Merge pull request #2 from basmeerman/feature/native-state-machine-tests

basmeerman · web-flow · commit a6b2377ce9d2 · 2026-02-15T17:54:52.000+01:00
Fix CI: cppcheck suppressions and optional signing
diff --git a/.github/workflows/pio-build.yaml b/.github/workflows/pio-build.yaml
@@ -78,43 +78,40 @@ jobs:
           python -m pip install --upgrade pip
           pip install --upgrade platformio
       - name: Build normal version
+        run: |
+          PLATFORMIO_BUILD_FLAGS='-DVERSION=\"v${{ steps.version.outputs.version }}\" -DDBG=0' pio run -d SmartEVSE-3/
+          mkdir -p ./SmartEVSE-3/distribution
+      - name: Sign normal version
+        if: ${{ secrets.SECRET_RSA_KEY != '' }}
         env:
           super_secret: ${{ secrets.SECRET_RSA_KEY }}
         run: |
-          PLATFORMIO_BUILD_FLAGS='-DVERSION=\"v${{ steps.version.outputs.version }}\" -DDBG=0' pio run -d SmartEVSE-3/
-          # Create a temporary file
           secret_file=$(mktemp)
-          # Write the secret to the temporary file, because passing it as command line argument might reveal it for users using ps -a
           echo "$super_secret" > "$secret_file"
-          # Create signature file
           openssl dgst -sign "$secret_file" -keyform PEM -sha256 -out firmware.sign -binary ./SmartEVSE-3/.pio/build/release/firmware.bin
-          # throw it all in one file
           cat firmware.sign ./SmartEVSE-3/.pio/build/release/firmware.bin > ./SmartEVSE-3/.pio/build/release/firmware.signed.bin
-
-          # save .bin files to directory because v4 upload-artifact@v4 can no longer add files to an existing artifact; so much for efficiency :-(
-          mkdir ./SmartEVSE-3/distribution
-          mv ./SmartEVSE-3/.pio/build/release/*.bin ./SmartEVSE-3/distribution
-
-          # Remove the temporary file
           rm -f "$secret_file"
+      - name: Collect normal build artifacts
+        run: mv ./SmartEVSE-3/.pio/build/release/*.bin ./SmartEVSE-3/distribution
       - name: Build debug version
+        run: |
+          PLATFORMIO_BUILD_FLAGS='-DVERSION=\"v${{ steps.version.outputs.version }}\" -DDBG=1' pio run -d SmartEVSE-3/
+      - name: Sign debug version
+        if: ${{ secrets.SECRET_RSA_KEY != '' }}
         env:
           super_secret: ${{ secrets.SECRET_RSA_KEY }}
         run: |
-          PLATFORMIO_BUILD_FLAGS='-DVERSION=\"v${{ steps.version.outputs.version }}\" -DDBG=1' pio run -d SmartEVSE-3/
-          # Create a temporary file
           secret_file=$(mktemp)
-          # Write the secret to the temporary file, because passing it as command line argument might reveal it for users using ps -a
           echo "$super_secret" > "$secret_file"
-          # Create signature file
           openssl dgst -sign "$secret_file" -keyform PEM -sha256 -out firmware.sign -binary ./SmartEVSE-3/.pio/build/release/firmware.bin
-          # throw it all in one file
           cat firmware.sign ./SmartEVSE-3/.pio/build/release/firmware.bin > ./SmartEVSE-3/.pio/build/release/firmware.signed.bin
-          # Remove the temporary file
           rm -f "$secret_file"
+      - name: Collect debug build artifacts
+        run: |
           mv ./SmartEVSE-3/.pio/build/release/firmware.bin ./SmartEVSE-3/distribution/firmware.debug.bin
-          mv ./SmartEVSE-3/.pio/build/release/firmware.signed.bin ./SmartEVSE-3/distribution/firmware.debug.signed.bin
-          # prevent the .bin files are gathered in .pio directory in the dists-zip file:
+          if [ -f ./SmartEVSE-3/.pio/build/release/firmware.signed.bin ]; then
+            mv ./SmartEVSE-3/.pio/build/release/firmware.signed.bin ./SmartEVSE-3/distribution/firmware.debug.signed.bin
+          fi
           cp -a ./SmartEVSE-3/HowToFlash.txt ./SmartEVSE-3/distribution
 
