[NONEVM-2656] Contract version debugging tool #222
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
patricios-space
force-pushed
the
debug/code-version-matcher
branch
from
b3fb714 to
d636748
Compare
patricios-space
force-pushed
the
debug/code-version-matcher
branch
from
1a9a6a8 to
1c553bb
Compare
patricios-space
force-pushed
the
debug/code-version-matcher
branch
from
6ade2c4 to
b5070c2
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a debugging tool to search for the commit hash that corresponds to a given contract code hash by cross-referencing published artifacts. The tool connects to the TON blockchain, retrieves a contract's code hash, and searches through GitHub releases to find the matching compiled contract.
Key changes:
- Added a complete Go application for contract version debugging
- Implemented GitHub API integration to fetch releases and commit information
- Created functionality to download and parse contract artifacts from releases
Reviewed Changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| scripts/codehash-matcher/main.go | Main application with TON RPC connection, GitHub API integration, and contract matching logic |
| scripts/codehash-matcher/go.mod | Go module definition with dependencies for TON utilities |
| scripts/codehash-matcher/README.md | Documentation explaining tool usage, examples, and troubleshooting |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| strings.Contains(baseName, "/") || | ||
| strings.Contains(baseName, "\\") || | ||
| strings.Contains(baseName, "..") || | ||
| strings.HasPrefix(baseName, ".") { |
There was a problem hiding this comment.
The security check to reject filenames starting with '.' may be too restrictive as it would also reject legitimate files like '.compiled.json'. Consider allowing files that end with '.compiled.json' even if they start with a dot, or adjust the logic to be more specific about which dot-prefixed files to reject.
| strings.HasPrefix(baseName, ".") { | |
| (strings.HasPrefix(baseName, ".") && !strings.HasSuffix(baseName, ".compiled.json")) { |
Copilot uses AI. Check for mistakes.
| strings.Contains(baseName, "/") || | ||
| strings.Contains(baseName, "\\") || |
There was a problem hiding this comment.
The path sanitization logic has a logical issue. Since baseName is derived from filepath.Base(header.Name), it should never contain '/' or '\' characters, making those checks redundant. Consider removing these redundant checks or restructuring the validation logic.
| strings.Contains(baseName, "/") || | |
| strings.Contains(baseName, "\\") || |
Copilot uses AI. Check for mistakes.
1 participant
NONEVM-2656
Debugging tool to search the commit hash given the contract code hash and the published artifacts