From 44957f4fbcf28d98d1b3e7ab985ef8d3e95ae73f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= <sebastien.palmer@functori.com>
Date: Wed, 14 Feb 2024 17:25:31 +0100
Subject: [PATCH 1/3] CodeQL: make strlcpy explicit

---
 app/src/handle_swap.c             | 1 +
 app/src/parser/operation_parser.c | 2 ++
 app/src/ui_strings.c              | 1 +
 3 files changed, 4 insertions(+)

diff --git a/app/src/handle_swap.c b/app/src/handle_swap.c
index 4c88bef1e..9f7a8a48d 100644
--- a/app/src/handle_swap.c
+++ b/app/src/handle_swap.c
@@ -24,6 +24,7 @@
 
 #include <format.h>
 #include <io.h>
+#include <string.h>
 #include <swap.h>
 
 #include "handle_swap.h"
diff --git a/app/src/parser/operation_parser.c b/app/src/parser/operation_parser.c
index 89bd9339c..2936818ee 100644
--- a/app/src/parser/operation_parser.c
+++ b/app/src/parser/operation_parser.c
@@ -16,6 +16,8 @@
    See the License for the specific language governing permissions and
    limitations under the License. */
 
+#include <string.h>
+
 #include "operation_parser.h"
 #include "micheline_parser.h"
 #include "num_parser.h"
diff --git a/app/src/ui_strings.c b/app/src/ui_strings.c
index 00bad70f0..11bd52f68 100644
--- a/app/src/ui_strings.c
+++ b/app/src/ui_strings.c
@@ -16,6 +16,7 @@
 
 #include <io.h>
 #include <stdbool.h>
+#include <string.h>
 
 #include "globals.h"
 #include "ui_strings.h"

From 6494d357bff50fee343c25b6cbd250885c54581a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= <sebastien.palmer@functori.com>
Date: Wed, 14 Feb 2024 17:36:24 +0100
Subject: [PATCH 2/3] CodeQL: make all the enumeration items explicit

if items other than the first are defined
---
 app/src/parser/micheline_state.h | 14 +++++++-------
 app/src/parser/parser_state.h    | 22 +++++++++++-----------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/app/src/parser/micheline_state.h b/app/src/parser/micheline_state.h
index 2a2e60c4a..50b016423 100644
--- a/app/src/parser/micheline_state.h
+++ b/app/src/parser/micheline_state.h
@@ -50,13 +50,13 @@ typedef enum {
 } tz_micheline_parser_step_kind;
 
 typedef enum {
-    TZ_CAP_STREAM_ANY = 0,
-    TZ_CAP_STREAM_BYTES,
-    TZ_CAP_STREAM_INT,
-    TZ_CAP_STREAM_STRING,
-    TZ_CAP_ADDRESS,
-    TZ_CAP_LIST = 62,
-    TZ_CAP_OR
+    TZ_CAP_STREAM_ANY    = 0,
+    TZ_CAP_STREAM_BYTES  = 1,
+    TZ_CAP_STREAM_INT    = 2,
+    TZ_CAP_STREAM_STRING = 3,
+    TZ_CAP_ADDRESS       = 4,
+    TZ_CAP_LIST          = 62,
+    TZ_CAP_OR            = 63
 } tz_micheline_capture_kind;
 
 typedef struct {
diff --git a/app/src/parser/parser_state.h b/app/src/parser/parser_state.h
index a530c8010..eb6e51f0e 100644
--- a/app/src/parser/parser_state.h
+++ b/app/src/parser/parser_state.h
@@ -47,19 +47,19 @@ typedef struct {
 typedef enum {
     // success and non blocking, should loop again
     TZ_CONTINUE = 0,  // fall through rest of current step
-    TZ_BREAK,         // signals caller to return, errno should be CONTINUE
+    TZ_BREAK    = 1,  // signals caller to return, errno should be CONTINUE
     // success but parsing blocked
-    TZ_BLO_DONE = 100,  // parsing complete
-    TZ_BLO_FEED_ME,     // blocked on read from input
-    TZ_BLO_IM_FULL,     // blocked on output space
+    TZ_BLO_DONE    = 100,  // parsing complete
+    TZ_BLO_FEED_ME = 101,  // blocked on read from input
+    TZ_BLO_IM_FULL = 102,  // blocked on output space
     // everything below is an error
-    TZ_ERR_INVALID_TAG = 200,
-    TZ_ERR_INVALID_OP,
-    TZ_ERR_INVALID_DATA,
-    TZ_ERR_UNSUPPORTED,
-    TZ_ERR_TOO_LARGE,
-    TZ_ERR_TOO_DEEP,
-    TZ_ERR_INVALID_STATE,
+    TZ_ERR_INVALID_TAG   = 200,
+    TZ_ERR_INVALID_OP    = 201,
+    TZ_ERR_INVALID_DATA  = 202,
+    TZ_ERR_UNSUPPORTED   = 203,
+    TZ_ERR_TOO_LARGE     = 204,
+    TZ_ERR_TOO_DEEP      = 205,
+    TZ_ERR_INVALID_STATE = 206,
 } tz_parser_result;
 #define TZ_IS_BLOCKED(code) (code >= 100)
 #define TZ_IS_ERR(code)     (code >= 200)

