Add Python security audit script, remove invalid demo metadata #3
Conversation
|
@yangl1996 Hi, would you mind taking a look when convenient? Thanks! |
There was a problem hiding this comment.
The workflow should include a step to install all Python dependencies required by security_audit.py. If you add more dependencies in the future, using a requirements.txt file may be better for maintainability.
Add fail-fast: false under jobs if you plan to add more jobs in the future for better workflow management.
Optionally, add a step to check Python code formatting (e.g., with black or flake8) for code quality.
There was a problem hiding this comment.
The GitHub username "Mrthang0597" has an uppercase "M", but GitHub usernames are case-insensitive and typically written in lowercase. For consistency, you might want to change "github": "Mrthang0597" to "github": "mrthang0597".
The field "contribution": "metadata update or data contribution" is fine, but if possible, specify the exact type of contribution for clarity (e.g., "metadata update").
There was a problem hiding this comment.
In is_valid_ipfs(cid), the regex assumes all CIDs are 46 alphanumeric chars. However, IPFS CIDs can be both v0 (Qm…) and v1 (bafy…). Consider using a more flexible CID validation or a library for robustness.
In audit_chain(), the variable cid is used for both chainId and as an IPFS CID. Consider renaming one for clarity.
The script loads icon metadata files as JSON but assumes they are lists. Consider catching exceptions for malformed files for robustness.
Requests is imported but never used; you can remove import requests unless you plan to use it.
3 participants
This PR adds a Python script to validate metadata JSON files under
_data/chains/:✅ Features:
🧹 Cleanup:
megaethdemo.json, which was not a valid metadata file (contained Solidity code)This improves metadata hygiene and prepares for future CI integration.