diff --git a/.github/workflows/ai-security-audit.yml b/.github/workflows/ai-security-audit.yml new file mode 100644 index 00000000..d86a6225 --- /dev/null +++ b/.github/workflows/ai-security-audit.yml @@ -0,0 +1,186 @@ +name: AI Security Audit + +on: + pull_request: + types: [opened, synchronize, reopened] + +permissions: + contents: read + pull-requests: write + +jobs: + ai-security-audit: + runs-on: ubuntu-latest + timeout-minutes: 15 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check ANTHROPIC_API_KEY + env: + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + run: | + if [ -z "$ANTHROPIC_API_KEY" ]; then + echo "::error::ANTHROPIC_API_KEY is not configured. Please add it to your repository secrets (Settings > Secrets and variables > Actions > New repository secret). The AI security audit cannot run without this key." + exit 1 + fi + + - name: Get PR diff + id: diff + env: + GH_TOKEN: ${{ github.token }} + run: | + gh pr diff ${{ github.event.pull_request.number }} > pr_diff.txt + echo "diff_size=$(wc -c < pr_diff.txt | tr -d ' ')" >> "$GITHUB_OUTPUT" + + - name: Check diff size + id: check + run: | + if [ "${{ steps.diff.outputs.diff_size }}" -eq 0 ]; then + echo "skip=true" >> "$GITHUB_OUTPUT" + echo "No diff found, skipping audit." + elif [ "${{ steps.diff.outputs.diff_size }}" -gt 200000 ]; then + echo "skip=true" >> "$GITHUB_OUTPUT" + echo "Diff too large (>200KB), skipping AI audit." + else + echo "skip=false" >> "$GITHUB_OUTPUT" + fi + + - name: Install Claude Code + if: steps.check.outputs.skip != 'true' + run: npm install -g @anthropic-ai/claude-code + + - name: Run AI security audit + if: steps.check.outputs.skip != 'true' + id: audit + env: + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + run: | + PROMPT=$(cat <<'AUDIT_PROMPT' + You are a senior security engineer performing a security audit on a pull request diff. + Analyze the following code diff and provide a structured security audit report. + + Focus on these areas: + 1. **Critical Vulnerabilities**: SQL injection, command injection, XSS, SSRF, deserialization flaws, path traversal + 2. **Authentication & Authorization**: Broken auth, missing access controls, credential exposure + 3. **Cryptography Issues**: Weak algorithms, hardcoded keys/secrets, improper random number generation + 4. **Data Exposure**: Sensitive data leaks, PII exposure, excessive logging of secrets + 5. **Dependency Risks**: Known vulnerable patterns, unsafe deserialization + 6. **Blockchain-Specific**: Private key handling, transaction signing flaws, smart contract interaction risks, address validation + 7. **Input Validation**: Missing or insufficient validation, type confusion, buffer issues + 8. **Configuration & Infrastructure**: Insecure defaults, debug mode in production, permissive CORS + + Output format (use GitHub-flavored Markdown): + + ## AI Security Audit Report + + ### Summary + [One-paragraph overall assessment with risk level: CRITICAL / HIGH / MEDIUM / LOW / CLEAN] + + ### Findings + + For each finding: + #### [SEVERITY] Finding Title + - **File**: `filename:line_number` + - **Category**: [category from above] + - **Description**: What the issue is + - **Impact**: What could go wrong + - **Recommendation**: How to fix it + + If no security issues are found, state that the code appears clean and list what was checked. + + ### Statistics + - Files analyzed: X + - Issues found: X (critical: X, high: X, medium: X, low: X) + + --- + *This report was generated by AI security audit. Please verify findings manually.* + + Here is the diff to audit: + AUDIT_PROMPT + ) + + DIFF_CONTENT=$(cat pr_diff.txt) + FULL_PROMPT="${PROMPT} + \`\`\`diff + ${DIFF_CONTENT} + \`\`\`" + + # Run claude and capture output + AUDIT_RESULT=$(echo "$FULL_PROMPT" | claude -p --output-format text 2>&1) || true + + # Save result to file (avoid shell escaping issues) + echo "$AUDIT_RESULT" > audit_result.md + + - name: Post audit comment + if: steps.check.outputs.skip != 'true' + env: + GH_TOKEN: ${{ github.token }} + run: | + # Build comment body + { + echo "" + echo "" + cat audit_result.md + } > comment_body.md + + PR_NUMBER=${{ github.event.pull_request.number }} + + # Delete previous audit comment if exists + EXISTING_COMMENT_ID=$(gh api \ + "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \ + --jq '.