diff --git a/.github/workflows/ci-vendor-fluvio.yml b/.github/workflows/ci-vendor-fluvio.yml new file mode 100644 index 0000000..a5fbbd3 --- /dev/null +++ b/.github/workflows/ci-vendor-fluvio.yml @@ -0,0 +1,15 @@ +name: Modsurfer Action - Fluvio +on: [push, pull_request, workflow_dispatch] +jobs: + check-validate: + runs-on: ubuntu-latest + strategy: + matrix: + wasm: [filter, map, filter-map, array-map, aggregate] + steps: + - uses: actions/checkout@v3 + - name: modsurfer validate + uses: dylibso/modsurfer-validate-action@main + with: + path: vendors/fluvio/${{ matrix.wasm }}/${{ matrix.wasm }}.wasm + check: vendors/fluvio/${{ matrix.wasm }}/mod.yaml diff --git a/Cargo.lock b/Cargo.lock index e410e63..b676944 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1463,7 +1463,7 @@ dependencies = [ [[package]] name = "modsurfer-cli" -version = "0.0.2" +version = "0.0.3" dependencies = [ "anyhow", "clap 4.1.4", diff --git a/cli/src/cmd/exec.rs b/cli/src/cmd/exec.rs index 51eb038..07b04d2 100644 --- a/cli/src/cmd/exec.rs +++ b/cli/src/cmd/exec.rs @@ -252,7 +252,11 @@ impl Cli { let report = validate_module(&file, &check).await?; match output_format { OutputFormat::Json => println!("{}", serde_json::to_string_pretty(&report)?), - OutputFormat::Table => println!("{report}"), + OutputFormat::Table => { + if report.has_failures() { + println!("{report}") + } + } }; Ok(report.as_exit_code()) } diff --git a/cli/src/cmd/validate.rs b/cli/src/cmd/validate.rs index 78b156e..ab5a2f3 100644 --- a/cli/src/cmd/validate.rs +++ b/cli/src/cmd/validate.rs @@ -108,26 +108,132 @@ impl Complexity { } } +#[derive(Debug, Deserialize)] +#[serde(deny_unknown_fields)] +#[serde(untagged)] +enum NamespaceItem { + Name(String), + Item { + name: String, + #[serde(default)] + functions: Vec, + }, +} + +impl NamespaceItem { + fn name(&self) -> &String { + match self { + NamespaceItem::Name(name) => name, + NamespaceItem::Item { name, .. } => name, + } + } + + fn functions(&self) -> &[FunctionItem] { + match self { + NamespaceItem::Name(_) => &[], + NamespaceItem::Item { functions, .. } => functions, + } + } +} + +#[derive(Debug, Deserialize)] +#[serde(untagged)] +#[serde(deny_unknown_fields)] +enum ImportItem { + Name(String), + Item { + namespace: Option, + name: String, + params: Option>, + results: Option>, + }, +} + +impl ImportItem { + fn name(&self) -> &String { + match self { + ImportItem::Name(name) => name, + ImportItem::Item { name, .. } => name, + } + } + + fn namespace(&self) -> Option<&str> { + match self { + ImportItem::Name(_) => None, + ImportItem::Item { namespace, .. } => namespace.as_deref(), + } + } + + fn results(&self) -> Option<&[modsurfer_module::ValType]> { + match self { + ImportItem::Name(_) => None, + ImportItem::Item { results, .. } => results.as_deref(), + } + } + + fn params(&self) -> Option<&[modsurfer_module::ValType]> { + match self { + ImportItem::Name(_) => None, + ImportItem::Item { params, .. } => params.as_deref(), + } + } +} + +#[derive(Debug, Deserialize)] +#[serde(untagged)] +#[serde(deny_unknown_fields)] +enum FunctionItem { + Name(String), + Item { + name: String, + params: Option>, + results: Option>, + }, +} + +impl FunctionItem { + fn name(&self) -> &String { + match self { + FunctionItem::Name(name) => name, + FunctionItem::Item { name, .. } => name, + } + } + + fn results(&self) -> Option<&[modsurfer_module::ValType]> { + match self { + FunctionItem::Name(_) => None, + FunctionItem::Item { results, .. } => results.as_deref(), + } + } + + fn params(&self) -> Option<&[modsurfer_module::ValType]> { + match self { + FunctionItem::Name(_) => None, + FunctionItem::Item { params, .. } => params.as_deref(), + } + } +} + #[derive(Debug, Deserialize)] #[serde(deny_unknown_fields)] struct Namespace { - pub include: Option>, - pub exclude: Option>, + pub include: Option>, + pub exclude: Option>, } #[derive(Debug, Deserialize)] #[serde(deny_unknown_fields)] struct Imports { - pub include: Option>, - pub exclude: Option>, + pub include: Option>, + pub exclude: Option>, pub namespace: Option, } #[derive(Debug, Deserialize)] #[serde(deny_unknown_fields)] struct Exports { - pub include: Option>, - pub exclude: Option>, + pub include: Option>, + pub exclude: Option>, pub max: Option, } @@ -250,6 +356,38 @@ impl Report { ); } } + + fn validate_fn_type( + &mut self, + name: &str, + actual: &modsurfer_module::FunctionType, + params: Option<&[modsurfer_module::ValType]>, + results: Option<&[modsurfer_module::ValType]>, + ) { + if let Some(params) = params { + let test_params = actual.args == params; + self.validate_fn( + &format!