Merge branch 'master' into fix_code_scan_uncontrolleddata

action/consignment_transfer.go

@@ -57,8 +57,8 @@ type (
 
 	// ConsignMsgEther is the consignment message format of Ethereum
 	ConsignMsgEther struct {
-		BucketIdx int    `json:"bucket"`
-		Nonce     int    `json:"nonce"`
+		BucketIdx uint64 `json:"bucket"`
+		Nonce     uint64 `json:"nonce"`
 		Recipient string `json:"recipient"`
 		Reclaim   string `json:"reclaim"`
 	}
@@ -148,8 +148,8 @@ func NewConsignMsg(sigType, recipient string, bucketIdx, nonce uint64) ([]byte,
 	switch sigType {
 	case "Ethereum":
 		msg := ConsignMsgEther{
-			BucketIdx: int(bucketIdx),
-			Nonce:     int(nonce),
+			BucketIdx: bucketIdx,
+			Nonce:     nonce,
 			Recipient: recipient,
 			Reclaim:   _reclaim,
 		}

action/protocol/staking/handlers_test.go

@@ -2057,7 +2057,7 @@ func TestProtocol_HandleConsignmentTransfer(t *testing.T) {
 		// transfer to test.to through consignment
 		var consign []byte
 		if !test.nilPayload {
-			consign = newconsignment(require, int(test.sigIndex), int(test.sigNonce), test.bucketOwner, test.to.String(), test.consignType, test.reclaim, test.wrongSig)
+			consign = newconsignment(require, test.sigIndex, test.sigNonce, test.bucketOwner, test.to.String(), test.consignType, test.reclaim, test.wrongSig)
 		}
 
 		act, err := action.NewTransferStake(1, caller.String(), 0, consign, gasLimit, gasPrice)
@@ -2713,7 +2713,7 @@ func depositGas(ctx context.Context, sm protocol.StateManager, gasFee *big.Int)
 	return nil, accountutil.StoreAccount(sm, actionCtx.Caller, acc)
 }
 
-func newconsignment(r *require.Assertions, bucketIdx, nonce int, senderPrivate, recipient, consignTpye, reclaim string, wrongSig bool) []byte {
+func newconsignment(r *require.Assertions, bucketIdx, nonce uint64, senderPrivate, recipient, consignTpye, reclaim string, wrongSig bool) []byte {
 	msg := action.ConsignMsgEther{
 		BucketIdx: bucketIdx,
 		Nonce:     nonce,

api/grpcserver_test.go

@@ -104,7 +104,20 @@ func TestGrpcServer_GetReceiptByAction(t *testing.T) {
 }
 
 func TestGrpcServer_GetServerMeta(t *testing.T) {
+	require := require.New(t)
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	core := mock_apicoreservice.NewMockCoreService(ctrl)
+	grpcSvr := newGRPCHandler(core)
 
+	core.EXPECT().ServerMeta().Return("packageVersion", "packageCommitID", "gitStatus", "goVersion", "buildTime")
+	res, err := grpcSvr.GetServerMeta(context.Background(), &iotexapi.GetServerMetaRequest{})
+	require.NoError(err)
+	require.Equal("packageVersion", res.ServerMeta.PackageVersion)
+	require.Equal("packageCommitID", res.ServerMeta.PackageCommitID)
+	require.Equal("gitStatus", res.ServerMeta.GitStatus)
+	require.Equal("goVersion", res.ServerMeta.GoVersion)
+	require.Equal("buildTime", res.ServerMeta.BuildTime)
 }
 
 func TestGrpcServer_ReadContract(t *testing.T) {

blockchain/integrity/integrity_test.go

@@ -11,7 +11,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"math/big"
-	"sync"
+	"sync/atomic"
 	"testing"
 	"time"
 
@@ -832,22 +832,17 @@ func TestBlockchain_MintNewBlock_PopAccount(t *testing.T) {
 }
 
 type MockSubscriber struct {
-	counter int
-	mu      sync.RWMutex
+	counter int32
 }
 
 func (ms *MockSubscriber) ReceiveBlock(blk *block.Block) error {
-	ms.mu.Lock()
 	tsfs, _ := classifyActions(blk.Actions)
-	ms.counter += len(tsfs)
-	ms.mu.Unlock()
+	atomic.AddInt32(&ms.counter, int32(len(tsfs)))
 	return nil
 }
 
 func (ms *MockSubscriber) Counter() int {
-	ms.mu.RLock()
-	defer ms.mu.RUnlock()
-	return ms.counter
+	return int(atomic.LoadInt32(&ms.counter))
 }
 
 func TestConstantinople(t *testing.T) {
@@ -1142,8 +1137,12 @@ func TestLoadBlockchainfromDB(t *testing.T) {
 		height := bc.TipHeight()
 		fmt.Printf("Open blockchain pass, height = %d\n", height)
 		require.NoError(addTestingTsfBlocks(cfg, bc, dao, ap))
+		//make sure pubsub is completed
+		err = testutil.WaitUntil(200*time.Millisecond, 3*time.Second, func() (bool, error) {
+			return 24 == ms.Counter(), nil
+		})
+		require.NoError(err)
 		require.NoError(bc.Stop(ctx))
-		require.Equal(24, ms.Counter())
 
 		// Load a blockchain from DB
 		bc = blockchain.NewBlockchain(

blockchain/pubsubmanager.go

@@ -93,8 +93,8 @@ func (ps *pubSub) RemoveBlockListener(s BlockCreationSubscriber) error {
 
