Fix osvm audit panic by correcting Tera template initialization and syntax

Copilot · 0xrinegade · Copilot · commit 3d4459fac5af · 2025-08-01T19:57:27.000Z
Co-authored-by: 0xrinegade &lt;101195284+0xrinegade@users.noreply.github.com&gt;
diff --git a/local-audit/osvm_audit_report_20250801_195609.typ b/local-audit/osvm_audit_report_20250801_195609.typ
@@ -0,0 +1,307 @@
+#set document(title: "OSVM Security Audit Report")
+#set page(numbering: "1")
+#set text(size: 11pt)
+#set heading(numbering: "1.")
+
+#align(center)[
+  #text(size: 24pt, weight: "bold")[OSVM Security Audit Report]
+  
+  #v(1em)
+  
+  #text(size: 14pt)[Comprehensive Security Assessment]
+  
+  #v(2em)
+  
+  #text(size: 12pt)[
+    Generated: 2025-08-01 19:56:09 UTC
+    
+    Version: 0.4.3
+    
+    Security Score: 75/100
+    
+    Compliance Level: Moderate
+  ]
+]
+
+#pagebreak()
+
+= Executive Summary
+
+This report presents the results of a comprehensive security audit conducted on the OSVM (Open SVM) CLI application. The audit identified 6 findings across various security domains.
+
+#table(
+  columns: (auto, auto),
+  stroke: none,
+  [*Metric*], [*Value*],
+  [Total Findings], [6],
+  [Critical], [1],
+  [High], [2],
+  [Medium], [3],
+  [Low], [0],
+  [Info], [0],
+  [Security Score], [75/100],
+  [Compliance Level], [Moderate],
+)
+
+
+#text(fill: red, weight: "bold")[
+  ⚠️ This audit identified 3 critical or high severity findings that require immediate attention.
+]
+
+
+= System Information
+
+#table(
+  columns: (auto, auto),
+  stroke: none,
+  [*Component*], [*Version*],
+  [Rust], [rustc 1.87.0 (example)],
+  [Solana], [solana-cli 2.2.7 (example)],
+  [OS], [Linux x86_64],
+  [Architecture], [x86_64],
+)
+
+= Security Findings
+
+
+== Security (1 findings)
+
+
+=== OSVM-001 - Example security finding
+
+*Severity:* Medium
+*Category:* Security
+*CWE ID:* CWE-200
+*CVSS Score:* 5
+
+*Description:*
+This is an example security finding for demonstration purposes
+
+*Impact:*
+Potential information disclosure
+
+*Recommendation:*
+Review and implement proper access controls
+
+*Code Location:* src/example.rs
+
+
+*References:*
+
+- https://cwe.mitre.org/data/definitions/200.html
+
+
+
+
+
+== Solana Security (5 findings)
+
+
+=== OSVM-SOL-001 - Missing signer validation in Solana program
+
+*Severity:* Critical
+*Category:* Solana Security
+*CWE ID:* CWE-862
+*CVSS Score:* 9
+
+*Description:*
+Detected potential missing signer validation in program instruction handling
+
+*Impact:*
+Unauthorized users could execute privileged operations
+
+*Recommendation:*
+Always validate that required accounts are signers using is_signer checks
+
+*Code Location:* src/solana/program.rs
+
+
+*References:*
+
+- https://book.anchor-lang.com/anchor_bts/security.html
+
+- https://solana.com/developers/guides/getstarted/intro-to-anchor
+
+
+
+
+=== OSVM-SOL-002 - Potential PDA verification bypass
+
+*Severity:* High
+*Category:* Solana Security
+*CWE ID:* CWE-345
+*CVSS Score:* 8
+
+*Description:*
+Program uses PDA operations without proper verification of derived addresses
+
+*Impact:*
+Attackers could provide arbitrary accounts instead of valid PDAs
+
+*Recommendation:*
+Always verify PDA derivation matches expected seeds and program ID
+
+*Code Location:* src/solana/pda.rs
+
+
+*References:*
+
+- https://solanacookbook.com/references/programs.html#how-to-create-a-pda
+
+
+
+
+=== OSVM-SOL-003 - SPL token operations without authority checks
+
+*Severity:* High
+*Category:* Solana Security
+*CWE ID:* CWE-862
+*CVSS Score:* 8
+
+*Description:*
+Token operations performed without proper authority validation
+
+*Impact:*
+Unauthorized token operations could lead to fund theft
+
+*Recommendation:*
+Always verify token authorities before performing operations
+
+*Code Location:* src/solana/token.rs
+
+
+*References:*
+
+- https://spl.solana.com/token
+
+
+
+
+=== OSVM-SOL-004 - Missing MEV protection in trading operations
+
+*Severity:* Medium
+*Category:* Solana Security
+*CWE ID:* CWE-841
+*CVSS Score:* 4.5
+
+*Description:*
+Trading operations lack protection against MEV attacks
+
+*Impact:*
+Transactions vulnerable to front-running and sandwich attacks
+
+*Recommendation:*
+Implement slippage protection and transaction deadlines
+
+*Code Location:* src/solana/dex.rs
+
+
+*References:*
+
+- https://docs.solana.com/developing/programming-model/transactions
+
+
+
+
+=== OSVM-SOL-005 - Insecure Solana RPC endpoint usage
+
+*Severity:* Medium
+*Category:* Solana Security
+*CWE ID:* CWE-319
+*CVSS Score:* 5
+
+*Description:*
+Application uses public or insecure RPC endpoints
+
+*Impact:*
+Rate limiting, censorship, or man-in-the-middle attacks on RPC calls
+
+*Recommendation:*
+Use HTTPS RPC endpoints and consider private/dedicated RPC providers
+
+*Code Location:* src/config/rpc.rs
+
+
+*References:*
+
+- https://docs.solana.com/cluster/rpc-endpoints
+
+
+
+
+
+
+= Security Recommendations
+
+
+1. Implement regular security audits
+
+
+2. Keep dependencies up to date
+
+
+3. Follow security best practices
+
+
+4. Implement proper Solana account validation
+
+
+5. Use secure RPC endpoints and MEV protection
+
+
+6. Follow Solana security guidelines and best practices
+
+
+
+= Compliance Notes
+
+
+- This audit follows industry security standards
+
+- Findings are categorized using CWE framework
+
+- Solana-specific security checks included
+
+- Critical Solana vulnerabilities require immediate attention
+
+
+= Statistics
+
+#table(
+  columns: (auto, auto),
+  stroke: none,
+  [*Metric*], [*Value*],
+  [Total Findings], [6],
+  [Findings with CWE], [6],
+  [Findings with CVSS], [6],
+  [Findings with Location], [6],
+  [Unique Categories], [2],
+  [Average CVSS Score], [6.6],
+  [Coverage Percentage], [100%],
+)
+
+= Conclusion
+
+This security audit provides a comprehensive assessment of the OSVM CLI application's security posture. All identified findings should be addressed according to their severity level, with critical and high-severity issues taking priority.
+
+
+#text(fill: red, weight: "bold")[
+  ⚠️ CRITICAL: 1 critical findings require immediate remediation.
+]
+
+
+
+#text(fill: orange, weight: "bold")[
+  ⚠️ HIGH: 2 high-severity findings should be addressed promptly.
+]
+
+
+Regular security assessments and continuous monitoring are recommended to maintain a strong security stance.
+
+#align(center)[
+  #text(size: 10pt, style: "italic")[
+    Generated by OSVM Security Audit System
+    
+    End of Report
+  ]
+]
diff --git a/src/utils/audit_templates.rs b/src/utils/audit_templates.rs
@@ -18,7 +18,7 @@ pub struct TemplateReportGenerator {
 impl TemplateReportGenerator {
     /// Create a new template report generator
     pub fn new() -> Result<Self> {
-        let mut tera = Tera::new("templates/**/*").unwrap_or_else(|_| Tera::new("").unwrap());
+        let mut tera = Tera::new("templates/**/*").unwrap_or_else(|_| Tera::default());
 