("{name}.params"), + format!("{:?}", params), + format!("{:?}", actual.args), + test_params, + 8, + Classification::AbiCompatibilty, + ); + }; + + if let Some(results) = results { + let test_results = actual.returns == results; + self.validate_fn( + &format!("{name}.results"), + format!("{:?}", results), + format!("{:?}", actual.returns), + test_results, + 8, + Classification::AbiCompatibilty, + ); + }; + } } struct Exist(bool); @@ -317,6 +455,13 @@ impl Module { } } +fn namespace_prefix(import_item: &ImportItem, fn_name: &str) -> String { + match import_item.namespace() { + Some(ns) => format!("{}::{}", ns, fn_name), + None => fn_name.into(), + } +} + pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result { // read the wasm file and parse a Module from it to later validate against the check file. // NOTE: the Module is produced by executing plugin code, linked and called from the @@ -365,36 +510,89 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result // Imports if let Some(imports) = validation.validate.imports { - let import_func_names = module + let import_module_func_types = module .imports .iter() - .map(|im| im.func.name.clone()) - .collect::>(); + .map(|im| { + ( + (im.module_name.as_str(), im.func.name.as_str()), + &im.func.ty, + ) + }) + .collect::>(); + let import_func_types = import_module_func_types + .iter() + .map(|((_, k), ty)| (*k, ty.clone())) + .collect::>(); let import_module_names = module.get_import_namespaces(); if let Some(include) = imports.include { - include.iter().for_each(|name| { - let test = import_func_names.contains(name); + include.iter().for_each(|imp| { + let name = imp.name(); + let test = if let Some(ns) = imp.namespace() { + import_module_func_types.contains_key(&(ns, name)) + } else { + import_func_types.contains_key(&name.as_str()) + }; + + let ty = if let Some(ns) = imp.namespace() { + import_module_func_types.get(&(ns, name)) + } else { + import_func_types.get(name.as_str()) + }; + + if test { + let ty = ty.unwrap(); + report.validate_fn_type( + &format!("imports.include.{}", namespace_prefix(&imp, name)), + *ty, + imp.params(), + imp.results(), + ); + } + report.validate_fn( - &format!("imports.include.{}", name), + &format!("imports.include.{}", namespace_prefix(&imp, name)), Exist(true).to_string(), Exist(test).to_string(), test, 8, Classification::AbiCompatibilty, - ) + ); }); } if let Some(exclude) = imports.exclude { - exclude.iter().for_each(|name| { - let test = import_func_names.contains(name); + exclude.iter().for_each(|imp| { + let name = imp.name(); + let test = if let Some(ns) = imp.namespace() { + import_module_func_types.contains_key(&(ns, name)) + } else { + import_func_types.contains_key(&name.as_str()) + }; + + let ty = if let Some(ns) = imp.namespace() { + import_module_func_types.get(&(ns, name)) + } else { + import_func_types.get(name.as_str()) + }; + + if test { + let ty = ty.unwrap(); + report.validate_fn_type( + &format!("imports.exclude.{}", namespace_prefix(&imp, name)), + *ty, + imp.params(), + imp.results(), + ); + }; + report.validate_fn( - &format!("imports.exclude.{}", name), + &format!("imports.exclude.{}", namespace_prefix(&imp, name)), Exist(false).to_string(), Exist(test).to_string(), - test, + !test, 5, Classification::AbiCompatibilty, ); @@ -403,7 +601,9 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result if let Some(namespace) = imports.namespace { if let Some(include) = namespace.include { - include.iter().for_each(|name| { + include.iter().for_each(|ns| { + let name = ns.name(); + let functions = ns.functions(); let test = import_module_names.contains(&name.as_str()); report.validate_fn( &format!