chore: add gci/dogsled/gosec/errcheckl linters

.github/workflows/cleanup_caches.yml

@@ -0,0 +1,33 @@
+name: cleanup caches by a branch
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          REPO=${{ github.repository }}
+          BRANCH="refs/pull/${{ github.event.pull_request.number }}/merge"
+
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys. 
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -26,7 +26,7 @@ jobs:
           go-version: 1.19
       - uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50.0
+          version: v1.54.2
 
   shellcheck:
     runs-on: ubuntu-latest

.golangci.yml

@@ -19,9 +19,22 @@ linters:
     - unparam
     - stylecheck
     - gocyclo
+    - gci
+    - dogsled
+    - gosec
+    - errcheck
 
 linters-settings:
   stylecheck:
     checks: ["all", "-ST1003"]
   gocyclo:
     min-complexity: 15
+  gci:
+    custom-order: true
+    sections:
+      - standard # Standard section: captures all standard packages.
+      - default # Default section: contains all imports that could not be matched to another section type.
+      - prefix(github.com/functionx/fx-core)
+  errcheck:
+    check-type-assertions: false
+    check-blank: false

Makefile

@@ -132,17 +132,23 @@ run-local: install
 ###                                Linting                                  ###
 ###############################################################################
 
-lint: format
-	@echo "--> Running linter"
-	@go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-	golangci-lint run -v --go=1.19 --out-format=tab
-
-format: format-goimports
-	golangci-lint run --fix --out-format=tab --issues-exit-code=0
+golangci_lint_cmd=golangci-lint
+golangci_version=v1.54.2
+
+lint-install:
+	@echo "--> Installing golangci-lint $(golangci_version)"
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(golangci_version)
+
+lint:
+	echo "--> Running linter"
+	$(MAKE) lint-install
+	$(golangci_lint_cmd) run --build-tags=$(GO_BUILD) --fix --out-format=tab
+	@if [ $$(find . -name '*.go' -type f | xargs grep 'nolint\|#nosec' | wc -l) -ne 41 ]; then \
+		echo "--> increase or decrease nolint, please recheck them"; \
+		echo "--> list nolint: \`find . -name '*.go' -type f | xargs grep 'nolint\|#nosec'\`"; exit 1;\
+	fi
 
-format-goimports:
-	@go install github.com/incu6us/goimports-reviser/v3@latest
-	@find . -name '*.go' -type f -not -path './build*' -not -name 'statik.go' -not -name '*.pb.go' -not -name '*.pb.gw.go' -exec goimports-reviser -use-cache -rm-unused {} \;
+format: lint
 
 lint-shell:
 	# install shellcheck > https://github.com/koalaman/shellcheck

client/cli/block_result.go

@@ -84,7 +84,8 @@ func ParseBlockResults(cdc codec.JSONCodec, blockResults *coretypes.ResultBlockR
 		txsResults = append(txsResults, TxResultToMap(cdc, txResult))
 	}
 	var validatorUpdates []json.RawMessage
-	for _, valUp := range blockResults.ValidatorUpdates {
+	for i := 0; i < len(blockResults.ValidatorUpdates); i++ {
+		valUp := blockResults.ValidatorUpdates[i]
 		valUpData, err := cdc.MarshalJSON(&valUp)
 		if err != nil {
 			return nil, err

client/cli/keys/import_test.go

@@ -96,7 +96,7 @@ HbP+c6JmeJy9JXe2rbbF1QtCX1gLqGcDQPBXiCtFvP7/8wTZtVOPj8vREzhZ9ElO
 			t.Cleanup(cleanupKeys(t, kb, "keyname1"))
 
 			keyfile := filepath.Join(kbHome, "key.asc")
-			require.NoError(t, os.WriteFile(keyfile, []byte(armoredKey), 0o644))
+			require.NoError(t, os.WriteFile(keyfile, []byte(armoredKey), 0o600))
 
 			defer func() {
 				_ = os.RemoveAll(kbHome)

cmd/config_test.go

@@ -33,11 +33,11 @@ func Test_updateCfgCmd(t *testing.T) {
 	for _, entry := range publicDir {
 		appConfig, err := os.ReadFile(fmt.Sprintf("../public/%s/app.toml", entry.Name()))
 		assert.NoError(t, err)
-		assert.NoError(t, os.WriteFile(filepath.Join(tempDir, "config/app.toml"), appConfig, 0o700))
+		assert.NoError(t, os.WriteFile(filepath.Join(tempDir, "config/app.toml"), appConfig, 0o600))
 