         // Register built-in templates
         let typst_template = include_str!("../../templates/audit_report.typ");
diff --git a/templates/audit_report.html b/templates/audit_report.html
@@ -204,8 +204,8 @@ <h2>Audit Statistics</h2>
         <tr><td>Findings with CWE</td><td>{{ statistics.findings_with_cwe }}</td></tr>
         <tr><td>Findings with CVSS</td><td>{{ statistics.findings_with_cvss }}</td></tr>
         <tr><td>Unique Categories</td><td>{{ statistics.unique_categories }}</td></tr>
-        <tr><td>Average CVSS Score</td><td>{{ "%.1f" | format(statistics.average_cvss_score) }}</td></tr>
-        <tr><td>Coverage Percentage</td><td>{{ "%.1f" | format(statistics.coverage_percentage) }}%</td></tr>
+        <tr><td>Average CVSS Score</td><td>{{ statistics.average_cvss_score | round(precision=1) }}</td></tr>
+        <tr><td>Coverage Percentage</td><td>{{ statistics.coverage_percentage | round(precision=1) }}%</td></tr>
     </table>
 
     <div style="text-align: center; margin-top: 50px; padding-top: 20px; border-top: 1px solid #ddd; color: #666;">
diff --git a/templates/audit_report.typ b/templates/audit_report.typ
@@ -119,8 +119,8 @@ This report presents the results of a comprehensive security audit conducted on
   [Findings with CVSS], [{{ statistics.findings_with_cvss }}],
   [Findings with Location], [{{ statistics.findings_with_location }}],
   [Unique Categories], [{{ statistics.unique_categories }}],
-  [Average CVSS Score], [{{ "%.1f" | format(statistics.average_cvss_score) }}],
-  [Coverage Percentage], [{{ "%.1f" | format(statistics.coverage_percentage) }}%],
+  [Average CVSS Score], [{{ statistics.average_cvss_score | round(precision=1) }}],
+  [Coverage Percentage], [{{ statistics.coverage_percentage | round(precision=1) }}%],
 )
 
 = Conclusion
diff --git a/templates/audit_summary.md b/templates/audit_summary.md
@@ -77,8 +77,8 @@
 - **Findings with CWE:** {{ statistics.findings_with_cwe }}
 - **Findings with CVSS:** {{ statistics.findings_with_cvss }}
 - **Unique Categories:** {{ statistics.unique_categories }}
-- **Average CVSS Score:** {{ "%.1f" | format(statistics.average_cvss_score) }}
-- **Coverage Percentage:** {{ "%.1f" | format(statistics.coverage_percentage) }}%
+- **Average CVSS Score:** {{ statistics.average_cvss_score | round(precision=1) }}
+- **Coverage Percentage:** {{ statistics.coverage_percentage | round(precision=1) }}%
 
 ---
 