("imports.namespace.include.{}", name), @@ -413,12 +613,40 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result 8, Classification::AbiCompatibilty, ); + + for f in functions.iter() { + let test = + import_module_func_types.contains_key(&(name, f.name().as_str())); + report.validate_fn( + &format!("imports.namespace.include.{name}::{}", f.name()), + Exist(true).to_string(), + Exist(test).to_string(), + test, + 8, + Classification::AbiCompatibilty, + ); + + if test { + let ty = import_module_func_types + .get(&(name, f.name().as_str())) + .unwrap(); + report.validate_fn_type( + &format!("imports.namespace.include.{name}::{}", f.name()), + *ty, + f.params(), + f.results(), + ); + } + } }); } if let Some(exclude) = namespace.exclude { - exclude.iter().for_each(|name| { + exclude.iter().for_each(|ns| { + let name = ns.name(); + let functions = ns.functions(); let test = import_module_names.contains(&name.as_str()); + report.validate_fn( &format!("imports.namespace.exclude.{}", name), Exist(false).to_string(), @@ -426,7 +654,34 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result !test, 10, Classification::AbiCompatibilty, - ) + ); + + for f in functions.iter() { + let test = + import_module_func_types.contains_key(&(name, f.name().as_str())); + + if test { + let ty = import_module_func_types + .get(&(name, f.name().as_str())) + .unwrap(); + + report.validate_fn_type( + &format!("imports.namespace.exclude.{name}::{}", f.name()), + *ty, + f.params(), + f.results(), + ); + }; + + report.validate_fn( + &format!("imports.namespace.exclude.{name}::{}", f.name()), + Exist(false).to_string(), + Exist(test).to_string(), + !test, + 10, + Classification::AbiCompatibilty, + ); + } }); } } @@ -434,13 +689,14 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result // Exports if let Some(exports) = validation.validate.exports { - let export_func_names = module + let export_func_types = module .exports .iter() - .map(|exp| exp.func.name.clone()) - .collect::>(); + .map(|im| (im.func.name.as_str(), &im.func.ty)) + .collect::>(); + if let Some(max) = exports.max { - let num = export_func_names.len() as u32; + let num = export_func_types.len() as u32; let overage = num.saturating_sub(max); let max = if max == 0 { 1 } else { max }; let severity = ((overage as f32 / max as f32) * 10.0).ceil() as usize; @@ -456,8 +712,9 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result } if let Some(include) = exports.include { - include.iter().for_each(|name| { - let test = export_func_names.contains(name); + include.iter().for_each(|f| { + let name = f.name(); + let test = export_func_types.contains_key(name.as_str()); report.validate_fn( &format!("exports.include.{}", name), Exist(true).to_string(), @@ -466,19 +723,42 @@ pub async fn validate_module(file: &PathBuf, check: &PathBuf) -> Result 10, Classification::AbiCompatibilty, ); + + if test { + let ty = export_func_types.get(name.as_str()).unwrap(); + report.validate_fn_type( + &format!("exports.include.{}", name), + *ty, + f.params(), + f.results(), + ); + } }); } if let Some(exclude) = exports.exclude { - exclude.iter().for_each(|name| { - let test = export_func_names.contains(name); + exclude.iter().for_each(|f| { + let name = f.name(); + + let ty = export_func_types.get(name.as_str()); + let test = ty.is_some(); + if test { + let ty = ty.unwrap(); + report.validate_fn_type( + &format!("exports.include.{}", name), + *ty, + f.params(), + f.results(), + ); + } + report.validate_fn( &format!("exports.exclude.