From 367e458f94614cfac36501be2d35790ccdeaac78 Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Sat, 8 Nov 2025 08:33:36 +0900 Subject: [PATCH 1/4] run cargo audit --- .github/workflows/cargo-audit.yml | 25 +++++++++++++++++++++++++ README.md | 4 ++++ justfile | 4 ++++ 3 files changed, 33 insertions(+) create mode 100644 .github/workflows/cargo-audit.yml diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml new file mode 100644 index 000000000..577202b01 --- /dev/null +++ b/.github/workflows/cargo-audit.yml @@ -0,0 +1,25 @@ +name: Cargo Audit + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "0 6 * * 1" + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-audit + run: cargo install cargo-audit --locked + + - name: Run cargo audit + run: cargo audit diff --git a/README.md b/README.md index f6b7d4d90..72fe60043 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,10 @@ Run `just install` to install rust, typeshare Run API locally: `cargo run --package api` +## Security Scanning + +Run `just audit` to execute [`cargo-audit`](https://github.com/RustSec/rustsec/tree/main/cargo-audit) across the entire workspace. The command installs `cargo-audit` if needed and reports vulnerable or unmaintained dependencies surfaced via the RustSec advisory database. Treat the warnings as action items when possible, and file follow-up issues if immediate remediation is not feasible. + ## Gemstone Cross platform Rust library for iOS and Android with native async networking support. diff --git a/justfile b/justfile index 54efb5130..2d06f06c8 100644 --- a/justfile +++ b/justfile @@ -68,6 +68,10 @@ lint: @cargo clippy --version cargo clippy -- -D warnings +audit: + @command -v cargo-audit >/dev/null || cargo install cargo-audit --locked + cargo audit + unused: cargo install cargo-machete cargo machete From dc21d1e7834211f40a606057b8101c991a2ead6f Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Sat, 8 Nov 2025 09:20:19 +0900 Subject: [PATCH 2/4] add GH CodeQL --- .github/workflows/codeql.yml | 41 ++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..d3b9b3da2 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: CodeQL + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "0 3 * * 1" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["rust"] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@stable + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 From a34ac793117d4d40167bdbeed1f741dc99c4142c Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Sat, 8 Nov 2025 15:57:46 +0900 Subject: [PATCH 3/4] adjust cargo audit and codeql frequency --- .github/workflows/cargo-audit.yml | 6 +----- .github/workflows/codeql.yml | 4 ---- Cargo.lock | 25 +++++++++++++++++++++++++ Cargo.toml | 1 + 4 files changed, 27 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index 577202b01..46d6145a0 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -1,12 +1,8 @@ name: Cargo Audit on: - push: - branches: ["main"] - pull_request: - branches: ["main"] schedule: - - cron: "0 6 * * 1" + - cron: "0 6 * * *" jobs: audit: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d3b9b3da2..59a915478 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,10 +1,6 @@ name: CodeQL on: - push: - branches: ["main"] - pull_request: - branches: ["main"] schedule: - cron: "0 3 * * 1" diff --git a/Cargo.lock b/Cargo.lock index e2998cd73..4de3f2a7f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4389,6 +4389,31 @@ dependencies = [ "tokio", ] +[[package]] +name = "nft_client" +version = "1.0.0" +dependencies = [ + "nft_provider", + "primitives", + "reqwest", + "storage", +] + +[[package]] +name = "nft_provider" +version = "1.0.0" +dependencies = [ + "async-trait", + "futures", + "gem_evm", + "primitives", + "reqwest", + "serde", + "serde_json", + "settings", + "tokio", +] + [[package]] name = "nom" version = "7.1.3" diff --git a/Cargo.toml b/Cargo.toml index 7b31d3df6..055562388 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,6 +40,7 @@ members = [ "crates/job_runner", "crates/search_index", "crates/nft", + "crates/nft_client", "crates/serde_serializers", "crates/number_formatter", "crates/prices_dex", From 9ddbdb4b2dfc9743d0271831a2fa1369e6b6667e Mon Sep 17 00:00:00 2001 From: 0xh3rman <119309671+0xh3rman@users.noreply.github.com> Date: Sat, 8 Nov 2025 15:59:13 +0900 Subject: [PATCH 4/4] lock audit version --- .github/workflows/cargo-audit.yml | 2 +- justfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index 46d6145a0..a78aa46d0 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -15,7 +15,7 @@ jobs: uses: dtolnay/rust-toolchain@stable - name: Install cargo-audit - run: cargo install cargo-audit --locked + run: cargo install cargo-audit --locked --version 0.22.0 - name: Run cargo audit run: cargo audit diff --git a/justfile b/justfile index 2d06f06c8..f68e6e5ac 100644 --- a/justfile +++ b/justfile @@ -69,7 +69,7 @@ lint: cargo clippy -- -D warnings audit: - @command -v cargo-audit >/dev/null || cargo install cargo-audit --locked + @command -v cargo-audit >/dev/null || cargo install cargo-audit --locked --version 0.22.0 cargo audit unused: