Stellar add security contract field (#563)

Co-authored-by: Eric Lau <[email protected]>

Author: CoveMB

.changeset/busy-banks-shout.md

@@ -0,0 +1,5 @@
+---
+'@openzeppelin/wizard-stellar': patch
+---
+
+Add security contact in contract info

packages/core/stellar/src/contract.test.ts

@@ -82,3 +82,22 @@ test('contract with sorted use clauses', t => {
   Foo.addUseClause('another::library', 'self', { alias: 'custom1' });
   t.snapshot(printContract(Foo));
 });
+
+test('contract with documentation', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addDocumentation('Some documentation');
+  t.snapshot(printContract(Foo));
+});
+
+test('contract with security info', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addSecurityTag('[email protected]');
+  t.snapshot(printContract(Foo));
+});
+
+test('contract with security info and documentation', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addSecurityTag('[email protected]');
+  Foo.addDocumentation('Some documentation');
+  t.snapshot(printContract(Foo));
+});

packages/core/stellar/src/contract.test.ts.md

@@ -140,3 +140,51 @@ Generated by [AVA](https://avajs.dev).
     #[contract]␊
     pub struct Foo;␊
     `
+
+## contract with documentation
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Stellar Soroban Contracts ^0.2.0␊
+    ␊
+    //! Some documentation␊
+    #![no_std]␊
+    ␊
+    #[contract]␊
+    pub struct Foo;␊
+    `
+
+## contract with security info
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Stellar Soroban Contracts ^0.2.0␊
+    ␊
+    //! # Security␊
+    //!␊
+    //! For security issues, please contact: [email protected]␊
+    #![no_std]␊
+    ␊
+    #[contract]␊
+    pub struct Foo;␊
+    `
+
+## contract with security info and documentation
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Stellar Soroban Contracts ^0.2.0␊
+    ␊
+    //! Some documentation␊
+    ␊
+    //! # Security␊
+    //!␊
+    //! For security issues, please contact: [email protected]␊
+    #![no_std]␊
+    ␊
+    #[contract]␊
+    pub struct Foo;␊
+    `

packages/core/stellar/src/contract.test.ts.snap

@@ -2,6 +2,8 @@ import { toIdentifier } from './utils/convert-strings';
 
 export interface Contract {
   license: string;
+  securityContact: string;
+  documentations: string[];
   name: string;
   useClauses: UseClause[];
   constructorCode: string[];
@@ -72,8 +74,11 @@ export interface Argument {
 export class ContractBuilder implements Contract {
   readonly name: string;
   license = 'MIT';
+  securityContact = '';
   ownable = false;
 
+  readonly documentations: string[] = [];
+
   readonly constructorArgs: Argument[] = [];
   readonly constructorCode: string[] = [];
 
@@ -250,4 +255,12 @@ export class ContractBuilder implements Contract {
   addDerives(derive: string): void {
     this.derivesSet.add(derive);
   }
+
+  addDocumentation(description: string) {
+    this.documentations.push(description);
+  }
+
+  addSecurityTag(securityContact: string) {
+    this.securityContact = securityContact;
+  }
 }

packages/core/stellar/src/contract.ts

@@ -23,6 +23,8 @@ export function printContract(contract: Contract): string {
       [
         `// SPDX-License-Identifier: ${contract.license}`,
         `// Compatible with OpenZeppelin Stellar Soroban Contracts ${compatibleContractsSemver}`,
+        ...(contract.documentations.length ? ['', ...printDocumentations(contract.documentations)] : []),
+        ...(contract.securityContact ? ['', ...printSecurityTag(contract.securityContact)] : []),
         ...createLevelAttributes,
       ],
       spaceBetween(
@@ -360,3 +362,11 @@ function printArgument(arg: Argument): string {
     return `${arg.name}`;
   }
 }
+
+function printDocumentations(documentations: string[]): string[] {
+  return documentations.map(documentation => `//! ${documentation}`);
+}
+
+function printSecurityTag(securityContact: string) {
+  return ['//! # Security', '//!', `//! For security issues, please contact: ${securityContact}`];
+}

packages/core/stellar/src/print.ts

@@ -1,15 +1,22 @@
 import type { ContractBuilder } from './contract';
 
+export const TAG_SECURITY_CONTACT = `@custom:security-contact`;
+
 export const infoOptions = [{}, { license: 'WTFPL' }] as const;
 
 export const defaults: Info = { license: 'MIT' };
 
 export type Info = {
   license?: string;
+  securityContact?: string;
 };
 
 export function setInfo(c: ContractBuilder, info: Info): void {
-  const { license } = info;
+  const { securityContact, license } = info;
+
+  if (securityContact) {
+    c.addSecurityTag(securityContact);
+  }
 
   if (license) {
     c.license = license;