Stylus add security contract field (#564)

Co-authored-by: Eric Lau <[email protected]>

Author: CoveMB

.changeset/fair-plums-throw.md

@@ -0,0 +1,5 @@
+---
+'@openzeppelin/wizard-stylus': patch
+---
+
+Add security contact in contract info

packages/core/stylus/package.json

@@ -17,7 +17,8 @@
     "prepare": "tsc",
     "prepublish": "rimraf dist *.tsbuildinfo",
     "test": "ava",
-    "test:watch": "ava --watch"
+    "test:watch": "ava --watch",
+    "test:update-snapshots": "ava --update-snapshots"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",
@@ -28,4 +29,4 @@
     "typescript": "^5.0.0",
     "semver": "^7.6.0"
   }
-}
+}

packages/core/stylus/src/contract.test.ts

@@ -77,3 +77,22 @@ test('contract with sorted traits', t => {
   );
   t.snapshot(printContract(Foo));
 });
+
+test('contract with documentation', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addDocumentation('Some documentation');
+  t.snapshot(printContract(Foo));
+});
+
+test('contract with security info', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addSecurityTag('[email protected]');
+  t.snapshot(printContract(Foo));
+});
+
+test('contract with security info and documentation', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addSecurityTag('[email protected]');
+  Foo.addDocumentation('Some documentation');
+  t.snapshot(printContract(Foo));
+});

packages/core/stylus/src/contract.test.ts.md

@@ -167,3 +167,76 @@ Generated by [AVA](https://avajs.dev).
         fn funcSpecial() {}␊
     }␊
     `
+
+## contract with documentation
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Contracts for Stylus ^0.2.0-alpha.4␊
+    //! Some documentation␊
+    ␊
+    #![cfg_attr(not(any(test, feature = "export-abi")), no_main)]␊
+    extern crate alloc;␊
+    ␊
+    use stylus_sdk::prelude::*;␊
+    ␊
+    #[entrypoint]␊
+    #[storage]␊
+    struct Foo {}␊
+    ␊
+    #[public]␊
+    #[inherit]␊
+    impl Foo {}␊
+    `
+
+## contract with security info
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Contracts for Stylus ^0.2.0-alpha.4␊
+    ␊
+    //! # Security␊
+    //!␊
+    //! For security issues, please contact: [email protected]␊
+    ␊
+    #![cfg_attr(not(any(test, feature = "export-abi")), no_main)]␊
+    extern crate alloc;␊
+    ␊
+    use stylus_sdk::prelude::*;␊
+    ␊
+    #[entrypoint]␊
+    #[storage]␊
+    struct Foo {}␊
+    ␊
+    #[public]␊
+    #[inherit]␊
+    impl Foo {}␊
+    `
+
+## contract with security info and documentation
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Contracts for Stylus ^0.2.0-alpha.4␊
+    //! Some documentation␊
+    ␊
+    //! # Security␊
+    //!␊
+    //! For security issues, please contact: [email protected]␊
+    ␊
+    #![cfg_attr(not(any(test, feature = "export-abi")), no_main)]␊
+    extern crate alloc;␊
+    ␊
+    use stylus_sdk::prelude::*;␊
+    ␊
+    #[entrypoint]␊
+    #[storage]␊
+    struct Foo {}␊
+    ␊
+    #[public]␊
+    #[inherit]␊
+    impl Foo {}␊
+    `

packages/core/stylus/src/contract.test.ts.snap

@@ -7,7 +7,9 @@ type Name = {
 
 export interface Contract {
   license: string;
+  securityContact: string;
   name: Name;
+  documentations: string[];
   useClauses: UseClause[];
   implementedTraits: ImplementedTrait[];
   constants: Variable[];
@@ -73,6 +75,9 @@ export interface Argument {
 export class ContractBuilder implements Contract {
   readonly name: Name;
   license = 'MIT';
+  securityContact = '';
+
+  readonly documentations: string[] = [];
 
   private implementedTraitsMap: Map<string, ImplementedTrait> = new Map();
   private useClausesMap: Map<string, UseClause> = new Map();
@@ -199,4 +204,12 @@ export class ContractBuilder implements Contract {
     const existingFn = this.addFunction(baseTrait, fn);
     existingFn.attribute = attribute;
   }
+
+  addDocumentation(description: string) {
+    this.documentations.push(description);
+  }
+
+  addSecurityTag(securityContact: string) {
+    this.securityContact = securityContact;
+  }
 }

packages/core/stylus/src/contract.ts

@@ -16,6 +16,8 @@ export function printContract(contract: Contract): string {
       [
         `// SPDX-License-Identifier: ${contract.license}`,
         `// Compatible with OpenZeppelin Contracts for Stylus ${compatibleContractsSemver}`,
+        ...printDocumentations(contract.documentations),
+        ...(contract.securityContact ? ['', ...printSecurityTag(contract.securityContact)] : []),
       ],
       [`#![cfg_attr(not(any(test, feature = "export-abi")), no_main)]`, `extern crate alloc;`],
       spaceBetween(
@@ -284,3 +286,11 @@ function printArgument(arg: Argument): string {
     return `${arg.name}`;
   }
 }
+
+function printDocumentations(documentations: string[]): string[] {
+  return documentations.map(documentation => `//! ${documentation}`);
+}
+
+function printSecurityTag(securityContact: string) {
+  return ['//! # Security', '//!', `//! For security issues, please contact: ${securityContact}`];
+}

packages/core/stylus/src/print.ts

@@ -6,10 +6,15 @@ export const defaults: Info = { license: 'MIT' };
 
 export type Info = {
   license?: string;
+  securityContact?: string;
 };
 
 export function setInfo(c: ContractBuilder, info: Info): void {
-  const { license } = info;
+  const { securityContact, license } = info;
+
+  if (securityContact) {
+    c.addSecurityTag(securityContact);
+  }
 
   if (license) {
     c.license = license;

packages/core/stylus/src/set-info.ts

@@ -13,6 +13,12 @@ export const stylusCommonFunctionDescription = {
     type: 'object',
     description: 'Metadata about the contract and author',
     properties: {
+      securityContact: {
+        type: 'string',
+        description:
+          'Email where people can contact you to report security issues. Will only be visible if contract metadata is verified.',
+      },
+
       license: {
         type: 'string',
         description: 'The license used by the contract, default is "MIT"',

packages/ui/api/ai-assistant/function-definitions/stylus-shared.ts

@@ -1,6 +1,7 @@
 <script lang="ts">
   import type { Info } from '@openzeppelin/wizard-stylus';
   import { infoDefaults } from '@openzeppelin/wizard-stylus';
+  import HelpTooltip from '../common/HelpTooltip.svelte';
 
   export let info: Info;
 </script>
@@ -13,6 +14,16 @@
     </label>
   </h1>
 
+  <label class="labeled-input">
+    <span class="flex justify-between pr-2">
+      Security Contact
+      <HelpTooltip>
+        Where people can contact you to report security issues. Will only be visible if contract metadata is verified.
+      </HelpTooltip>
+    </span>
+    <input bind:value={info.securityContact} placeholder="[email protected]" />
+  </label>
+
   <label class="labeled-input">
     <span>License</span>
     <input bind:value={info.license} placeholder={infoDefaults.license} />