       # Combined upload for all artifacts using v4
diff --git a/SECURITY.md b/SECURITY.md
@@ -21,6 +21,20 @@ SmartEVSE is an internet-connected device that controls mains electricity. Secur
 - Denial of service that could leave contactors in an unsafe state
 - Information disclosure of WiFi credentials or RFID card data
 
+## Security Design Choices
+
+### Shared Default TLS Certificate
+
+The repository includes a self-signed EC private key (`SmartEVSE-3/data/key.pem`) and certificate (`SmartEVSE-3/data/cert.pem`) used for the device's built-in HTTPS web server. This is an intentional design choice: every SmartEVSE ships with the same default keypair so that HTTPS works out of the box without requiring a per-device provisioning step.
+
+**Implications:**
+
+- The private key is public knowledge. HTTPS provides encryption in transit but does not authenticate the device — an attacker on the local network could impersonate a SmartEVSE endpoint.
+- All devices share the same certificate, so compromising one does not increase risk to others (there is no unique secret to protect).
+- This is a common tradeoff in embedded devices where there is no certificate authority infrastructure or user-facing provisioning flow.
+
+Users who require stronger TLS authentication should replace the default keypair with a device-specific certificate.
+
 ## Supported Versions
 
 | Version | Supported |
diff --git a/SmartEVSE-3/src/evse_state_machine.c b/SmartEVSE-3/src/evse_state_machine.c
@@ -62,6 +62,7 @@ static void record_pilot(evse_ctx_t *ctx, bool connected) {
 }
 
 // ---- Initialization ----
+// cppcheck-suppress constParameterPointer
 void evse_init(evse_ctx_t *ctx, evse_hal_t *hal) {
     memset(ctx, 0, sizeof(evse_ctx_t));
 
@@ -166,6 +167,7 @@ void evse_init(evse_ctx_t *ctx, evse_hal_t *hal) {
 
 // ---- Phase switching helper ----
 // Faithful to Force_Single_Phase_Charging() in main.cpp:681-696
+// cppcheck-suppress constParameterPointer
 uint8_t evse_force_single_phase(evse_ctx_t *ctx) {
     switch (ctx->EnableC2) {
         case NOT_PRESENT: return 0;  // 3P
@@ -446,10 +448,10 @@ void evse_calc_balanced_current(evse_ctx_t *ctx, int mod) {
     int32_t TotalCurrent = 0;
     int32_t ActiveMax = 0;
     int32_t Baseload, Baseload_EV;
-    int32_t Idifference;
+    int32_t Idifference; // cppcheck-suppress variableScope
     int32_t IsumImport = 0;
     bool LimitedByMaxSumMains = false;
-    char CurrentSet[NR_EVSES] = {0};
+    char CurrentSet[NR_EVSES] = {0}; // cppcheck-suppress variableScope
 
     // ---- Phase 1: ChargeCurrent (lines 1158-1179) ----
     if (ctx->BalancedState[0] == STATE_C && ctx->MaxCurrent > ctx->MaxCapacity && ctx->MaxCapacity)
@@ -601,6 +603,7 @@ void evse_calc_balanced_current(evse_ctx_t *ctx, int mod) {
 
             // Solar shortage: 3P->1P switching (lines 1337-1370)
             if (ctx->Mode == MODE_SOLAR) {
+                // cppcheck-suppress knownConditionTrueFalse
                 if (ActiveEVSE && IsumImport > 0 &&
                     (ctx->Isum > (int32_t)((ActiveEVSE * ctx->MinCurrent * ctx->Nr_Of_Phases_Charging
                                              - ctx->StartCurrent) * 10) ||