[] | select(.body | contains("")) | .id' \ + | head -1) + + if [ -n "$EXISTING_COMMENT_ID" ]; then + gh api \ + --method DELETE \ + "repos/${{ github.repository }}/issues/comments/${EXISTING_COMMENT_ID}" \ + || true + fi + + # Post new comment + gh pr comment "$PR_NUMBER" --body-file comment_body.md + + - name: Fail if critical issues found + if: steps.check.outputs.skip != 'true' + run: | + if grep -qi '\[CRITICAL\]' audit_result.md; then + CRITICAL_COUNT=$(grep -ci '\[CRITICAL\]' audit_result.md) + echo "::error::AI security audit found ${CRITICAL_COUNT} CRITICAL issue(s). Please fix them before merging." + exit 1 + fi + + - name: Post skip comment + if: steps.check.outputs.skip == 'true' + env: + GH_TOKEN: ${{ github.token }} + run: | + PR_NUMBER=${{ github.event.pull_request.number }} + REASON="No diff found" + if [ "${{ steps.diff.outputs.diff_size }}" -gt 200000 ]; then + REASON="Diff too large (>200KB) for AI audit" + fi + + BODY=" + ## AI Security Audit Report + **Skipped**: ${REASON}. + Please perform a manual security review." + + # Delete previous audit comment if exists + EXISTING_COMMENT_ID=$(gh api \ + "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \ + --jq '.[] | select(.body | contains("")) | .id' \ + | head -1) + + if [ -n "$EXISTING_COMMENT_ID" ]; then + gh api \ + --method DELETE \ + "repos/${{ github.repository }}/issues/comments/${EXISTING_COMMENT_ID}" \ + || true + fi + + gh pr comment "$PR_NUMBER" --body "$BODY" diff --git a/.gitignore b/.gitignore index bfa1474f..5465b564 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,12 @@ src/genjs src/gen tools src/main/resources/static/js/tronjs/tron-protoc.js +logs/ +FileTest/ +bin/ +*.class +build/ + logs docs !docs/ diff --git a/README.md b/README.md index 5b9bcc64..260df917 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,22 @@ # Wallet-cli -Welcome to use the Wallet-cli. +[![Build Status](https://travis-ci.org/tronprotocol/wallet-cli.svg?branch=master)](https://travis-ci.org/tronprotocol/wallet-cli) -Wallet-cli now supports [GasFree](https://gasfree.io) addresses, enable users to transfer tokens without paying gas fees. For more details, please check the [GasFree](#Gas-Free-Support) section below. +Welcome to the TRON Wallet-cli. This tool allows you to interact with the TRON network via the command line. -The underlying implementation of all Wallet-cli gRPC APIs has all migrated to the [Trident SDK](https://github.com/tronprotocol/trident). This strategic move consolidates the underlying implementation of the Wallet-cli's remote procedure calls, standardizing them under the robust and optimized Trident framework. +[Gitter Chat](https://gitter.im/tronprotocol/wallet-cli) | [Telegram Support](https://t.me/TronOfficialDevelopersGroupEn) -If you need any help, please join the [Telegram](https://t.me/TronOfficialDevelopersGroupEn). +--- -## Get started +## Strategic Update +The underlying implementation of all Wallet-cli gRPC APIs has migrated to the [Trident SDK](https://github.com/tronprotocol/trident). This move standardizes the remote procedure calls under the robust Trident framework. -### Download Wallet-cli +## Get Started +### 1. Download Wallet-cli +```bash +git clone [https://github.com/tronprotocol/wallet-cli.git](https://github.com/tronprotocol/wallet-cli.git) +cd wallet-cli git clone https://github.com/tronprotocol/wallet-cli.git ### Edit config.conf in src/main/resources @@ -2172,9 +2177,7 @@ View transaction history. You can configure the maximum number of records that ` Example: ```console wallet> ViewTransactionHistory -==================================== TRANSACTION VIEWER -==================================== MAIN MENU: 1. View all transactions @@ -2667,9 +2670,7 @@ Example: ```console wallet> EncodingConverter -============================== Encoding Converter (CLI) -============================== 1) TRON - EVM Address 2) Base64 Encode / Decode 3) Base58Check Encode / Decode @@ -2722,4 +2723,4 @@ wallet> getPaginatedNowWitnessList 0 2 } ] } -``` \ No newline at end of file +``` diff --git a/build.gradle b/build.gradle index c2aadba5..e36b5023 100644 --- a/build.gradle +++ b/build.gradle @@ -15,9 +15,8 @@ buildscript { } plugins { - id 'com.github.johnrengelman.shadow' version '7.1.2' + id 'com.gradleup.shadow' version '8.3.0' } - group 'Tron' version '1.0-SNAPSHOT' diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 070cb702..0274e260 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ +#Tue Apr 28 14:39:24 PDT 2026 distributionBase=GRADLE_USER_HOME -distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip zipStoreBase=GRADLE_USER_HOME -zipStorePath=wrapper/dists +zipStorePath=wrapper/dists \ No newline at end of file