From 2c94fb2c70bbdb82b981903944d1e58923934b43 Mon Sep 17 00:00:00 2001 From: Vladimir Babin Date: Wed, 17 Jun 2026 17:44:23 +0800 Subject: [PATCH 1/3] chore: narrow header namespace usings and pin submodules Header hygiene (reduce namespace pollution leaked to every consumer): - F020 fork_database.hpp: replace 'using namespace boost::multi_index;' with the 7 specific names the index typedef uses. Verified no consumer relies on the leak. - F023/F024 dlt_block_log.hpp / block_log.hpp: replace 'using namespace graphene::protocol;' with the only two names used (signed_block, optional). Submodules (F032): drop 'branch =' from .gitmodules so a stray 'submodule update --remote' cannot silently advance the pinned commits. CI/Docker use 'submodule update --init --recursive' (recorded SHAs), so build behaviour is unchanged. Deliberately NOT touched (load-bearing, the audit's 'move to .cpp' is wrong for these): - F021 chain_object_types.hpp 'using namespace boost::multi_index;' is relied on by 13+ object headers (account_object.hpp uses 58 bare bmi tokens with no using of its own). Removing it cascade-breaks the object layer; it needs per-consumer usings added first. - F022 operation_util_impl.hpp: same risk class (broad visitor include). --- .gitmodules | 3 --- libraries/chain/include/graphene/chain/block_log.hpp | 3 ++- libraries/chain/include/graphene/chain/dlt_block_log.hpp | 3 ++- libraries/chain/include/graphene/chain/fork_database.hpp | 8 +++++++- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitmodules b/.gitmodules index 30cd2f4551..b71046518f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,12 +1,9 @@ [submodule "thirdparty/fc"] path = thirdparty/fc url = https://github.com/VIZ-Blockchain/fc.git - branch = master [submodule "thirdparty/chainbase"] path = thirdparty/chainbase url = https://github.com/VIZ-Blockchain/chainbase.git - branch = lib-boost-1.71 [submodule "thirdparty/appbase"] path = thirdparty/appbase url = https://github.com/VIZ-Blockchain/appbase.git - branch = lib-boost-1.71 diff --git a/libraries/chain/include/graphene/chain/block_log.hpp b/libraries/chain/include/graphene/chain/block_log.hpp index 83e4778128..b90c6c2843 100644 --- a/libraries/chain/include/graphene/chain/block_log.hpp +++ b/libraries/chain/include/graphene/chain/block_log.hpp @@ -6,7 +6,8 @@ namespace graphene { namespace chain { - using namespace graphene::protocol; + using graphene::protocol::signed_block; + using fc::optional; namespace detail { class block_log_impl; } diff --git a/libraries/chain/include/graphene/chain/dlt_block_log.hpp b/libraries/chain/include/graphene/chain/dlt_block_log.hpp index c8d6893359..5b6bb9055b 100644 --- a/libraries/chain/include/graphene/chain/dlt_block_log.hpp +++ b/libraries/chain/include/graphene/chain/dlt_block_log.hpp @@ -7,7 +7,8 @@ namespace graphene { namespace chain { - using namespace graphene::protocol; + using graphene::protocol::signed_block; + using fc::optional; namespace detail { class dlt_block_log_impl; } diff --git a/libraries/chain/include/graphene/chain/fork_database.hpp b/libraries/chain/include/graphene/chain/fork_database.hpp index 6c4a8c5456..2f5ed47647 100644 --- a/libraries/chain/include/graphene/chain/fork_database.hpp +++ b/libraries/chain/include/graphene/chain/fork_database.hpp @@ -12,7 +12,13 @@ namespace graphene { namespace chain { using boost::multi_index_container; - using namespace boost::multi_index; + using boost::multi_index::indexed_by; + using boost::multi_index::hashed_unique; + using boost::multi_index::hashed_non_unique; + using boost::multi_index::ordered_non_unique; + using boost::multi_index::tag; + using boost::multi_index::member; + using boost::multi_index::const_mem_fun; using graphene::protocol::signed_block; using graphene::protocol::block_id_type; From 52d561962842fdf63a6a31fdb472ef2ecfcdac18 Mon Sep 17 00:00:00 2001 From: Vladimir Babin Date: Wed, 17 Jun 2026 17:53:33 +0800 Subject: [PATCH 2/3] fix(chain): add 'using namespace graphene::protocol' to block_log .cpp The previous commit narrowed the blanket protocol using out of block_log.hpp / dlt_block_log.hpp, but block_log.cpp and dlt_block_log.cpp relied on that header leak for block_id_type and block_header. Move the using into the .cpp