{}", name), Exist(false).to_string(), Exist(test).to_string(), !test, 5, - Classification::Security, + Classification::AbiCompatibilty, ); }); } diff --git a/vendors/fastly/starter/mod.yaml b/vendors/fastly/starter/mod.yaml index dfa393b..cf9bf84 100644 --- a/vendors/fastly/starter/mod.yaml +++ b/vendors/fastly/starter/mod.yaml @@ -3,12 +3,38 @@ validate: imports: include: - - close - - write - - new - - send_downstream - - body_downstream_get - - init + - name: init + namespace: fastly_abi + params: [I64] + results: [I32] + - name: close + namespace: fastly_http_body + params: [I32] + results: [I32] + - name: write + namespace: fastly_http_body + params: [I32, I32, I32, I32, I32] + results: [I32] + - name: close + namespace: fastly_http_resp + params: [I32] + results: [I32] + - name: new + namespace: fastly_http_resp + params: [I32] + results: [I32] + - name: status_set + namespace: fastly_http_resp + params: [I32, I32] + results: [I32] + - name: send_downstream + namespace: fastly_http_resp + params: [I32, I32, I32] + results: [I32] + - name: body_downstream_get + namespace: fastly_http_req + params: [I32, I32] + results: [I32] namespace: include: - fastly_http_body @@ -21,8 +47,12 @@ validate: exports: max: 2 include: - - _start - - __main_void + - name: _start + params: [] + results: [] + - name: __main_void + params: [] + results: [I32] size: max: 10MB diff --git a/vendors/fastly/static/mod.yaml b/vendors/fastly/static/mod.yaml index 5440c07..786191b 100644 --- a/vendors/fastly/static/mod.yaml +++ b/vendors/fastly/static/mod.yaml @@ -3,17 +3,62 @@ validate: imports: include: - - close - - write - - new - - send_downstream - - body_downstream_get - - init - - auto_decompress_response_set - - open - - get - - header_insert - - send + - name: init + namespace: fastly_abi + params: [I64] + results: [I32] + - name: close + namespace: fastly_http_body + params: [I32] + results: [I32] + - name: write + namespace: fastly_http_body + params: [I32, I32, I32, I32, I32] + results: [I32] + - name: new + namespace: fastly_http_resp + params: [I32] + results: [I32] + - name: close + namespace: fastly_http_resp + params: [I32] + results: [I32] + - name: status_set + namespace: fastly_http_resp + params: [I32, I32] + results: [I32] + - name: send_downstream + namespace: fastly_http_resp + params: [I32, I32, I32] + results: [I32] + - name: body_downstream_get + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: header_insert + namespace: fastly_http_req + params: [I32, I32, I32, I32, I32] + results: [I32] + - name: send + namespace: fastly_http_req + params: [I32, I32, I32, I32, I32, I32] + results: [I32] + - name: framing_headers_mode_set + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: auto_decompress_response_set + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: open + namespace: fastly_dictionary + params: [I32, I32, I32] + results: [I32] + - name: get + namespace: fastly_dictionary + params: [I32, I32, I32, I32, I32, I32] + results: [I32] namespace: include: - fastly_http_body @@ -27,8 +72,12 @@ validate: exports: max: 2 include: - - _start - - __main_void + - name: _start + params: [] + results: [] + - name: __main_void + params: [] + results: [I32] size: max: 15MB diff --git a/vendors/fastly/static/websocket.wasm b/vendors/fastly/static/websocket.wasm deleted file mode 100755 index 760cc19..0000000 Binary files a/vendors/fastly/static/websocket.wasm and /dev/null differ diff --git a/vendors/fastly/websocket/mod.yaml b/vendors/fastly/websocket/mod.yaml index 85e8ede..da0713b 100644 --- a/vendors/fastly/websocket/mod.yaml +++ b/vendors/fastly/websocket/mod.yaml @@ -3,15 +3,54 @@ validate: imports: include: - - close - - write - - new - - send_downstream - - body_downstream_get - - auto_decompress_response_set - - header_insert - - send - - redirect_to_websocket_proxy + - name: close + namespace: fastly_http_body + params: [I32] + results: [I32] + - name: write + namespace: fastly_http_body + params: [I32, I32, I32, I32, I32] + results: [I32] + - name: new + namespace: fastly_http_body + params: [I32] + results: [I32] + - name: status_set + namespace: fastly_http_resp + params: [I32, I32] + results: [I32] + - name: send_downstream + namespace: fastly_http_resp + params: [I32, I32, I32] + results: [I32] + - name: close + namespace: fastly_http_resp + params: [I32] + results: [I32] + - name: body_downstream_get + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: auto_decompress_response_set + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: framing_headers_mode_set + namespace: fastly_http_req + params: [I32, I32] + results: [I32] + - name: header_insert + namespace: fastly_http_req + params: [I32, I32, I32, I32, I32] + results: [I32] + - name: send + namespace: fastly_http_req + params: [I32, I32, I32, I32, I32, I32] + results: [I32] + - name: redirect_to_websocket_proxy + namespace: fastly_http_req + params: [I32, I32] + results: [I32] namespace: include: - fastly_http_body @@ -23,8 +62,12 @@ validate: exports: max: 2 include: - - _start - - __main_void + - name: _start + params: [] + results: [] + - name: __main_void + params: [] + results: [I32] size: max: 10MB diff --git a/vendors/fermyon/http/mod.yaml b/vendors/fermyon/http/mod.yaml index d3e5526..fdb8e2b 100644 --- a/vendors/fermyon/http/mod.yaml +++ b/vendors/fermyon/http/mod.yaml @@ -3,11 +3,26 @@ validate: imports: include: - - fd_write - - random_get - - environ_get - - environ_sizes_get - - proc_exit + - name: fd_write + namespace: wasi_snapshot_preview1 + params: [I32, I32, I32, I32] + results: [I32] + - name: random_get + namespace: wasi_snapshot_preview1 + params: [I32, I32] + results: [I32] + - name: environ_get + namespace: wasi_snapshot_preview1 + params: [I32, I32] + results: [I32] + - name: environ_sizes_get + namespace: wasi_snapshot_preview1 + params: [I32, I32] + results: [I32] + - name: proc_exit + namespace: wasi_snapshot_preview1 + params: [I32] + results: [] namespace: include: - wasi_snapshot_preview1 @@ -15,9 +30,15 @@ validate: exports: max: 3 include: - - handle-http-request - - canonical_abi_realloc - - canonical_abi_free + - name: handle-http-request + params: [I32, I32, I32, I32, I32, I32, I32, I32, I32, I32] + results: [I32] + - name: canonical_abi_realloc + params: [I32, I32, I32, I32] + results: [I32] + - name: canonical_abi_free + params: [I32, I32, I32] + results: [] complexity: max_risk: medium diff --git a/vendors/fermyon/redis/mod.yaml b/vendors/fermyon/redis/mod.yaml index 12bdb2c..e8a59e1 100644 --- a/vendors/fermyon/redis/mod.yaml +++ b/vendors/fermyon/redis/mod.yaml @@ -3,10 +3,22 @@ validate: imports: include: - - fd_write - - environ_get - - environ_sizes_get - - proc_exit + - name: fd_write + namespace: wasi_snapshot_preview1 + params: [I32, I32, I32, I32] + results: [I32] + - name: environ_get + namespace: wasi_snapshot_preview1 + params: [I32, I32] + results: [I32] + - name: environ_sizes_get + namespace: wasi_snapshot_preview1 + params: [I32, I32] + results: [I32] + - name: proc_exit + namespace: wasi_snapshot_preview1 + params: [I32] + results: [] namespace: include: - wasi_snapshot_preview1 @@ -14,9 +26,16 @@ validate: exports: max: 3 include: - - handle-redis-message - - canonical_abi_realloc - - canonical_abi_free + - name: handle-redis-message + params: [I32, I32] + results: [I32] + - name: canonical_abi_realloc + params: [I32, I32, I32, I32] + results: [I32] + - name: canonical_abi_free + params: [I32, I32, I32] + results: [] complexity: max_risk: medium + diff --git a/vendors/fluvio/aggregate/aggregate.wasm b/vendors/fluvio/aggregate/aggregate.wasm new file mode 100755 index 0000000..7e17d83 Binary files /dev/null and b/vendors/fluvio/aggregate/aggregate.wasm differ diff --git a/vendors/fluvio/aggregate/mod.yaml b/vendors/fluvio/aggregate/mod.yaml new file mode 100644 index 0000000..d7e42b5 --- /dev/null +++ b/vendors/fluvio/aggregate/mod.yaml @@ -0,0 +1,28 @@ +validate: + # url: https://github.com/extism/extism/blob/main/mod.yaml + allow_wasi: false + + imports: + namespace: + include: + - env + + exports: + max: 4 + include: + - name: alloc + params: [I32] + results: [I32] + - name: dealloc + params: [I32, I32] + results: [] + - name: aggregate + params: [I32, I32, I32] + results: [I32] + + size: + max: 4MB + + complexity: + max_risk: medium + diff --git a/vendors/fluvio/array-map/array_map.wasm b/vendors/fluvio/array-map/array_map.wasm new file mode 100755 index 0000000..a7820c9 Binary files /dev/null and b/vendors/fluvio/array-map/array_map.wasm