 		tmConfig, err := os.ReadFile(fmt.Sprintf("../public/%s/config.toml", entry.Name()))
 		assert.NoError(t, err)
-		assert.NoError(t, os.WriteFile(filepath.Join(tempDir, "config/config.toml"), tmConfig, 0o700))
+		assert.NoError(t, os.WriteFile(filepath.Join(tempDir, "config/config.toml"), tmConfig, 0o600))
 
 		rootCmd.SetArgs([]string{"config", "update"})
 		assert.NoError(t, rootCmd.Execute())

server/config/flags.go

@@ -3,9 +3,9 @@ package config
 const (
 	// BypassMinFeeMsgTypesKey defines the configuration key for the
 	// BypassMinFeeMsgTypes value.
-	BypassMinFeeMsgTypesKey = "bypass-min-fee.msg-types"
+	BypassMinFeeMsgTypesKey = "bypass-min-fee.msg-types" // #nosec G101
 
-	BypassMinFeeMsgMaxGasUsageKey = "bypass-min-fee.msg-max-gas-usage"
+	BypassMinFeeMsgMaxGasUsageKey = "bypass-min-fee.msg-max-gas-usage" // #nosec G101
 )
 
 const (

types/version.go

@@ -13,7 +13,7 @@ import (
 const (
 	MainnetChainId       = "fxcore"
 	mainnetEvmChainID    = 530
-	MainnetGenesisHash   = "56629F685970FEC1E35521FC943ACE9AEB2C53448544A0560E4DD5799E1A5593"
+	MainnetGenesisHash   = "56629F685970FEC1E35521FC943ACE9AEB2C53448544A0560E4DD5799E1A5593" //nolint:gosec
 	MainnetBlockHeightV2 = 5_713_000
 	MainnetBlockHeightV3 = 8_756_000
 	MainnetBlockHeightV4 = 10_477_500
@@ -24,7 +24,7 @@ const (
 const (
 	TestnetChainId        = "dhobyghaut"
 	testnetEvmChainID     = 90001
-	TestnetGenesisHash    = "06D0A9659E1EC5B0E57E8E2E5F1B1266094808BC9B4081E1A55011FEF4586ACE"
+	TestnetGenesisHash    = "06D0A9659E1EC5B0E57E8E2E5F1B1266094808BC9B4081E1A55011FEF4586ACE" //nolint:gosec
 	TestnetBlockHeightV2  = 3_418_880
 	TestnetBlockHeightV3  = 6_578_000
 	TestnetBlockHeightV4  = 8_088_000

x/crosschain/keeper/genesis.go

@@ -43,7 +43,8 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 	k.CommonSetOracleTotalPower(ctx)
 
 	latestOracleSetNonce := uint64(0)
-	for _, set := range state.OracleSets {
+	for i := 0; i < len(state.OracleSets); i++ {
+		set := state.OracleSets[i]
 		// 0x15 0x29
 		if set.Nonce > latestOracleSetNonce {
 			latestOracleSetNonce = set.Nonce
@@ -56,15 +57,17 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 		// 0x26 0x27
 		k.AddBridgeToken(ctx, bridgeToken.Token, bridgeToken.Denom)
 	}
-	for _, confirm := range state.BatchConfirms {
+	for i := 0; i < len(state.BatchConfirms); i++ {
+		confirm := state.BatchConfirms[i]
 		for _, oracle := range state.Oracles {
 			if confirm.BridgerAddress == oracle.BridgerAddress {
 				// 0x22
 				k.SetBatchConfirm(ctx, oracle.GetOracle(), &confirm)
 			}
 		}
 	}
-	for _, confirm := range state.OracleSetConfirms {
+	for i := 0; i < len(state.OracleSetConfirms); i++ {
+		confirm := state.OracleSetConfirms[i]
 		for _, oracle := range state.Oracles {
 			if confirm.BridgerAddress == oracle.BridgerAddress {
 				// 0x16
@@ -73,22 +76,25 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 		}
 	}
 
-	for _, transfer := range state.UnbatchedTransfers {
+	for i := 0; i < len(state.UnbatchedTransfers); i++ {
+		transfer := state.UnbatchedTransfers[i]
 		// 0x18
 		if err := k.AddUnbatchedTx(ctx, &transfer); err != nil {
 			panic(err)
 		}
 	}
 
-	for _, batch := range state.Batches {
+	for i := 0; i < len(state.Batches); i++ {
+		batch := state.Batches[i]
 		// 0x20 0x21
 		if err := k.StoreBatch(ctx, &batch); err != nil {
 			panic(err)
 		}
 	}
 