files (the audit's intent): headers stay minimal, the .cpp gets the full protocol namespace it implements against. Verified other consumers (database.hpp via fork_database.hpp/chain_object_types.hpp, p2p_plugin.cpp via its own usings) do not depend on the removed leak. --- libraries/chain/block_log.cpp | 3 +++ libraries/chain/dlt_block_log.cpp | 3 +++ 2 files changed, 6 insertions(+) diff --git a/libraries/chain/block_log.cpp b/libraries/chain/block_log.cpp index be9b60a21a..b25d7eeef5 100644 --- a/libraries/chain/block_log.cpp +++ b/libraries/chain/block_log.cpp @@ -7,6 +7,9 @@ #include namespace graphene { namespace chain { + + using namespace graphene::protocol; + namespace detail { using read_write_mutex = boost::shared_mutex; using read_lock = boost::shared_lock; diff --git a/libraries/chain/dlt_block_log.cpp b/libraries/chain/dlt_block_log.cpp index e852060fd3..573b31ab3f 100644 --- a/libraries/chain/dlt_block_log.cpp +++ b/libraries/chain/dlt_block_log.cpp @@ -8,6 +8,9 @@ #include namespace graphene { namespace chain { + + using namespace graphene::protocol; + namespace detail { using read_write_mutex = boost::shared_mutex; using read_lock = boost::shared_lock; From 5a3d061c170bf979544f53a3e5469ea305b6efaf Mon Sep 17 00:00:00 2001 From: Vladimir Babin Date: Wed, 17 Jun 2026 18:03:05 +0800 Subject: [PATCH 3/3] =?UTF-8?q?Revert=20F023/F024=20block=5Flog=20namespac?= =?UTF-8?q?e=20narrowing=20=E2=80=94=20load-bearing=20leak?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit block_log.hpp / dlt_block_log.hpp are pulled in transitively via database.hpp across most of the codebase. Their 'using namespace graphene::protocol;' leaks the whole protocol namespace into graphene::chain, and far-flung consumers (operation_history/plugin.hpp needs annotated_signed_transaction, json_rpc/utility.hpp, ...) rely on that leak. Narrowing it cascades into widespread build breakage that can't be fixed without a per-consumer using audit — the same load-bearing situation as F021/F022, just transitive. Keeping only the genuinely-safe items in this PR: - F020 fork_database.hpp (bmi names still provided namespace-wide by chain_object_types.hpp, so no breakage) - F032 submodule pinning (no compile impact). --- libraries/chain/block_log.cpp | 3 --- libraries/chain/dlt_block_log.cpp | 3 --- libraries/chain/include/graphene/chain/block_log.hpp | 3 +-- libraries/chain/include/graphene/chain/dlt_block_log.hpp | 3 +-- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/libraries/chain/block_log.cpp b/libraries/chain/block_log.cpp index b25d7eeef5..be9b60a21a 100644 --- a/libraries/chain/block_log.cpp +++ b/libraries/chain/block_log.cpp @@ -7,9 +7,6 @@ #include namespace graphene { namespace chain { - - using namespace graphene::protocol; - namespace detail { using read_write_mutex = boost::shared_mutex; using read_lock = boost::shared_lock; diff --git a/libraries/chain/dlt_block_log.cpp b/libraries/chain/dlt_block_log.cpp index 573b31ab3f..e852060fd3 100644 --- a/libraries/chain/dlt_block_log.cpp +++ b/libraries/chain/dlt_block_log.cpp @@ -8,9 +8,6 @@ #include namespace graphene { namespace chain { - - using namespace graphene::protocol; - namespace detail { using read_write_mutex = boost::shared_mutex; using read_lock = boost::shared_lock; diff --git a/libraries/chain/include/graphene/chain/block_log.hpp b/libraries/chain/include/graphene/chain/block_log.hpp index b90c6c2843..83e4778128 100644 --- a/libraries/chain/include/graphene/chain/block_log.hpp +++ b/libraries/chain/include/graphene/chain/block_log.hpp @@ -6,8 +6,7 @@ namespace graphene { namespace chain { - using graphene::protocol::signed_block; - using fc::optional; + using namespace graphene::protocol; namespace detail { class block_log_impl; } diff --git a/libraries/chain/include/graphene/chain/dlt_block_log.hpp b/libraries/chain/include/graphene/chain/dlt_block_log.hpp index 5b6bb9055b..c8d6893359 100644 --- a/libraries/chain/include/graphene/chain/dlt_block_log.hpp +++ b/libraries/chain/include/graphene/chain/dlt_block_log.hpp @@ -7,8 +7,7 @@ namespace graphene { namespace chain { - using graphene::protocol::signed_block; - using fc::optional; + using namespace graphene::protocol; namespace detail { class dlt_block_log_impl; }