Skip to content

Test anti-exfiltration protocol#6850

Draft
onvej-sl wants to merge 36 commits intomainfrom
onvej-sl/anti-exfil-rebased
Draft

Test anti-exfiltration protocol#6850
onvej-sl wants to merge 36 commits intomainfrom
onvej-sl/anti-exfil-rebased

Conversation

@onvej-sl
Copy link
Copy Markdown
Contributor

@onvej-sl onvej-sl commented Apr 29, 2026

No description provided.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 29, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1cb3d494-bab6-4e3c-b4d9-6af0b1e1c404

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch onvej-sl/anti-exfil-rebased

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@onvej-sl onvej-sl force-pushed the onvej-sl/anti-exfil-rebased branch from 81b6251 to deace71 Compare April 29, 2026 13:51
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026
edited
Loading

en main(all)

model device_test click_test persistence_test
T2T1 test(all) main(all) test(all) main(all) test(all) main(all)
T3B1 test(all) main(all) test(all) main(all) test(all) main(all)
T3T1 test(all) main(all) test(all) main(all) test(all) main(all)
T3W1 test(all) main(all) test(all) main(all) test(all) main(all)

Latest CI run: 25165226529

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 29, 2026
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block High
High CVE: pypi protobuf affected by a JSON recursion depth bypass

CVE: GHSA-7gcm-g887-7qv7 protobuf affected by a JSON recursion depth bypass (HIGH)

Affected versions: >= 6.30.0rc1 < 6.33.5; < 5.29.6

Patched version: 6.33.5

From: uv.lockpypi/protobuf@6.32.0

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore pypi/protobuf@6.32.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@onvej-sl onvej-sl force-pushed the onvej-sl/anti-exfil-rebased branch 2 times, most recently from 1008852 to 390c11c Compare April 29, 2026 15:12
@onvej-sl onvej-sl force-pushed the onvej-sl/anti-exfil-rebased branch from 390c11c to 74959be Compare April 29, 2026 16:35
@onvej-sl onvej-sl force-pushed the onvej-sl/anti-exfil-rebased branch from 74959be to e67197f Compare April 29, 2026 17:08
onvej-sl added 13 commits April 30, 2026 14:25
@onvej-sl
feat(crypto): add wrappers for anti-exfil functions
0ef548a
@onvej-sl
feat(core): add python bindings for anti-exfil functions
6b1327f 
[no changelog]
@onvej-sl
chore(core): comment ethereum canonical signatures
5f624fa 
[no changelog]
@onvej-sl
refactor(core): comment ethereum recovery id
fb671e7 
[no changelog]
@onvej-sl
refactor(core): refactor send_request_chunk()
fdc98f8 
[no changelog]
@onvej-sl
feat(common/protobuf): add ethereum transaction signing anti-exfil pr…
ac8ade1 
…otocol messages

[no changelog]
@onvej-sl
feat(core): support ethereum transaction signing anti-exfil protocol
1e75701
@onvej-sl
chore(python): add ecdsa package
bbb1301
@onvej-sl
refactor(python): implement anti-exfil protocol helper functions
1f54375 
[no changelog]
@onvej-sl
feat(python): support ethereum transaction signing anti-exfil protocol
b559ad5
@onvej-sl
feat(tests): test ethereum signing anti-exfil protocol
64001d1
@onvej-sl
feat(common/protobuf): add bitcoin-like transaction signing anti-exfi…
c02f9a5 
…l protocol messages

[no changelog]
@onvej-sl
legacy(feature): disable bitcoin-like transaction signing anti-exfil
5161f31 
protocol

[no changelog]
onvej-sl added 14 commits April 30, 2026 14:25
@onvej-sl
feat(core): support bitcoin-like transaction signing anti-exfil protocol
9123ca5
@onvej-sl
feat(python): support bitcoin-like transaction signing anti-exfil pro…
8f624dd 
…tocol
@onvej-sl
feat(test): test bitcoin-like transaction signing anti-exfil protocol
7fb4b4d 
[no changelog]
@onvej-sl
feat(common/protobuf): add ownership proof anti-exfil protocol messages
184ba53 
[no changelog]
@onvej-sl
feat(core): support ownership proof anti-exfil protocol
d0b2ef3
@onvej-sl
feat(legacy): disable ownership proof anti-exfil protocol
fd693c3 
[no changelog]
@onvej-sl
feat(python): support ownership proof anti-exfil protocol
0970341
@onvej-sl
feat(test): test ownership proof anti-exfil protocol
9771b7b 
[no changelog]
@onvej-sl
chore(core,python): add changelog
1379ca6
@onvej-sl
docs: document anti-exfil protocol
0013bb3
@onvej-sl
feat(legacy): disable ethereum transaction signing anti-exfil protocol
bc4cf19 
[no changelog]
@onvej-sl
build(legacy): build anti-exfil functions
77ca4da 
[no changelog]
@onvej-sl
TODO: get rid of ecdsa dependency
d99875c
@onvej-sl
TODO: decide what to do with the new trezorctl API
8039ec8
@onvej-sl onvej-sl force-pushed the onvej-sl/anti-exfil-rebased branch from e67197f to 8039ec8 Compare April 30, 2026 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@obrusvit obrusvit Awaiting requested review from obrusvit obrusvit will be requested when the pull request is marked ready for review obrusvit is a code owner

@matejcik matejcik Awaiting requested review from matejcik matejcik will be requested when the pull request is marked ready for review matejcik is a code owner

@romanz romanz Awaiting requested review from romanz romanz will be requested when the pull request is marked ready for review romanz is a code owner

@prusnak prusnak Awaiting requested review from prusnak prusnak will be requested when the pull request is marked ready for review prusnak is a code owner

@andrewkozlik andrewkozlik Awaiting requested review from andrewkozlik andrewkozlik will be requested when the pull request is marked ready for review andrewkozlik is a code owner

@TychoVrahe TychoVrahe Awaiting requested review from TychoVrahe TychoVrahe will be requested when the pull request is marked ready for review TychoVrahe is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onvej-sl