differ diff --git a/vendors/fluvio/array-map/mod.yaml b/vendors/fluvio/array-map/mod.yaml new file mode 100644 index 0000000..b389991 --- /dev/null +++ b/vendors/fluvio/array-map/mod.yaml @@ -0,0 +1,28 @@ +validate: + # url: https://github.com/extism/extism/blob/main/mod.yaml + allow_wasi: false + + imports: + namespace: + include: + - env + + exports: + max: 4 + include: + - name: alloc + params: [I32] + results: [I32] + - name: dealloc + params: [I32, I32] + results: [] + - name: array_map + params: [I32, I32, I32] + results: [I32] + + size: + max: 4MB + + complexity: + max_risk: medium + diff --git a/vendors/fluvio/filter-map/filter_map.wasm b/vendors/fluvio/filter-map/filter_map.wasm new file mode 100755 index 0000000..c93747d Binary files /dev/null and b/vendors/fluvio/filter-map/filter_map.wasm differ diff --git a/vendors/fluvio/filter-map/mod.yaml b/vendors/fluvio/filter-map/mod.yaml new file mode 100644 index 0000000..07fdeb3 --- /dev/null +++ b/vendors/fluvio/filter-map/mod.yaml @@ -0,0 +1,28 @@ +validate: + # url: https://github.com/extism/extism/blob/main/mod.yaml + allow_wasi: false + + imports: + namespace: + include: + - env + + exports: + max: 4 + include: + - name: alloc + params: [I32] + results: [I32] + - name: dealloc + params: [I32, I32] + results: [] + - name: filter_map + params: [I32, I32, I32] + results: [I32] + + size: + max: 4MB + + complexity: + max_risk: medium + diff --git a/vendors/fluvio/filter/filter.wasm b/vendors/fluvio/filter/filter.wasm new file mode 100755 index 0000000..0a2872a Binary files /dev/null and b/vendors/fluvio/filter/filter.wasm differ diff --git a/vendors/fluvio/filter/mod.yaml b/vendors/fluvio/filter/mod.yaml new file mode 100644 index 0000000..ddb03cc --- /dev/null +++ b/vendors/fluvio/filter/mod.yaml @@ -0,0 +1,28 @@ +validate: + # url: https://github.com/extism/extism/blob/main/mod.yaml + allow_wasi: false + + imports: + namespace: + include: + - env + + exports: + max: 4 + include: + - name: alloc + params: [I32] + results: [I32] + - name: dealloc + params: [I32, I32] + results: [] + - name: filter + params: [I32, I32, I32] + results: [I32] + + size: + max: 4MB + + complexity: + max_risk: medium + diff --git a/vendors/fluvio/map/map.wasm b/vendors/fluvio/map/map.wasm new file mode 100755 index 0000000..d5293c8 Binary files /dev/null and b/vendors/fluvio/map/map.wasm differ diff --git a/vendors/fluvio/map/mod.yaml b/vendors/fluvio/map/mod.yaml new file mode 100644 index 0000000..07fdeb3 --- /dev/null +++ b/vendors/fluvio/map/mod.yaml @@ -0,0 +1,28 @@ +validate: + # url: https://github.com/extism/extism/blob/main/mod.yaml + allow_wasi: false + + imports: + namespace: + include: + - env + + exports: + max: 4 + include: + - name: alloc + params: [I32] + results: [I32] + - name: dealloc + params: [I32, I32] + results: [] + - name: filter_map + params: [I32, I32, I32] + results: [I32] + + size: + max: 4MB + + complexity: + max_risk: medium + diff --git a/vendors/shopify/mod.yaml b/vendors/shopify/mod.yaml index aa738a1..538b6b8 100644 --- a/vendors/shopify/mod.yaml +++ b/vendors/shopify/mod.yaml @@ -9,8 +9,12 @@ validate: exports: max: 2 include: - - __main_void - - _start + - name: __main_void + results: [I32] + params: [] + - name: _start + results: [] + params: [] complexity: max_risk: medium diff --git a/vendors/tezos/mod.yaml b/vendors/tezos/mod.yaml new file mode 100644 index 0000000..fabf83f --- /dev/null +++ b/vendors/tezos/mod.yaml @@ -0,0 +1,24 @@ +validate: + allow_wasi: false + + imports: + include: + - name: store_copy + namespace: smart_rollup_core + params: [I32, I32, I32, I32] + results: [I32] + namespace: + include: + - smart_rollup_core + exclude: + - wasi_snapshot_preview1 + + exports: + max: 1 + include: + - name: kernel_run + results: [] + params: [] + + complexity: + max_risk: medium \ No newline at end of file diff --git a/vendors/tezos/tx-kernel-no-verif.wasm b/vendors/tezos/tx-kernel-no-verif.wasm new file mode 100644 index 0000000..d9d6279 Binary files /dev/null and b/vendors/tezos/tx-kernel-no-verif.wasm differ