From 7a2ff5e86cd121c57e54beb8510672949c84cb82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= <sebastien.palmer@functori.com>
Date: Wed, 14 Feb 2024 18:35:54 +0100
Subject: [PATCH 3/3] CodeQL: short tz_step_read_num switch case

---
 app/src/parser/operation_parser.c | 104 ++++++++++++++++--------------
 1 file changed, 55 insertions(+), 49 deletions(-)

diff --git a/app/src/parser/operation_parser.c b/app/src/parser/operation_parser.c
index 2936818ee..1f185ff86 100644
--- a/app/src/parser/operation_parser.c
+++ b/app/src/parser/operation_parser.c
@@ -486,6 +486,60 @@ tz_step_read_micheline(tz_parser_state *state)
     tz_reraise;
 }
 
+static void
+tz_format_amount(char *str)
+{
+    int len = 0;
+    while (str[len]) {
+        len++;
+    }
+    if ((len == 1) && (str[0] == 0)) {
+        // just 0
+        goto add_currency;
+    }
+    if (len < 7) {
+        // less than one tez, pad left up to the '0.'
+        int j;
+        int pad = 7 - len;
+        for (j = len; j >= 0; j--) {
+            str[j + pad] = str[j];
+        }
+        for (j = 0; j < pad; j++) {
+            str[j] = '0';
+        }
+        len = 7;
+    }
+    int no_decimals = 1;
+    for (int i = 0; i < 6; i++) {
+        no_decimals &= (str[len - 1 - i] == '0');
+    }
+    if (no_decimals) {
+        // integral value, don't include the decimal part (no '.'_
+        str[len - 6] = 0;
+        len -= 6;
+    } else {
+        // more than one tez, add the '.'
+        for (int i = 0; i < 6; i++) {
+            str[len - i] = str[len - i - 1];
+        }
+        str[len - 6] = '.';
+        len++;
+        str[len] = 0;
+        // drop trailing non significant zeroes
+        while (str[len - 1] == '0') {
+            len--;
+            str[len] = 0;
+        }
+    }
+add_currency:
+    str[len]     = ' ';
+    str[len + 1] = 'X';
+    str[len + 2] = 'T';
+    str[len + 3] = 'Z';
+    len += 4;
+    str[len] = 0;
+}
+
 /* Read a number */
 static tz_parser_result
 tz_step_read_num(tz_parser_state *state)
@@ -526,55 +580,7 @@ tz_step_read_num(tz_parser_state *state)
             break;
         case TZ_OPERATION_FIELD_FEE:
         case TZ_OPERATION_FIELD_AMOUNT: {
-            int len = 0;
-            while (str[len]) {
-                len++;
-            }
-            if ((len == 1) && (str[0] == 0)) {
-                // just 0
-                goto add_currency;
-            }
-            if (len < 7) {
-                // less than one tez, pad left up to the '0.'
-                int j;
-                int pad = 7 - len;
-                for (j = len; j >= 0; j--) {
-                    str[j + pad] = str[j];
-                }
-                for (j = 0; j < pad; j++) {
-                    str[j] = '0';
-                }
-                len = 7;
-            }
-            int no_decimals = 1;
-            for (int i = 0; i < 6; i++) {
-                no_decimals &= (str[len - 1 - i] == '0');
-            }
-            if (no_decimals) {
-                // integral value, don't include the decimal part (no '.'_
-                str[len - 6] = 0;
-                len -= 6;
-            } else {
-                // more than one tez, add the '.'
-                for (int i = 0; i < 6; i++) {
-                    str[len - i] = str[len - i - 1];
-                }
-                str[len - 6] = '.';
-                len++;
-                str[len] = 0;
-                // drop trailing non significant zeroes
-                while (str[len - 1] == '0') {
-                    len--;
-                    str[len] = 0;
-                }
-            }
-        add_currency:
-            str[len]     = ' ';
-            str[len + 1] = 'X';
-            str[len + 2] = 'T';
-            str[len + 3] = 'Z';
-            len += 4;
-            str[len] = 0;
+            tz_format_amount(str);
             break;
         }
         default: