庆祝我们2023年的开源贡献 - The Trail of Bits博客

在Trail of Bits，我们以将最佳工具开源而自豪，例如Slither、PolyTracker和RPC Investigator。虽然这篇文章是关于开源的，但它不仅仅是关于我们的工具……

2023年，我们的员工提交了超过450个拉取请求（PR），这些请求被合并到非Trail of Bits的代码库中。这展示了我们对保护整个软件生态系统以及为每个人提高软件质量的承诺。贡献的代表性列表出现在本文末尾，但以下是一些亮点：

Sigstore-conformance是我们开源工程中Sigstore计划的关键组成部分，作为各种Sigstore客户端实现的集成测试套件。它确保符合Sigstore客户端测试套件，严格评估整体客户端行为，处理关键场景，并与建立官方Sigstore客户端规范的持续努力保持一致。这个以工作流为中心的测试套件可以以最少的配置无缝集成到工作流中，为Sigstore客户端提供全面的测试。

Protobuf-specs是我们开源工程中的另一项计划。它是一个用于跨各种Sigstore客户端的标准化数据模型和协议的协作代码库，并包含Sigstore消息的规范。要更新protobuf定义，请使用Docker通过运行$ make all生成protobuf存根，结果会在gen/目录下生成Go和Python文件。

pyOpenSSL是集成OpenSSL功能的主要Python库。在过去大约九个月中，我们作为与STF合同的一部分，积极参与了pyOpenSSL的清理和维护任务。pyOpenSSL是OpenSSL库子集的一个薄包装，其中许多对象方法只是调用OpenSSL库中的相应函数。

Homebrew-core是默认Homebrew tap的中心代码库，包含一系列软件包和相关公式，用于无缝安装。一旦在Mac或Linux系统上配置了Homebrew，您就能够执行“brew install”命令来安装此代码库中可用的软件。应用安全工程师Emilio Lopez通过提交多个拉取请求并引入新公式或更新现有公式，积极为此代码库做出贡献。Emilio主要关注ToB开发的工具，如crytic-compile、solc-select、Caracal等。因此，个人可以通过简单的“brew install”命令轻松安装这些工具，简化安装过程。

Ghidra是美国国家安全局研究理事会的创作，是一个强大的软件逆向工程（SRE）框架。它提供用于在Windows、macOS和Linux上进行代码分析的高级工具，包括反汇编、反编译和脚本编写。支持各种处理器指令集，Ghidra作为一个可定制的SRE研究平台，有助于分析恶意代码以用于网络安全目的。我们修复了许多错误以增强其功能，特别是支持我们在DARPA的AMP（Assured Micropatching）计划上的工作。

我们想承认，提交PR只是开源体验的一小部分。必须有人审查PR。PR合并后必须有人维护代码。早期PR的提交者必须编写测试以确保其代码功能的保留。

我们为这些项目做出贡献，部分是因为我们热爱这门手艺，但也因为我们发现这些项目有用。为此，我们向开源社区致以最诚挚的感谢，并祝愿大家2024年快乐、安全且富有成效！

Trail of Bits 2023年的一些开源贡献

AI/ML

• Repo: run-llama/llama_index
  Name: llms/openai: fix Azure OpenAI streaming
  #7677 ret2libc: https://github.com/run-llama/llama_index/pull/7677
• Repo: run-llama/llama_index
  Name: llms/openai: fix Azure OpenAI by considering prompt_filter_results field
  #7755 ret2libc: https://github.com/run-llama/llama_index/pull/7755

密码学

• Repo: 0xPARC/zk-bug-tracker
  Name: Updated mitigation in section on arithmetic overflows
  #10 fegge: https://github.com/0xPARC/zk-bug-tracker/pull/10
• Repo: mlswg/mls-architecture
  Name: Change rathr -> rather
  #203 tjade273: https://github.com/mlswg/mls-architecture/pull/203
• Repo: yi-sun/circom-pairing
  Name: Get all tests passing
  #23 tjade273: https://github.com/yi-sun/circom-pairing/pull/23
• Repo: yi-sun/circom-pairing
  Name: Fix EllipticCurveAdd formula when computing (P – P) – P
  #22 tjade273: https://github.com/yi-sun/circom-pairing/pull/22
• Repo: pyca/cryptography
  Name: rust: add crate skeleton for X.509 path validation
  #8873 woodruffw: https://github.com/pyca/cryptography/pull/8873
• Repo: pyca/cryptography
  Name: verification: add missing max_chain_depth kwargs
  #9847 woodruffw: https://github.com/pyca/cryptography/pull/9847
• Repo: pyca/cryptography
  Name: extensions: add Extensions::iter
  #9081 woodruffw: https://github.com/pyca/cryptography/pull/9081
• Repo: alex/rust-asn1
  Name: bump version to 0.15.4
  #403 woodruffw: https://github.com/alex/rust-asn1/pull/403
• Repo: alex/rust-asn1
  Name: types: asn1::DateTime: PartialOrd
  #402 woodruffw: https://github.com/alex/rust-asn1/pull/402
• Repo: pyca/cryptography
  Name: x509: Eq and Hash derives
  #9076 woodruffw: https://github.com/pyca/cryptography/pull/9076
• Repo: alex/rust-asn1
  Name: bump version to 0.15.3
  #401 woodruffw: https://github.com/alex/rust-asn1/pull/401
• Repo: pyca/cryptography
  Name: x509/common: make SPKI algorithm public
  #9061 woodruffw: https://github.com/pyca/cryptography/pull/9061
• Repo: alex/rust-asn1
  Name: types: document domains for DateTime fields
  #399 woodruffw: https://github.com/alex/rust-asn1/pull/399
• Repo: pyca/cryptography
  Name: Add support for ChaCha20 in LibreSSL
  #9758 facutuesca: https://github.com/pyca/cryptography/pull/9758
• Repo: pyca/cryptography
  Name: Add support for ChaCha20 with BoringSSL
  #9762 facutuesca: https://github.com/pyca/cryptography/pull/9762
• Repo: pyca/cryptography
  Name: Add support for ChaCha20 with LibreSSL
  #9209 facutuesca: https://github.com/pyca/cryptography/pull/9209
• Repo: pyca/cryptography
  Name: Add test vectors for ChaCha20 counter overflow
  #9221 facutuesca: https://github.com/pyca/cryptography/pull/9221
• Repo: pyca/cryptography
  Name: Add poly1305 implementation for BoringSSL and LibreSSL
  #9392 facutuesca: https://github.com/pyca/cryptography/pull/9392
• Repo: sfackler/rust-openssl
  Name: Expose Poly1305 bindings on libressl and boringssl
  #1998 facutuesca: https://github.com/sfackler/rust-openssl/pull/1998
• Repo: pyca/cryptography
  Name: Fixes for ChaCha20 documentation
  #9192 facutuesca: https://github.com/pyca/cryptography/pull/9192
• Repo: pyca/cryptography
  Name: Add support for ChaCha20-Poly1305 with BoringSSL
  #8946 facutuesca: https://github.com/pyca/cryptography/pull/8946
• Repo: pyca/cryptography
  Name: certificate: add a get_extension helper
  #8892 woodruffw: https://github.com/pyca/cryptography/pull/8892
• Repo: alex/rust-asn1
  Name: types: add blanket Eqs for SequenceOf and SetOf
  #400 woodruffw: https://github.com/alex/rust-asn1/pull/400
• Repo: pyca/cryptography
  Name: CHANGELOG: record ChaCha20Poly1305 changes
  #8955 woodruffw: https://github.com/pyca/cryptography/pull/8955
• Repo: pyca/cryptography
  Name: validation: remove unused From impls
  #9891 woodruffw: https://github.com/pyca/cryptography/pull/9891
• Repo: pyca/cryptography
  Name: validation: flatten error types
  #9890 woodruffw: https://github.com/pyca/cryptography/pull/9890
• Repo: alex/rust-asn1
  Name: types: add BigInt::is_negative API
  #425 woodruffw: https://github.com/alex/rust-asn1/pull/425
• Repo: pyca/cryptography
  Name: Fix transposed doc, simplify type in trust store test
  #9874 woodruffw: https://github.com/pyca/cryptography/pull/9874
• Repo: pyca/cryptography
  Name: verification: add VerificationError, doc APIs
  #9873 woodruffw: https://github.com/pyca/cryptography/pull/9873
• Repo: pyca/cryptography
  Name: validation/policy: breakout test changes
  #9872 woodruffw: https://github.com/pyca/cryptography/pull/9872
• Repo: pyca/cryptography
  Name: tests, ci: plumb x509-limbo-root
  #9871 woodruffw: https://github.com/pyca/cryptography/pull/9871
• Repo: pyca/cryptography
  Name: validation/policy: remove old critical ext check logic
  #9855 woodruffw: https://github.com/pyca/cryptography/pull/9855
• Repo: pyca/cryptography
  Name: actions: generalize the wycheproof fetch action
  #9848 woodruffw: https://github.com/pyca/cryptography/pull/9848
• Repo: pyca/cryptography
  Name: validation: subject is non-optional
  #9846 woodruffw: https://github.com/pyca/cryptography/pull/9846
• Repo: pyca/cryptography
  Name: src, tests: add max_chain_depth to validation API
  #9844 woodruffw: https://github.com/pyca/cryptography/pull/9844
• Repo: pyca/cryptography
  Name: x509/validation: make algo sets non-optional
  #9821 woodruffw: https://github.com/pyca/cryptography/pull/9821
• Repo: pyca/cryptography
  Name: Add top-level ServerVerifier.verify API
  #9805 woodruffw: https://github.com/pyca/cryptography/pull/9805
• Repo: pyca/cryptography
  Name: validation: add permitted_public_key_algorithms
  #9801 woodruffw: https://github.com/pyca/cryptography/pull/9801
• Repo: pyca/cryptography
  Name: X.509: Add WebPKI SPKI AlgorithmIdentifiers
  #9800 woodruffw: https://github.com/pyca/cryptography/pull/9800
• Repo: pyca/cryptography
  Name: validation: add Rust-side extension validation helpers
  #9781 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9781
• Repo: pyca/cryptography
  Name: validation: add Rust-side certificate validation helpers
  #9757 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9757
• Repo: pyca/cryptography
  Name: x509: construct IPAddress and IPRange types
  #9346 tnytown: https://github.com/pyca/cryptography/pull/9346
• Repo: pyca/cryptography
  Name: validation/ops: make public_key return Option
  #9356 woodruffw: https://github.com/pyca/cryptography/pull/9356
• Repo: pyca/cryptography
  Name: noxfile, docs: fix posargs handling
  #9354 woodruffw: https://github.com/pyca/cryptography/pull/9354
• Repo: pyca/cryptography
  Name: Migrate more types
  #9254 woodruffw: https://github.com/pyca/cryptography/pull/9254
• Repo: pyca/cryptography
  Name: name: devolve NameReadable variant
  #9282 woodruffw: https://github.com/pyca/cryptography/pull/9282
• Repo: pyca/cryptography
  Name: extensions: explicit lifetimes
  #9225 woodruffw: https://github.com/pyca/cryptography/pull/9225
• Repo: pyca/cryptography
  Name: x509: more extension APIs
  #9213 woodruffw: https://github.com/pyca/cryptography/pull/9213
• Repo: pyca/cryptography
  Name: oid: add more extension, EKU OIDs
  #9212 woodruffw: https://github.com/pyca/cryptography/pull/9212
• Repo: pyca/cryptography
  Name: Certificate: useful APIs
  #9300 woodruffw: https://github.com/pyca/cryptography/pull/9300
• Repo: pyca/cryptography
  Name: validation: profile trait, error types
  #9299 woodruffw: https://github.com/pyca/cryptography/pull/9299
• Repo: pyca/cryptography
  Name: rust: update lockfile
  #9298 woodruffw: https://github.com/pyca/cryptography/pull/9298
• Repo: pyca/cryptography
  Name: validation: add CryptoOps trait
  #9297 woodruffw: https://github.com/pyca/cryptography/pull/9297
• Repo: pyca/cryptography
  Name: rust: add PyCryptoOps, test
  #9355 woodruffw: https://github.com/pyca/cryptography/pull/9355
• Repo: pyca/cryptography
  Name: Path validation: builder/verifier API skeletons
  #9405 woodruffw: https://github.com/pyca/cryptography/pull/9405
• Repo: pyca/cryptography
  Name: validation: add Rust-side trust store APIs
  #9744 woodruffw: https://github.com/pyca/cryptography/pull/9744
• Repo: pyca/cryptography
  Name: validation/types: add DNSConstraint, rename IPConstraint
  #9700 woodruffw: https://github.com/pyca/cryptography/pull/9700
• Repo: pyca/cryptography
  Name: x509/policy: add WebPKI permitted algorithms
  #9548 woodruffw: https://github.com/pyca/cryptography/pull/9548
• Repo: pyca/cryptography
  Name: verification: fill in policy API internals
  #9642 woodruffw: https://