.model.transfer.Transfer] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
| * @author Alexandre Carvalho | ||
| * @author Andre Bertolace | ||
| * @since 0.0.1 | ||
| */ | ||
| @Data | ||
| @Getter | ||
| @Setter |
There was a problem hiding this comment.
SameNameButDifferent: The name @Setter refers to [com.fasterxml.jackson.annotation.JsonProperty, com.fasterxml.jackson.annotation.JsonIgnore, java.lang.SuppressWarnings, java.math.BigInteger, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)
(at-me in a reply with help or ignore)
Part 2: key management; deploy serialization; signature; putDeploy