Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: remove duplicate gosec & lint fixes (backport #21685) #21686

Merged
merged 2 commits into from
Sep 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 0 additions & 45 deletions .github/workflows/gosec.yml

This file was deleted.

46 changes: 6 additions & 40 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,6 @@ issues:
- crypto/keys/secp256k1/internal/*
- types/coin_regex.go
exclude-rules:
- text: "Use of weak random number generator"
linters:
- gosec
- text: "ST1003:"
linters:
- stylecheck
Expand Down Expand Up @@ -95,44 +92,13 @@ linters-settings:
disabled: true

gosec:
# To select a subset of rules to run.
# Available rules: https://github.com/securego/gosec#available-rules
# Default: [] - means include all rules
includes:
# - G101 # Look for hard coded credentials
- G102 # Bind to all interfaces
- G103 # Audit the use of unsafe block
- G104 # Audit errors not checked
- G106 # Audit the use of ssh.InsecureIgnoreHostKey
- G107 # Url provided to HTTP request as taint input
- G108 # Profiling endpoint automatically exposed on /debug/pprof
- G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
- G110 # Potential DoS vulnerability via decompression bomb
- G111 # Potential directory traversal
- G112 # Potential slowloris attack
- G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
- G114 # Use of net/http serve function that has no support for setting timeouts
- G201 # SQL query construction using format string
- G202 # SQL query construction using string concatenation
- G203 # Use of unescaped data in HTML templates
- G204 # Audit use of command execution
- G301 # Poor file permissions used when creating a directory
- G302 # Poor file permissions used with chmod
- G303 # Creating tempfile using a predictable path
- G304 # File path provided as taint input
- G305 # File traversal when extracting zip/tar archive
- G306 # Poor file permissions used when writing to a new file
- G307 # Deferring a method which returns an error
- G401 # Detect the usage of DES, RC4, MD5 or SHA1
- G402 # Look for bad TLS connection settings
- G403 # Ensure minimum RSA key length of 2048 bits
- G404 # Insecure random number source (rand)
- G501 # Import blocklist: crypto/md5
- G502 # Import blocklist: crypto/des
- G503 # Import blocklist: crypto/rc4
- G504 # Import blocklist: net/http/cgi
- G505 # Import blocklist: crypto/sha1
- G601 # Implicit memory aliasing of items from a range statement
excludes:
- G101 # Potential hardcoded credentials
- G107 # Potential HTTP request made with variable url
- G404 # Use of weak random number generator (math/rand instead of crypto/rand)
exclude-generated: true
confidence: medium
misspell:
locale: US
gofumpt:
Expand Down
7 changes: 5 additions & 2 deletions server/v2/cometbft/abci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -575,7 +575,7 @@ func TestConsensus_Query(t *testing.T) {
c := setUpConsensus(t, 100_000, cometmock.MockMempool[mock.Tx]{})

// Write data to state storage
c.store.GetStateStorage().ApplyChangeset(1, &store.Changeset{
err := c.store.GetStateStorage().ApplyChangeset(1, &store.Changeset{
Changes: []store.StateChanges{
{
Actor: actorName,
Expand All @@ -589,8 +589,9 @@ func TestConsensus_Query(t *testing.T) {
},
},
})
require.NoError(t, err)

_, err := c.InitChain(context.Background(), &abciproto.InitChainRequest{
_, err = c.InitChain(context.Background(), &abciproto.InitChainRequest{
Time: time.Now(),
ChainId: "test",
InitialHeight: 1,
Expand Down Expand Up @@ -630,6 +631,8 @@ func TestConsensus_Query(t *testing.T) {
}

func setUpConsensus(t *testing.T, gasLimit uint64, mempool mempool.Mempool[mock.Tx]) *Consensus[mock.Tx] {
t.Helper()

msgRouterBuilder := getMsgRouterBuilder(t, func(ctx context.Context, msg *gogotypes.BoolValue) (*gogotypes.BoolValue, error) {
return nil, nil
})
Expand Down
5 changes: 2 additions & 3 deletions server/v2/cometbft/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,6 @@ import (
"strconv"
"strings"

"github.com/spf13/cobra"
"sigs.k8s.io/yaml"

cmtcfg "github.com/cometbft/cometbft/config"
cmtjson "github.com/cometbft/cometbft/libs/json"
"github.com/cometbft/cometbft/node"
Expand All @@ -18,6 +15,8 @@ import (
rpchttp "github.com/cometbft/cometbft/rpc/client/http"
cmtversion "github.com/cometbft/cometbft/version"
gogoproto "github.com/cosmos/gogoproto/proto"
"github.com/spf13/cobra"
"sigs.k8s.io/yaml"

"cosmossdk.io/server/v2/cometbft/client/rpc"

Expand Down
19 changes: 12 additions & 7 deletions server/v2/cometbft/internal/mock/mock_store.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,17 +91,22 @@ func (s *MockStore) GetStateCommitment() storev2.Committer {
return s.Committer
}

type Result struct {
key []byte
value []byte
version uint64
proofOps []proof.CommitmentOp
}

func (s *MockStore) Query(storeKey []byte, version uint64, key []byte, prove bool) (storev2.QueryResult, error) {
state, err := s.StateAt(version)
if err != nil {
return storev2.QueryResult{}, err
}

reader, err := state.GetReader(storeKey)
if err != nil {
return storev2.QueryResult{}, err
}

value, err := reader.Get(key)
if err != nil {
return storev2.QueryResult{}, err
}

res := storev2.QueryResult{
Key: key,
Value: value,
Expand Down
4 changes: 2 additions & 2 deletions testutil/rest.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func GetRequestWithHeaders(url string, headers map[string]string) ([]byte, error
// GetRequest defines a wrapper around an HTTP GET request with a provided URL.
// An error is returned if the request or reading the body fails.
func GetRequest(url string) ([]byte, error) {
res, err := http.Get(url) //nolint:gosec // only used for testing
res, err := http.Get(url)
if err != nil {
return nil, err
}
Expand All @@ -61,7 +61,7 @@ func GetRequest(url string) ([]byte, error) {
// PostRequest defines a wrapper around an HTTP POST request with a provided URL and data.
// An error is returned if the request or reading the body fails.
func PostRequest(url, contentType string, data []byte) ([]byte, error) {
res, err := http.Post(url, contentType, bytes.NewBuffer(data)) //nolint:gosec // only used for testing
res, err := http.Post(url, contentType, bytes.NewBuffer(data))
if err != nil {
return nil, fmt.Errorf("error while sending post request: %w", err)
}
Expand Down
Loading