 	// reset attestations in state
-	for _, att := range state.Attestations {
+	for i := 0; i < len(state.Attestations); i++ {
+		att := state.Attestations[i]
 		claim, err := types.UnpackAttestationClaim(k.cdc, &att)
 		if err != nil {
 			panic("couldn't cast to claim")
@@ -100,7 +106,9 @@ func InitGenesis(ctx sdk.Context, k Keeper, state *types.GenesisState) {
 
 	// reset attestation state of specific validators
 	// this must be done after the above to be correct
-	for _, att := range state.Attestations {
+	for i := 0; i < len(state.Attestations); i++ {
+
+		att := state.Attestations[i]
 		claim, err := types.UnpackAttestationClaim(k.cdc, &att)
 		if err != nil {
 			panic("couldn't cast to claim")

x/crosschain/keeper/grpc_query_test.go

@@ -614,7 +614,7 @@ func (suite *CrossChainGrpcTestSuite) TestKeeper_BatchFees() {
 		{
 			name: "batch fee mul normal",
 			malleate: func() {
-				bridgeTokenList := make([]*types.BridgeToken, 0)
+				bridgeTokenList := make([]*types.BridgeToken, 2)
 
 				externalKey, _ := ethsecp256k1.GenerateKey()
 				externalAcc := common.BytesToAddress(externalKey.PubKey().Address())
@@ -629,7 +629,7 @@ func (suite *CrossChainGrpcTestSuite) TestKeeper_BatchFees() {
 					})
 					suite.Require().NoError(err)
 					denom := suite.Keeper().GetBridgeTokenDenom(suite.ctx, token)
-					bridgeTokenList = append(bridgeTokenList, denom)
+					bridgeTokenList[i] = denom
 					initBalances := sdkmath.NewIntFromUint64(1e18).Mul(sdkmath.NewInt(20000))
 					err = suite.app.BankKeeper.MintCoins(suite.ctx, minttypes.ModuleName, sdk.NewCoins(sdk.NewCoin(denom.Denom, initBalances)))
 					suite.Require().NoError(err)

x/crosschain/types/eth_signer_test.go

@@ -13,7 +13,7 @@ func TestOracleSetConfirmSig(t *testing.T) {
 		correctSig = "e108a7776de6b87183b0690484a74daef44aa6daf907e91abaf7bbfa426ae7706b12e0bd44ef7b0634710d99c2d81087a2f39e075158212343a3b2948ecf33d01c"
 		invalidSig = "fffff7776de6b87183b0690484a74daef44aa6daf907e91abaf7bbfa426ae7706b12e0bd44ef7b0634710d99c2d81087a2f39e075158212343a3b2948ecf33d01c"
 		ethAddress = "0xc783df8a850f42e7F7e57013759C285caa701eB6"
-		hash       = "88165860d955aee7dc3e83d9d1156a5864b708841965585d206dbef6e9e1a499"
+		hash       = "88165860d955aee7dc3e83d9d1156a5864b708841965585d206dbef6e9e1a499" // #nosec G101
 	)
 
 	specs := map[string]struct {

x/crosschain/types/msgs.go

@@ -807,8 +807,7 @@ func (m *MsgUpdateParams) GetSignBytes() []byte {
 
 // GetSigners returns the expected signers for a MsgUpdateParams message.
 func (m *MsgUpdateParams) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }
 
 func (m *MsgUpdateParams) ValidateBasic() error {
@@ -864,6 +863,5 @@ func (m *MsgUpdateChainOracles) ValidateBasic() error {
 }
 
 func (m *MsgUpdateChainOracles) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }

x/erc20/keeper/msg_server_test.go

@@ -636,7 +636,7 @@ func (suite *KeeperTestSuite) TestToTargetDenom() {
 					aliases = append(aliases, fmt.Sprintf("%s%s", module, helpers.GenerateAddressByModule(module)))
 				}
 				base := helpers.NewRandDenom()
-				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(fmt.Sprintf("ibc/%s/px", strings.TrimPrefix(channelID, ibcchanneltypes.ChannelPrefix))), ibcDenom
+				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(fmt.Sprintf("ibc/%s/px", strings.TrimPrefix(channelID, ibcchanneltypes.ChannelPrefix))), ibcDenom // #nosec G602
 			},
 		},
 		{
@@ -651,7 +651,7 @@ func (suite *KeeperTestSuite) TestToTargetDenom() {
 					aliases = append(aliases, fmt.Sprintf("%s%s", module, helpers.GenerateAddressByModule(module)))
 				}
 				base := helpers.NewRandDenom()
-				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(fmt.Sprintf("ibc/%s/px", strings.TrimPrefix(channelID, ibcchanneltypes.ChannelPrefix))), aliases[0]
+				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(fmt.Sprintf("ibc/%s/px", strings.TrimPrefix(channelID, ibcchanneltypes.ChannelPrefix))), aliases[0] // #nosec G602
 			},
 		},
 		{
@@ -676,7 +676,7 @@ func (suite *KeeperTestSuite) TestToTargetDenom() {
 					i++
 				}
 				base := helpers.NewRandDenom()
-				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(idxModule), idxDenom
+				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(idxModule), idxDenom // #nosec G602
 			},
 		},
 		{
@@ -701,7 +701,7 @@ func (suite *KeeperTestSuite) TestToTargetDenom() {
 					i++
 				}
 				base := helpers.NewRandDenom()
-				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(idxModule), aliases[0]
+				return aliases[0], base, append(aliases, ibcDenom), fxtypes.ParseFxTarget(idxModule), aliases[0] // #nosec G602
 			},
 		},
 	}
@@ -1059,7 +1059,7 @@ func (suite *KeeperTestSuite) TestConvertDenom() {
 			}
 
