test: Reset EIP-712 filtering globals on every process_data call

cedelavergne-ledger · cedelavergne-ledger · commit 89db0147a0dd · 2026-05-12T15:59:19.000+02:00
InputData.process_data() reset current_path on entry but left
filtering_paths, filtering_tokens, filtering_calldatas and sig_ctx
populated whenever the `filters` argument was omitted. As a result, a
prior filtered signing flow contaminated later supposedly-unfiltered
flows in the same Python process: the helper would replay leftover
filter descriptors as extra APDUs and corrupt downstream snapshot
comparisons or assertions.

Clear every piece of module-level state at the start of each call,
regardless of whether filters are provided. This makes the helper
re-entrant within a single test process so cross-test state leakage
no longer hides UI/signing regressions (CWE-664).
diff --git a/client/src/ledger_app_clients/ethereum/eip712/InputData.py b/client/src/ledger_app_clients/ethereum/eip712/InputData.py
@@ -595,8 +595,23 @@ def process_data(aclient: EthAppClient,
                  filters: Optional[dict] = None) -> None:
     global app_client
     global current_path
-
+    global filtering_paths
+    global filtering_tokens
+    global filtering_calldatas
+    global sig_ctx
+
+    # Reset every piece of module-level state at the start of each call so
+    # that a previous filtered run cannot contaminate the next one. The
+    # previous behavior reset current_path but left filtering_paths,
+    # filtering_tokens, filtering_calldatas and sig_ctx populated whenever
+    # `filters` was omitted, leading to silent cross-test state leakage
+    # (CWE-664).
     current_path = []
+    filtering_paths = {}
+    filtering_tokens = []
+    filtering_calldatas = []
+    sig_ctx = {}
+
     # deepcopy because this function modifies the dict
     data_json = copy.deepcopy(data_json)
     app_client = aclient
