diff --git a/.clang-tidy b/.clang-tidy index ce12e552c4..6a7005b464 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -7,6 +7,7 @@ Checks: "-*, bugprone-bad-signal-to-kill-thread, bugprone-bool-pointer-implicit-conversion, bugprone-casting-through-void, + bugprone-capturing-this-in-member-variable, bugprone-chained-comparison, bugprone-compare-pointer-to-member-virtual-function, bugprone-copy-constructor-init, @@ -28,6 +29,7 @@ Checks: "-*, bugprone-misplaced-operator-in-strlen-in-alloc, bugprone-misplaced-pointer-arithmetic-in-alloc, bugprone-misplaced-widening-cast, + bugprone-misleading-setter-of-reference, bugprone-move-forwarding-reference, bugprone-multi-level-implicit-pointer-conversion, bugprone-multiple-new-in-one-expression, @@ -73,7 +75,7 @@ Checks: "-*, bugprone-unhandled-self-assignment, bugprone-unique-ptr-array-mismatch, bugprone-unsafe-functions, - bugprone-use-after-move, # has issues + bugprone-use-after-move, bugprone-unused-raii, bugprone-unused-return-value, bugprone-unused-local-non-trivial-variable, @@ -85,6 +87,7 @@ Checks: "-*, cppcoreguidelines-pro-type-static-cast-downcast, cppcoreguidelines-rvalue-reference-param-not-moved, cppcoreguidelines-use-default-member-init, + cppcoreguidelines-use-enum-class, cppcoreguidelines-virtual-class-destructor, hicpp-ignored-remove-result, misc-const-correctness, @@ -106,8 +109,10 @@ Checks: "-*, modernize-use-emplace, modernize-use-equals-default, modernize-use-equals-delete, + modernize-use-nodiscard, modernize-use-override, modernize-use-ranges, + modernize-use-scoped-lock, modernize-use-starts-ends-with, modernize-use-std-numbers, modernize-use-using, @@ -121,6 +126,7 @@ Checks: "-*, performance-move-constructor-init, performance-no-automatic-move, performance-trivially-destructible, + readability-ambiguous-smartptr-reset-call, readability-avoid-nested-conditional-operator, readability-avoid-return-with-void-value, readability-braces-around-statements, diff --git a/.github/actions/print-env/action.yml b/.github/actions/print-env/action.yml deleted file mode 100644 index 3527ca6f02..0000000000 --- a/.github/actions/print-env/action.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Print build environment -description: "Print environment and some tooling versions" - -runs: - using: composite - steps: - - name: Check configuration (Windows) - if: ${{ runner.os == 'Windows' }} - shell: bash - run: | - echo 'Checking environment variables.' - set - - - name: Check configuration (Linux and macOS) - if: ${{ runner.os == 'Linux' || runner.os == 'macOS' }} - shell: bash - run: | - echo 'Checking path.' - echo ${PATH} | tr ':' '\n' - - echo 'Checking environment variables.' - env | sort - - echo 'Checking compiler version.' - ${{ runner.os == 'Linux' && '${CC}' || 'clang' }} --version - - echo 'Checking Ninja version.' - ninja --version - - echo 'Checking nproc version.' - nproc --version - - - name: Check configuration (all) - shell: bash - run: | - echo 'Checking Ccache version.' - ccache --version - - echo 'Checking CMake version.' - cmake --version - - echo 'Checking Conan version.' - conan --version diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 66e319e0e7..0e6b840fe7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -33,17 +33,6 @@ updates: prefix: "ci: [DEPENDABOT] " target-branch: develop - - package-ecosystem: github-actions - directory: .github/actions/print-env/ - schedule: - interval: weekly - day: monday - time: "04:00" - timezone: Etc/GMT - commit-message: - prefix: "ci: [DEPENDABOT] " - target-branch: develop - - package-ecosystem: github-actions directory: .github/actions/setup-conan/ schedule: diff --git a/.github/scripts/levelization/results/ordering.txt b/.github/scripts/levelization/results/ordering.txt index d2a1894585..c2000d1768 100644 --- a/.github/scripts/levelization/results/ordering.txt +++ b/.github/scripts/levelization/results/ordering.txt @@ -188,10 +188,16 @@ test.toplevel > xrpl.json test.unit_test > xrpl.basics test.unit_test > xrpl.protocol tests.libxrpl > xrpl.basics +tests.libxrpl > xrpl.core tests.libxrpl > xrpl.json +tests.libxrpl > xrpl.ledger tests.libxrpl > xrpl.net +tests.libxrpl > xrpl.nodestore tests.libxrpl > xrpl.protocol tests.libxrpl > xrpl.protocol_autogen +tests.libxrpl > xrpl.server +tests.libxrpl > xrpl.shamap +tests.libxrpl > xrpl.tx xrpl.conditions > xrpl.basics xrpl.conditions > xrpl.protocol xrpl.core > xrpl.basics diff --git a/.github/scripts/strategy-matrix/generate.py b/.github/scripts/strategy-matrix/generate.py index 4784142b7b..dec41a2610 100755 --- a/.github/scripts/strategy-matrix/generate.py +++ b/.github/scripts/strategy-matrix/generate.py @@ -51,20 +51,21 @@ def generate_strategy_matrix(all: bool, config: Config) -> list: # Only generate a subset of configurations in PRs. if not all: # Debian: - # - Bookworm using GCC 13: Release on linux/amd64, set the reference - # fee to 500. - # - Bookworm using GCC 15: Debug on linux/amd64, enable code - # coverage (which will be done below). + # - Bookworm using GCC 13: Debug on linux/amd64, set the reference + # fee to 500 and enable code coverage (which will be done below). + # - Bookworm using GCC 15: Debug on linux/amd64, enable Address and + # UB sanitizers (which will be done below). # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar. # - Bookworm using Clang 17: Release on linux/amd64, set the # reference fee to 1000. - # - Bookworm using Clang 20: Debug on linux/amd64. + # - Bookworm using Clang 20: Debug on linux/amd64, enable Address + # and UB sanitizers (which will be done below). if os["distro_name"] == "debian": skip = True if os["distro_version"] == "bookworm": if ( f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13" - and build_type == "Release" + and build_type == "Debug" and architecture["platform"] == "linux/amd64" ): cmake_args = f"-DUNIT_TEST_REFERENCE_FEE=500 {cmake_args}" @@ -193,11 +194,11 @@ def generate_strategy_matrix(all: bool, config: Config) -> list: ): continue - # Enable code coverage for Debian Bookworm using GCC 15 in Debug on - # linux/amd64 + # Enable code coverage for Debian Bookworm using GCC 13 in Debug on + # linux/amd64. if ( f"{os['distro_name']}-{os['distro_version']}" == "debian-bookworm" - and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-15" + and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13" and build_type == "Debug" and architecture["platform"] == "linux/amd64" ): @@ -234,23 +235,39 @@ def generate_strategy_matrix(all: bool, config: Config) -> list: # Add the configuration to the list, with the most unique fields first, # so that they are easier to identify in the GitHub Actions UI, as long # names get truncated. - # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros. + # Add Address and UB sanitizers as separate configurations for specific + # bookworm distros. Thread sanitizer is currently disabled (see below). # GCC-Asan xrpld-embedded tests are failing because of https://github.com/google/sanitizers/issues/856 - if ( - os["distro_version"] == "bookworm" - and f"{os['compiler_name']}-{os['compiler_version']}" == "clang-20" - ): - # Add ASAN + UBSAN configuration. + if os[ + "distro_version" + ] == "bookworm" and f"{os['compiler_name']}-{os['compiler_version']}" in [ + "gcc-15", + "clang-20", + ]: + # Add ASAN configuration. configurations.append( { - "config_name": config_name + "-asan-ubsan", + "config_name": config_name + "-asan", "cmake_args": cmake_args, "cmake_target": cmake_target, "build_only": build_only, "build_type": build_type, "os": os, "architecture": architecture, - "sanitizers": "address,undefinedbehavior", + "sanitizers": "address", + } + ) + # Add UBSAN configuration. + configurations.append( + { + "config_name": config_name + "-ubsan", + "cmake_args": cmake_args, + "cmake_target": cmake_target, + "build_only": build_only, + "build_type": build_type, + "os": os, + "architecture": architecture, + "sanitizers": "undefinedbehavior", } ) # TSAN is deactivated due to seg faults with latest compilers. diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 89255f0e47..2f15b82266 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,7 +14,7 @@ on: jobs: # Call the workflow in the XRPLF/actions repo that runs the pre-commit hooks. run-hooks: - uses: XRPLF/actions/.github/workflows/pre-commit.yml@9307df762265e15c745ddcdb38a581c989f7f349 + uses: XRPLF/actions/.github/workflows/pre-commit.yml@5e942d61bf32f7557a7c159cfac4712a687b3e3a with: runs_on: ubuntu-latest container: '{ "image": "ghcr.io/xrplf/ci/tools-rippled-pre-commit:sha-41ec7c1" }' diff --git a/.github/workflows/reusable-build-test-config.yml b/.github/workflows/reusable-build-test-config.yml index c2c862d73f..b4cb266004 100644 --- a/.github/workflows/reusable-build-test-config.yml +++ b/.github/workflows/reusable-build-test-config.yml @@ -116,7 +116,7 @@ jobs: run: echo "CCACHE_LOGFILE=${{ runner.temp }}/ccache.log" >> "${GITHUB_ENV}" - name: Print build environment - uses: ./.github/actions/print-env + uses: XRPLF/actions/print-env@8f811899319ef002e7a088c77c57d95aba602a97 - name: Get number of processors uses: XRPLF/actions/get-nproc@cf0433aa74563aead044a1e395610c96d65a37cf diff --git a/.github/workflows/reusable-clang-tidy-files.yml b/.github/workflows/reusable-clang-tidy-files.yml index 9b99f418b1..75969060a5 100644 --- a/.github/workflows/reusable-clang-tidy-files.yml +++ b/.github/workflows/reusable-clang-tidy-files.yml @@ -40,7 +40,7 @@ jobs: enable_ccache: false - name: Print build environment - uses: ./.github/actions/print-env + uses: XRPLF/actions/print-env@8f811899319ef002e7a088c77c57d95aba602a97 - name: Get number of processors uses: XRPLF/actions/get-nproc@cf0433aa74563aead044a1e395610c96d65a37cf diff --git a/.github/workflows/upload-conan-deps.yml b/.github/workflows/upload-conan-deps.yml index f14efde05b..49c9ab041a 100644 --- a/.github/workflows/upload-conan-deps.yml +++ b/.github/workflows/upload-conan-deps.yml @@ -75,7 +75,7 @@ jobs: enable_ccache: false - name: Print build environment - uses: ./.github/actions/print-env + uses: XRPLF/actions/print-env@8f811899319ef002e7a088c77c57d95aba602a97 - name: Get number of processors uses: XRPLF/actions/get-nproc@cf0433aa74563aead044a1e395610c96d65a37cf diff --git a/API-CHANGELOG.md b/API-CHANGELOG.md index d5faaf70af..56a45c132a 100644 --- a/API-CHANGELOG.md +++ b/API-CHANGELOG.md @@ -28,6 +28,8 @@ This section contains changes targeting a future version. ### Additions +- `ledger_entry`, `account_objects`: The `Delegate` ledger entry now includes an optional `DestinationNode` field, which stores the index into the authorized account's owner directory. This field is present on entries created after bidirectional directory tracking was introduced and may appear in RPC responses for those entries. ([#6681](https://github.com/XRPLF/rippled/pull/6681)) + - `server_definitions`: Added the following new sections to the response ([#6321](https://github.com/XRPLF/rippled/pull/6321)): - `TRANSACTION_FORMATS`: Describes the fields and their optionality for each transaction type, including common fields shared across all transactions. - `LEDGER_ENTRY_FORMATS`: Describes the fields and their optionality for each ledger entry type, including common fields shared across all ledger entries. @@ -40,6 +42,14 @@ This section contains changes targeting a future version. - Peer Crawler: The `port` field in `overlay.active[]` now consistently returns an integer instead of a string for outbound peers. [#6318](https://github.com/XRPLF/rippled/pull/6318) - `ping`: The `ip` field is no longer returned as an empty string for proxied connections without a forwarded-for header. It is now omitted, consistent with the behavior for identified connections. [#6730](https://github.com/XRPLF/rippled/pull/6730) - gRPC `GetLedgerDiff`: Fixed error message that incorrectly said "base ledger not validated" when the desired ledger was not validated. [#6730](https://github.com/XRPLF/rippled/pull/6730) +- `account_channels`: The `destination_account` field now returns an error if the value is not a string. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `subscribe`: The `taker` field in the `books` array now returns an error if the value is not a string. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `account_info`: The `urlgravatar` field now uses HTTPS instead of HTTP. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `ledger`: The `full`, `accounts`, `transactions`, `expand`, `binary`, `owner_funds`, and `queue` fields now return an error if the value is not a boolean. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `ledger_data`: The `binary` field now returns an error if the value is not a boolean. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `submit`: The `fail_hard` field now returns an error if the value is not a boolean. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- `subscribe`: The `taker` field in the `books` array now returns `actMalformed` instead of `badIssuer` if the value is not a valid account. [#6529](https://github.com/XRPLF/rippled/pull/6529) +- Fixed a bug in `Forwarded` HTTP header parsing where the extracted IP address could be incorrect when no comma or semicolon delimiter follows the address. This could cause the server to misidentify a client's IP address when operating behind a reverse proxy. [#6529](https://github.com/XRPLF/rippled/pull/6529) ## XRP Ledger server version 3.1.0 diff --git a/SECURITY.md b/SECURITY.md index 2e0c43a134..d72ddcada4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -22,117 +22,10 @@ Responsible investigation includes, but isn't limited to, the following: - Not targeting physical security measures, or attempting to use social engineering, spam, distributed denial of service (DDOS) attacks, etc. - Investigating bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to the XRP Ledger and the broader ecosystem. -### Responsible Disclosure - -If you discover a vulnerability or potential threat, or if you _think_ -you have, please reach out by dropping an email using the contact -information below. - -Your report should include the following: - -- Your contact information (typically, an email address); -- The description of the vulnerability; -- The attack scenario (if any); -- The steps to reproduce the vulnerability; -- Any other relevant details or artifacts, including code, scripts or patches. - -In your email, please describe the issue or potential threat. If possible, include a "repro" (code that can reproduce the issue) or describe the best way to reproduce and replicate the issue. Please make your report as detailed and comprehensive as possible. - -For more information on responsible disclosure, please read this [Wikipedia article](https://en.wikipedia.org/wiki/Responsible_disclosure). - -## Report Handling Process - -Please report the bug directly to us and limit further disclosure. If you want to prove that you knew the bug as of a given time, consider using a cryptographic pre-commitment: hash the content of your report and publish the hash on a medium of your choice (e.g. on Twitter or as a memo in a transaction) as "proof" that you had written the text at a given point in time. - -Once we receive a report, we: - -1. Assign two people to independently evaluate the report; -2. Consider their recommendations; -3. If action is necessary, formulate a plan to address the issue; -4. Communicate privately with the reporter to explain our plan. -5. Prepare, test and release a version which fixes the issue; and -6. Announce the vulnerability publicly. - -We will triage and respond to your disclosure within 24 hours. Beyond that, we will work to analyze the issue in more detail, formulate, develop and test a fix. - -While we commit to responding with 24 hours of your initial report with our triage assessment, we cannot guarantee a response time for the remaining steps. We will communicate with you throughout this process, letting you know where we are and keeping you updated on the timeframe. - ## Bug Bounty Program -[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`xrpld`](https://github.com/XRPLF/rippled) (and other related projects, like [`xrpl.js`](https://github.com/XRPLF/xrpl.js), [`xrpl-py`](https://github.com/XRPLF/xrpl-py), [`xrpl4j`](https://github.com/XRPLF/xrpl4j)). +[Ripple](https://ripple.com) is generously sponsoring a bug bounty program for vulnerabilities in [`xrpld`](https://github.com/XRPLF/rippled) (and other related projects, like [`Clio`](https://github.com/XRPLF/clio), [`xrpl.js`](https://github.com/XRPLF/xrpl.js), [`xrpl-py`](https://github.com/XRPLF/xrpl-py), [`xrpl4j`](https://github.com/XRPLF/xrpl4j)). -This program allows us to recognize and reward individuals or groups that identify and report bugs. In summary, in order to qualify for a bounty, the bug must be: +This program allows us to recognize and reward individuals or groups that identify and report bugs. -1. **In scope**. Only bugs in software under the scope of the program qualify. Currently, that means `xrpld`, `xrpl.js`, `xrpl-py`, `xrpl4j`. -2. **Relevant**. A security issue, posing a danger to user funds, privacy, or the operation of the XRP Ledger. -3. **Original and previously unknown**. Bugs that are already known and discussed in public do not qualify. Previously reported bugs, even if publicly unknown, are not eligible. -4. **Specific**. We welcome general security advice or recommendations, but we cannot pay bounties for that. -5. **Fixable**. There has to be something we can do to permanently fix the problem. Note that bugs in other people’s software may still qualify in some cases. For example, if you find a bug in a library that we use which can compromise the security of software that is in scope and we can get it fixed, you may qualify for a bounty. -6. **Unused**. If you use the exploit to attack the XRP Ledger, you do not qualify for a bounty. If you report a vulnerability used in an ongoing or past attack and there is specific, concrete evidence that suggests you are the attacker we reserve the right not to pay a bounty. - -The amount paid varies dramatically. Vulnerabilities that are harmless on their own, but could form part of a critical exploit will usually receive a bounty. Full-blown exploits can receive much higher bounties. Please don’t hold back partial vulnerabilities while trying to construct a full-blown exploit. We will pay a bounty to anyone who reports a complete chain of vulnerabilities even if they have reported each component of the exploit separately and those vulnerabilities have been fixed in the meantime. However, to qualify for a the full bounty, you must to have been the first to report each of the partial exploits. - -### Contacting Us - -To report a qualifying bug, please send a detailed report to: - -| Email Address | bugs@ripple.com | -| :-----------: | :-------------------------------------------------- | -| Short Key ID | `0xA9F514E0` | -| Long Key ID | `0xD900855AA9F514E0` | -| Fingerprint | `B72C 0654 2F2A E250 2763 A268 D900 855A A9F5 14E0` | - -The full PGP key for this address, which is also available on several key servers (e.g. on [keyserver.ubuntu.com](https://keyserver.ubuntu.com)), is: - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- -mQINBGkSZAQBEACprU199OhgdsOsygNjiQV4msuN3vDOUooehL+NwfsGfW79Tbqq -Q2u7uQ3NZjW+M2T4nsDwuhkr7pe7xSReR5W8ssaczvtUyxkvbMClilcgZ2OSCAuC -N9tzJsqOqkwBvXoNXkn//T2jnPz0ZU2wSF+NrEibq5FeuyGdoX3yXXBxq9pW9HzK -HkQll63QSl6BzVSGRQq+B6lGgaZGLwf3mzmIND9Z5VGLNK2jKynyz9z091whNG/M -kV+E7/r/bujHk7WIVId07G5/COTXmSr7kFnNEkd2Umw42dkgfiNKvlmJ9M7c1wLK -KbL9Eb4ADuW6rRc5k4s1e6GT8R4/VPliWbCl9SE32hXH8uTkqVIFZP2eyM5WRRHs -aKzitkQG9UK9gcb0kdgUkxOvvgPHAe5IuZlcHFzU4y0dBbU1VEFWVpiLU0q+IuNw -5BRemeHc59YNsngkmAZ+/9zouoShRusZmC8Wzotv75C2qVBcjijPvmjWAUz0Zunm -Lsr+O71vqHE73pERjD07wuD/ISjiYRYYE/bVrXtXLZijC7qAH4RE3nID+2ojcZyO -/2jMQvt7un56RsGH4UBHi3aBHi9bUoDGCXKiQY981cEuNaOxpou7Mh3x/ONzzSvk -sTV6nl1LOZHykN1JyKwaNbTSAiuyoN+7lOBqbV04DNYAHL88PrT21P83aQARAQAB -tB1SaXBwbGUgTGFicyA8YnVnc0ByaXBwbGUuY29tPokCTgQTAQgAOBYhBLcsBlQv -KuJQJ2OiaNkAhVqp9RTgBQJpEmQEAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA -AAoJENkAhVqp9RTgBzgP/i7y+aDWl1maig1XMdyb+o0UGusumFSW4Hmj278wlKVv -usgLPihYgHE0PKrv6WRyKOMC1tQEcYYN93M+OeQ1vFhS2YyURq6RCMmh4zq/awXG -uZbG36OURB5NH8lGBOHiN/7O+nY0CgenBT2JWm+GW3nEOAVOVm4+r5GlpPlv+Dp1 -NPBThcKXFMnH73++NpSQoDzTfRYHPxhDAX3jkLi/moXfSanOLlR6l94XNNN0jBHW -Quao0rzf4WSXq9g6AS224xhAA5JyIcFl8TX7hzj5HaFn3VWo3COoDu4U7H+BM0fl -85yqiMQypp7EhN2gxpMMWaHY5TFM85U/bFXFYfEgihZ4/gt4uoIzsNI9jlX7mYvG -KFdDij+oTlRsuOxdIy60B3dKcwOH9nZZCz0SPsN/zlRWgKzK4gDKdGhFkU9OlvPu -94ZqscanoiWKDoZkF96+sjgfjkuHsDK7Lwc1Xi+T4drHG/3aVpkYabXox+lrKB/S -yxZjeqOIQzWPhnLgCaLyvsKo5hxKzL0w3eURu8F3IS7RgOOlljv4M+Me9sEVcdNV -aN3/tQwbaomSX1X5D5YXqhBwC3rU3wXwamsscRTGEpkV+JCX6KUqGP7nWmxCpAly -FL05XuOd5SVHJjXLeuje0JqLUpN514uL+bThWwDbDTdAdwW3oK/2WbXz7IfJRLBj -uQINBGkSZAQBEADdI3SL2F72qkrgFqXWE6HSRBu9bsAvTE5QrRPWk7ux6at537r4 -S4sIw2dOwLvbyIrDgKNq3LQ5wCK88NO/NeCOFm4AiCJSl3pJHXYnTDoUxTrrxx+o -vSRI4I3fHEql/MqzgiAb0YUezjgFdh3vYheMPp/309PFbOLhiFqEcx80Mx5h06UH -gDzu1qNj3Ec+31NLic5zwkrAkvFvD54d6bqYR3SEgMau6aYEewpGHbWBi2pLqSi2 -lQcAeOFixqGpTwDmAnYR8YtjBYepy0MojEAdTHcQQlOYSDk4q4elG+io2N8vECfU -rD6ORecN48GXdZINYWTAdslrUeanmBdgQrYkSpce8TSghgT9P01SNaXxmyaehVUO -lqI4pcg5G2oojAE8ncNS3TwDtt7daTaTC3bAdr4PXDVAzNAiewjMNZPB7xidkDGQ -Y4W1LxTMXyJVWxehYOH7tsbBRKninlfRnLgYzmtIbNRAAvNcsxU6ihv3AV0WFknN -YbSzotEv1Xq/5wk309x8zCDe+sP0cQicvbXafXmUzPAZzeqFg+VLFn7F9MP1WGlW -B1u7VIvBF1Mp9Nd3EAGBAoLRdRu+0dVWIjPTQuPIuD9cCatJA0wVaKUrjYbBMl88 -a12LixNVGeSFS9N7ADHx0/o7GNT6l88YbaLP6zggUHpUD/bR+cDN7vllIQARAQAB -iQI2BBgBCAAgFiEEtywGVC8q4lAnY6Jo2QCFWqn1FOAFAmkSZAQCGwwACgkQ2QCF -Wqn1FOAfAA/8CYq4p0p4bobY20CKEMsZrkBTFJyPDqzFwMeTjgpzqbD7Y3Qq5QCK -OBbvY02GWdiIsNOzKdBxiuam2xYP9WHZj4y7/uWEvT0qlPVmDFu+HXjoJ43oxwFd -CUp2gMuQ4cSL3X94VRJ3BkVL+tgBm8CNY0vnTLLOO3kum/R69VsGJS1JSGUWjNM+ -4qwS3mz+73xJu1HmERyN2RZF/DGIZI2PyONQQ6aH85G1Dd2ohu2/DBAkQAMBrPbj -FrbDaBLyFhODxU3kTWqnfLlaElSm2EGdIU2yx7n4BggEa//NZRMm5kyeo4vzhtlQ -YIVUMLAOLZvnEqDnsLKp+22FzNR/O+htBQC4lPywl53oYSALdhz1IQlcAC1ru5KR -XPzhIXV6IIzkcx9xNkEclZxmsuy5ERXyKEmLbIHAlzFmnrldlt2ZgXDtzaorLmxj -klKibxd5tF50qOpOivz+oPtFo7n+HmFa1nlVAMxlDCUdM0pEVeYDKI5zfVwalyhZ -NnjpakdZSXMwgc7NP/hH9buF35hKDp7EckT2y3JNYwHsDdy1icXN2q40XZw5tSIn -zkPWdu3OUY8PISohN6Pw4h0RH4ZmoX97E8sEfmdKaT58U4Hf2aAv5r9IWCSrAVqY -u5jvac29CzQR9Kal0A+8phHAXHNFD83SwzIC0syaT9ficAguwGH8X6Q= -=nGuD ------END PGP PUBLIC KEY BLOCK----- -``` +We have partnered with Bugcrowd to manage this program. It is a private program, and security researchers can participate based on invitation. If you need access to the program, please email bugs@ripple.com with your Bugcrowd handle or Bugcrowd registered email, and we will get you added to the program. Once you have been added, please submit vulnerability reports through Bugcrowd, not by email. The detailed bug bounty policy is available on the Bugcrowd website. diff --git a/cmake/XrplCompiler.cmake b/cmake/XrplCompiler.cmake index 9db754eb1d..0b77ff3525 100644 --- a/cmake/XrplCompiler.cmake +++ b/cmake/XrplCompiler.cmake @@ -118,7 +118,7 @@ if(MSVC) NOMINMAX # TODO: Resolve these warnings, don't just silence them _SILENCE_ALL_CXX17_DEPRECATION_WARNINGS - $<$,$,$>>:_CRTDBG_MAP_ALLOC> + $<$,$>:_CRTDBG_MAP_ALLOC> ) target_link_libraries(common INTERFACE -errorreport:none -machine:X64) else() diff --git a/include/xrpl/basics/BasicConfig.h b/include/xrpl/basics/BasicConfig.h index e1b0af516f..0639fb6c4d 100644 --- a/include/xrpl/basics/BasicConfig.h +++ b/include/xrpl/basics/BasicConfig.h @@ -36,7 +36,7 @@ public: explicit Section(std::string name = ""); /** Returns the name of this section. */ - std::string const& + [[nodiscard]] std::string const& name() const { return name_; @@ -45,7 +45,7 @@ public: /** Returns all the lines in the section. This includes everything. */ - std::vector const& + [[nodiscard]] std::vector const& lines() const { return lines_; @@ -54,7 +54,7 @@ public: /** Returns all the values in the section. Values are non-empty lines which are not key/value pairs. */ - std::vector const& + [[nodiscard]] std::vector const& values() const { return values_; @@ -82,7 +82,7 @@ public: * @return The retrieved value. A section with an empty legacy value returns an empty string. */ - std::string + [[nodiscard]] std::string legacy() const { if (lines_.empty()) @@ -117,11 +117,11 @@ public: } /** Returns `true` if a key with the given name exists. */ - bool + [[nodiscard]] bool exists(std::string const& name) const; template - std::optional + [[nodiscard]] std::optional get(std::string const& name) const { auto const iter = lookup_.find(name); @@ -132,7 +132,7 @@ public: /// Returns a value if present, else another value. template - T + [[nodiscard]] T value_or(std::string const& name, T const& other) const { auto const v = get(name); @@ -141,7 +141,7 @@ public: // indicates if trailing comments were seen // during the appending of any lines/values - bool + [[nodiscard]] bool had_trailing_comments() const { return had_trailing_comments_; @@ -151,42 +151,42 @@ public: operator<<(std::ostream&, Section const& section); // Returns `true` if there are no key/value pairs. - bool + [[nodiscard]] bool empty() const { return lookup_.empty(); } // Returns the number of key/value pairs. - std::size_t + [[nodiscard]] std::size_t size() const { return lookup_.size(); } // For iteration of key/value pairs. - const_iterator + [[nodiscard]] const_iterator begin() const { return lookup_.cbegin(); } // For iteration of key/value pairs. - const_iterator + [[nodiscard]] const_iterator cbegin() const { return lookup_.cbegin(); } // For iteration of key/value pairs. - const_iterator + [[nodiscard]] const_iterator end() const { return lookup_.cend(); } // For iteration of key/value pairs. - const_iterator + [[nodiscard]] const_iterator cend() const { return lookup_.cend(); @@ -206,7 +206,7 @@ private: public: /** Returns `true` if a section with the given name exists. */ - bool + [[nodiscard]] bool exists(std::string const& name) const; /** Returns the section with the given name. @@ -216,7 +216,7 @@ public: Section& section(std::string const& name); - Section const& + [[nodiscard]] Section const& section(std::string const& name) const; Section const& @@ -264,7 +264,7 @@ public: * legacy value. * @return Contents of the legacy value. */ - std::string + [[nodiscard]] std::string legacy(std::string const& sectionName) const; friend std::ostream& @@ -272,7 +272,7 @@ public: // indicates if trailing comments were seen // in any loaded Sections - bool + [[nodiscard]] bool had_trailing_comments() const { return std::ranges::any_of(map_, [](auto s) { return s.second.had_trailing_comments(); }); diff --git a/include/xrpl/basics/Buffer.h b/include/xrpl/basics/Buffer.h index 52c092981c..59968a4fa4 100644 --- a/include/xrpl/basics/Buffer.h +++ b/include/xrpl/basics/Buffer.h @@ -101,13 +101,13 @@ public: } /** Returns the number of bytes in the buffer. */ - std::size_t + [[nodiscard]] std::size_t size() const noexcept { return size_; } - bool + [[nodiscard]] bool empty() const noexcept { return 0 == size_; @@ -125,7 +125,7 @@ public: to a single byte, to facilitate pointer arithmetic. */ /** @{ */ - std::uint8_t const* + [[nodiscard]] std::uint8_t const* data() const noexcept { return p_.get(); @@ -169,25 +169,25 @@ public: return alloc(n); } - const_iterator + [[nodiscard]] const_iterator begin() const noexcept { return p_.get(); } - const_iterator + [[nodiscard]] const_iterator cbegin() const noexcept { return p_.get(); } - const_iterator + [[nodiscard]] const_iterator end() const noexcept { return p_.get() + size_; } - const_iterator + [[nodiscard]] const_iterator cend() const noexcept { return p_.get() + size_; diff --git a/include/xrpl/basics/CountedObject.h b/include/xrpl/basics/CountedObject.h index 675d1b163b..379fd49837 100644 --- a/include/xrpl/basics/CountedObject.h +++ b/include/xrpl/basics/CountedObject.h @@ -19,7 +19,7 @@ public: using Entry = std::pair; using List = std::vector; - List + [[nodiscard]] List getCounts(int minimumThreshold) const; public: @@ -59,19 +59,19 @@ public: return --count_; } - int + [[nodiscard]] int getCount() const noexcept { return count_.load(); } - Counter* + [[nodiscard]] Counter* getNext() const noexcept { return next_; } - std::string const& + [[nodiscard]] std::string const& getName() const noexcept { return name_; diff --git a/include/xrpl/basics/DecayingSample.h b/include/xrpl/basics/DecayingSample.h index d4c7388046..8f6e729acf 100644 --- a/include/xrpl/basics/DecayingSample.h +++ b/include/xrpl/basics/DecayingSample.h @@ -67,8 +67,10 @@ private: } else { - while ((elapsed--) != 0u) + for (; elapsed > 0; --elapsed) + { m_value -= (m_value + Window - 1) / Window; + } } } diff --git a/include/xrpl/basics/Expected.h b/include/xrpl/basics/Expected.h index 6cba7106fb..f4d8e5019a 100644 --- a/include/xrpl/basics/Expected.h +++ b/include/xrpl/basics/Expected.h @@ -73,7 +73,7 @@ public: { } - constexpr E const& + [[nodiscard]] constexpr E const& value() const& { return val_; @@ -91,7 +91,7 @@ public: return std::move(val_); } - constexpr E const&& + [[nodiscard]] constexpr E const&& value() const&& { return std::move(val_); @@ -125,13 +125,13 @@ public: { } - constexpr bool + [[nodiscard]] constexpr bool has_value() const { return Base::has_value(); } - constexpr T const& + [[nodiscard]] constexpr T const& value() const { return Base::value(); @@ -143,7 +143,7 @@ public: return Base::value(); } - constexpr E const& + [[nodiscard]] constexpr E const& error() const { return Base::error(); @@ -210,7 +210,7 @@ public: { } - constexpr E const& + [[nodiscard]] constexpr E const& error() const { return Base::error(); diff --git a/include/xrpl/basics/IntrusivePointer.h b/include/xrpl/basics/IntrusivePointer.h index 230dec3ebb..019e71a727 100644 --- a/include/xrpl/basics/IntrusivePointer.h +++ b/include/xrpl/basics/IntrusivePointer.h @@ -159,11 +159,11 @@ public: reset(); /** Get the raw pointer */ - T* + [[nodiscard]] T* get() const; /** Return the strong count */ - std::size_t + [[nodiscard]] std::size_t use_count() const; template @@ -181,7 +181,7 @@ public: private: /** Return the raw pointer held by this object. */ - T* + [[nodiscard]] T* unsafeGetRawPtr() const; /** Exchange the current raw pointer held by this object with the given @@ -260,7 +260,7 @@ public: lock() const; /** Return true if the strong count is zero. */ - bool + [[nodiscard]] bool expired() const; /** Set the pointer to null and decrement the weak count. @@ -339,7 +339,7 @@ public: don't lock the weak pointer. Use the `lock` method if that's what's needed) */ - SharedIntrusive + [[nodiscard]] SharedIntrusive getStrong() const; /** Return true if this is a strong pointer and the strong pointer is @@ -357,31 +357,31 @@ public: /** If this is a strong pointer, return the raw pointer. Otherwise return null. */ - T* + [[nodiscard]] T* get() const; /** If this is a strong pointer, return the strong count. Otherwise * return 0 */ - std::size_t + [[nodiscard]] std::size_t use_count() const; /** Return true if there is a non-zero strong count. */ - bool + [[nodiscard]] bool expired() const; /** If this is a strong pointer, return the strong pointer. Otherwise attempt to lock the weak pointer. */ - SharedIntrusive + [[nodiscard]] SharedIntrusive lock() const; /** Return true is this represents a strong pointer. */ - bool + [[nodiscard]] bool isStrong() const; /** Return true is this represents a weak pointer. */ - bool + [[nodiscard]] bool isWeak() const; /** If this is a weak pointer, attempt to convert it to a strong @@ -412,7 +412,7 @@ private: private: /** Return the raw pointer held by this object. */ - T* + [[nodiscard]] T* unsafeGetRawPtr() const; enum class RefStrength { strong, weak }; diff --git a/include/xrpl/basics/IntrusiveRefCounts.h b/include/xrpl/basics/IntrusiveRefCounts.h index ea610a521e..e7c31bde93 100644 --- a/include/xrpl/basics/IntrusiveRefCounts.h +++ b/include/xrpl/basics/IntrusiveRefCounts.h @@ -207,7 +207,7 @@ private: RefCountPair(CountType s, CountType w) noexcept; /** Convert back to the packed integer form. */ - FieldType + [[nodiscard]] FieldType combinedValue() const noexcept; static constexpr CountType maxStrongValue = diff --git a/include/xrpl/basics/Log.h b/include/xrpl/basics/Log.h index 4efbec5199..5c63166d93 100644 --- a/include/xrpl/basics/Log.h +++ b/include/xrpl/basics/Log.h @@ -15,6 +15,7 @@ namespace xrpl { // DEPRECATED use beast::severities::Severity instead +// NOLINTNEXTLINE(cppcoreguidelines-use-enum-class) enum LogSeverity { lsINVALID = -1, // used to indicate an invalid severity lsTRACE = 0, // Very low-level progress information, details inside @@ -76,7 +77,7 @@ private: @return `true` if a system file is associated and opened for writing. */ - bool + [[nodiscard]] bool isOpen() const noexcept; /** Associate a system file with the log. @@ -207,6 +208,8 @@ public: fromString(std::string const& s); private: + // Need to be named before converting + // NOLINTNEXTLINE(cppcoreguidelines-use-enum-class) enum { // Maximum line length for log messages. // If the message exceeds this length it will be truncated with diff --git a/include/xrpl/basics/Mutex.hpp b/include/xrpl/basics/Mutex.hpp index 18c57370b1..4432e27b4b 100644 --- a/include/xrpl/basics/Mutex.hpp +++ b/include/xrpl/basics/Mutex.hpp @@ -44,7 +44,7 @@ public: return data_; } - ProtectedDataType const& + [[nodiscard]] ProtectedDataType const& get() const { return data_; @@ -131,7 +131,7 @@ public: * @tparam LockType The type of lock to use * @return A lock on the mutex and a reference to the protected data */ - template