 			coinBalance := suite.app.BankKeeper.GetBalance(suite.ctx, signer.AccAddress(), coin.Denom)
-			addr, _ := sdk.AccAddressFromBech32(msg.Receiver)
+			addr := sdk.MustAccAddressFromBech32(msg.Receiver)
 
 			expCoinBalance := suite.app.BankKeeper.GetBalance(suite.ctx, addr, expCoin.Denom)
 			_, err = suite.app.Erc20Keeper.ConvertDenom(sdk.WrapSDKContext(suite.ctx), &msg)

x/erc20/types/events.go

@@ -6,7 +6,7 @@ const (
 	EventTypeConvertDenom            = "convert_denom"
 	EventTypeRegisterCoin            = "register_coin"
 	EventTypeRegisterERC20           = "register_erc20"
-	EventTypeToggleTokenRelay        = "toggle_token_relay"
+	EventTypeToggleTokenRelay        = "toggle_token_relay" // #nosec G101
 	EventTypeERC20Processing         = "erc20_processing"
 	EventTypeRelayTransfer           = "relay_transfer"
 	EventTypeRelayTransferCrossChain = "relay_transfer_cross_chain"

x/erc20/types/msg.go

@@ -33,7 +33,7 @@ const (
 
 	TypeMsgRegisterCoin          = "register_coin"
 	TypeMsgRegisterERC20         = "register_erc20"
-	TypeMsgToggleTokenConversion = "toggle_token_conversion"
+	TypeMsgToggleTokenConversion = "toggle_token_conversion" // #nosec G101
 	TypeMsgUpdateDenomAlias      = "update_denom_alias"
 )
 
@@ -180,8 +180,7 @@ func (m *MsgUpdateParams) GetSignBytes() []byte {
 
 // GetSigners returns the expected signers for a MsgUpdateParams message.
 func (m *MsgUpdateParams) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }
 
 func (m *MsgUpdateParams) ValidateBasic() error {
@@ -224,8 +223,7 @@ func (m *MsgRegisterCoin) ValidateBasic() error {
 }
 
 func (m *MsgRegisterCoin) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }
 
 // Route returns the MsgRegisterERC20 message route.
@@ -265,8 +263,7 @@ func (m *MsgRegisterERC20) ValidateBasic() error {
 }
 
 func (m *MsgRegisterERC20) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }
 
 // Route returns the MsgToggleTokenConversion message route.
@@ -295,8 +292,7 @@ func (m *MsgToggleTokenConversion) ValidateBasic() error {
 }
 
 func (m *MsgToggleTokenConversion) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }
 
 // Route returns the MsgUpdateDenomAlias message route.
@@ -326,6 +322,5 @@ func (m *MsgUpdateDenomAlias) ValidateBasic() error {
 }
 
 func (m *MsgUpdateDenomAlias) GetSigners() []sdk.AccAddress {
-	addr, _ := sdk.AccAddressFromBech32(m.Authority)
-	return []sdk.AccAddress{addr}
+	return []sdk.AccAddress{sdk.MustAccAddressFromBech32(m.Authority)}
 }

x/erc20/types/proposal.go

@@ -17,7 +17,7 @@ import (
 const (
 	ProposalTypeRegisterCoin          string = "RegisterCoin"
 	ProposalTypeRegisterERC20         string = "RegisterERC20"
-	ProposalTypeToggleTokenConversion string = "ToggleTokenConversion" // #nosec
+	ProposalTypeToggleTokenConversion string = "ToggleTokenConversion" // #nosec G101
 	ProposalTypeUpdateDenomAlias      string = "UpdateDenomAlias"
 )