fix and create test for address generator

[maxrobot]

Summary by CodeRabbit

• New Features

  • Introduced a new dependency for regular expression support.
  • Enhanced address generation logic with improved randomness and serialization.
  • Added unit tests to verify address generation correctness and uniqueness.

• Bug Fixes

  • Updated dependency versions for better performance and security.

[coderabbitai]

Walkthrough

The changes in this pull request involve updates to the Cargo.toml files for both the main project and the injective-testing package, focusing on dependency management. A new dependency, regex, has been added, and the version of secp256k1 has been updated. Additionally, the injective-testing package has seen a version increment and modifications to its dependencies. The address_generator.rs file has been updated to enhance the address generation logic and includes new unit tests for the generate_inj_address function.

Changes

File	Change Summary
Cargo.toml	- Added new dependency: regex = { version = "1.11.1" } - Updated secp256k1 version from 0.6.2 to 0.30.0 with feature rand - Updated injective-std version specification to =1.13.2
packages/injective-testing/Cargo.toml	- Version updated from 1.1.1 to 1.1.3 - Added new dependency: regex = { workspace = true } - Updated paths for injective-cosmwasm, injective-math, and injective-std to include workspace attribute
packages/injective-testing/src/multi_test/address_generator.rs	- Replaced rand::OsRng with rand::thread_rng() for key generation - Updated public key serialization method - Added new test module and function for address generation validation

Possibly related PRs

• Feat/stargate tester contract #220: The changes in the Cargo.toml file for the injective-std dependency declaration are relevant as both PRs involve updates to the Cargo.toml files, specifically regarding the injective-std dependency.
• Remove unused dependencies #227: This PR also modifies the Cargo.toml file for the injective-testing package, which includes changes to the injective-std dependency declaration, aligning with the updates made in the main PR.
• Feat/unused deps #244: Similar to the main PR, this PR involves modifications to the Cargo.toml files, including the injective-std dependency, indicating a related focus on dependency management.
• feat: added staking denom #245: This PR updates the Cargo.toml for injective-testing, which includes the injective-std dependency, making it relevant to the changes in the main PR.

Suggested reviewers

• jbernal87

🐰 In the garden where I play,
New dependencies come to stay.
Regex joins the happy crew,
Secp256k1’s grown anew.
With tests to check our work is right,
Address generation shines so bright! 🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 5ab2ab5 and 3ee3ee8.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• Cargo.toml (3 hunks)
• packages/injective-testing/Cargo.toml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• Cargo.toml
• packages/injective-testing/Cargo.toml

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

packages/injective-testing/src/multi_test/address_generator.rs (1)

101-130: Consider enhancing test coverage

While the current tests are good, consider these improvements:

1. Add test cases for edge cases (e.g., error conditions)
2. Extract the regex pattern length (39) into a constant to match ADDRESS_LENGTH
3. Add more uniqueness test iterations

Example enhancement:

 mod tests {
     use super::*;
     use regex::Regex;
+    const BECH32_ADDRESS_LENGTH: usize = 39;
+    const UNIQUENESS_TEST_ITERATIONS: usize = 100;

     #[test]
     fn test_generate_inj_address() {
         // ... existing tests ...

+        // Test multiple addresses for uniqueness
+        let mut addresses = std::collections::HashSet::new();
+        for _ in 0..UNIQUENESS_TEST_ITERATIONS {
+            let addr = generate_inj_address();
+            assert!(addresses.insert(addr.to_string()), "Generated duplicate address");
+        }
     }

+    #[test]
+    fn test_address_length_constants() {
+        // Verify our constants are correctly related
+        assert_eq!(ADDRESS_LENGTH / 2, ADDRESS_BYTES);
+        assert_eq!(KECCAK_OUTPUT_BYTES - ADDRESS_BYTES, ADDRESS_BYTE_INDEX);
+    }
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 78f9ab9 and e90514b.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• Cargo.toml (1 hunks)
• packages/injective-testing/Cargo.toml (2 hunks)
• packages/injective-testing/src/multi_test/address_generator.rs (3 hunks)

🔇 Additional comments (3)

packages/injective-testing/Cargo.toml (1)

8-8: LGTM! Dependencies align with implementation changes

The version bump and dependency changes appropriately support the address generator improvements:

• regex addition supports the new test validations
• secp256k1 rand feature enables the new key generation approach

Also applies to: 21-22

Cargo.toml (1)

36-36: Verify impact of major secp256k1 version upgrade

The upgrade from secp256k1 v0.6.2 to v0.30.0 is a significant version jump that may introduce breaking changes.

Also applies to: 38-38

✅ Verification successful

Let me gather more information about the actual usage of secp256k1 in the codebase.

---

Let me check the actual implementation to see how secp256k1 is being used.

---

secp256k1 upgrade is safe to proceed

The secp256k1 usage is limited to a test utility in packages/injective-testing for generating Injective addresses. The implementation only uses basic functionality (key generation, public key derivation) that has remained stable across versions. The code:

• Creates a new Secp256k1 context
• Generates a random SecretKey
• Derives PublicKey from SecretKey
• Uses the serialized public key for address generation

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for all secp256k1 usages to verify compatibility
rg --type rust 'use.*secp256k1' -A 5

Length of output: 590

---

Script:

#!/bin/bash
# Search for actual secp256k1 function/type usages
rg --type rust "Secp256k1|SecretKey|PublicKey" -A 5

# Also check for any potential test files using secp256k1
fd -e rs "test" --exec grep -l "secp256k1"

Length of output: 1574

---

Script:

#!/bin/bash
# Get the full content of the file using secp256k1
cat packages/injective-testing/src/multi_test/address_generator.rs

Length of output: 4434

packages/injective-testing/src/multi_test/address_generator.rs (1)

82-85: LGTM! Address generation follows standard practices

The implementation correctly follows Ethereum-style address generation with proper Injective bech32 encoding.

[coderabbitai]

⚠️ Potential issue

Security concern: Use OsRng instead of thread_rng for cryptographic operations

Using thread_rng() for cryptographic key generation is less secure than OsRng. For cryptographic operations, it's recommended to use the system's secure random number generator.

Apply this change:

-    let secret_key = SecretKey::new(&mut rand::thread_rng());
+    let secret_key = SecretKey::new(&mut rand::OsRng);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	let secret_key = SecretKey::new(&mut rand::thread_rng());
	let public_key = PublicKey::from_secret_key(&secp256k1, &secret_key);
	let public_key_array = &public_key.serialize()[1..];
	let secret_key = SecretKey::new(&mut rand::OsRng);
	let public_key = PublicKey::from_secret_key(&secp256k1, &secret_key);
	let public_key_array = &public_key.serialize()[1..];

[jbernal87]

Did 1.13.2 did not exist already ?

[jbernal87]

LGTM