 // SendBlockToSubscribers sends block to every subscriber by using buffer channel
 func (ps *pubSub) SendBlockToSubscribers(blk *block.Block) {
-	ps.lock.Lock()
-	defer ps.lock.Unlock()
+	ps.lock.RLock()
+	defer ps.lock.RUnlock()
 	for _, elem := range ps.blocklisteners {
 		elem.pendingBlksBuffer <- blk
 	}

e2etest/util.go

@@ -11,6 +11,7 @@ import (
 	"encoding/hex"
 	"math/big"
 	"os"
+	"path/filepath"
 
 	"github.com/iotexproject/go-pkgs/hash"
 	"github.com/pkg/errors"
@@ -194,7 +195,7 @@ func addTestingTsfBlocks(bc blockchain.Blockchain, ap actpool.ActPool) error {
 }
 
 func copyDB(srcDB, dstDB string) error {
-	input, err := os.ReadFile(srcDB)
+	input, err := os.ReadFile(filepath.Clean(srcDB))
 	if err != nil {
 		return errors.Wrap(err, "failed to read source db file")
 	}

ioctl/client.go

@@ -17,6 +17,7 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 
 	"github.com/ethereum/go-ethereum/accounts/keystore"
@@ -257,7 +258,7 @@ func (c *client) NewKeyStore() *keystore.KeyStore {
 }
 
 func (c *client) DecryptPrivateKey(passwordOfKeyStore, keyStorePath string) (*ecdsa.PrivateKey, error) {
-	keyJSON, err := os.ReadFile(keyStorePath)
+	keyJSON, err := os.ReadFile(filepath.Clean(keyStorePath))
 	if err != nil {
 		return nil, fmt.Errorf("keystore file \"%s\" read error", keyStorePath)
 	}

ioctl/cmd/account/account.go

@@ -306,7 +306,7 @@ func newAccountByKey(alias string, privateKey string, walletDir string) (string,
 }
 
 func newAccountByKeyStore(alias, passwordOfKeyStore, keyStorePath string, walletDir string) (string, error) {
-	keyJSON, err := os.ReadFile(keyStorePath)
+	keyJSON, err := os.ReadFile(filepath.Clean(keyStorePath))
 	if err != nil {
 		return "", output.NewError(output.ReadFileError,
 			fmt.Sprintf("keystore file \"%s\" read error", keyStorePath), nil)

ioctl/cmd/bc/bcbucketlist.go

@@ -87,24 +87,26 @@ func (m *bucketlistMessage) String() string {
 
 // getBucketList get bucket list from chain
 func getBucketList(method, addr string, args ...string) (err error) {
-	offset, limit := uint64(0), uint64(1000)
+	offset, limit := uint32(0), uint32(1000)
 	if len(args) > 0 {
-		offset, err = strconv.ParseUint(args[0], 10, 64)
+		val, err := strconv.ParseUint(args[0], 10, 32)
 		if err != nil {
 			return output.NewError(output.ValidationError, "invalid offset", err)
 		}
+		offset = uint32(val)
 	}
 	if len(args) > 1 {
-		limit, err = strconv.ParseUint(args[1], 10, 64)
+		val, err := strconv.ParseUint(args[1], 10, 32)
 		if err != nil {
 			return output.NewError(output.ValidationError, "invalid limit", err)
 		}
+		limit = uint32(val)
 	}
 	switch method {
 	case _bucketlistMethodByVoter:
-		return getBucketListByVoter(addr, uint32(offset), uint32(limit))
+		return getBucketListByVoter(addr, offset, limit)
 	case _bucketlistMethodByCandidate:
-		return getBucketListByCand(addr, uint32(offset), uint32(limit))
+		return getBucketListByCand(addr, offset, limit)
 	}
 	return output.NewError(output.InputError, "unknown <method>", nil)
 }

ioctl/cmd/contract/contract.go

@@ -10,6 +10,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"os"
+	"path/filepath"
 
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	"github.com/ethereum/go-ethereum/common/compiler"
@@ -101,7 +102,7 @@ func checkCompilerVersion(solc *compiler.Solidity) bool {
 }
 
 func readAbiFile(abiFile string) (*abi.ABI, error) {
-	abiBytes, err := os.ReadFile(abiFile)
+	abiBytes, err := os.ReadFile(filepath.Clean(abiFile))
 	if err != nil {
 		return nil, output.NewError(output.ReadFileError, "failed to read abi file", err)
 	}

ioctl/cmd/contract/contractshare.go

@@ -92,7 +92,7 @@ func isDir(path string) bool {
 
 func isReadOnly(path string) bool {
 	var readOnly = false
-	file, err := os.OpenFile(path, os.O_WRONLY, 0666)
+	file, err := os.OpenFile(filepath.Clean(path), os.O_WRONLY, 0666)
 	if err != nil {
 		if os.IsPermission(err) {
 			log.Println("Error: Write permission denied.")
@@ -202,7 +202,7 @@ func share(args []string) error {
 					log.Println("clean file path failed: ", err)
 					break
 				}
-				getPayloadPath = filepath.Join(_givenPath, getPayloadPath)
+				getPayloadPath = filepath.Clean(filepath.Join(_givenPath, getPayloadPath))
 				upload, err := os.ReadFile(getPayloadPath)
 				if err != nil {
 					log.Println("read file failed: ", err)

ioctl/cmd/hdwallet/hdwalletderive.go

@@ -10,6 +10,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"path/filepath"
 
 	ecrypt "github.com/ethereum/go-ethereum/crypto"
 	hdwallet "github.com/miguelmota/go-ethereum-hdwallet"
@@ -71,7 +72,7 @@ func DeriveKey(account, change, index uint32, password string) (string, crypto.P
 		return "", nil, output.NewError(output.InputError, "Run 'ioctl hdwallet create' to create your HDWallet first.", nil)
 	}
 
-	enctxt, err := os.ReadFile(hdWalletConfigFile)
+	enctxt, err := os.ReadFile(filepath.Clean(hdWalletConfigFile))
 	if err != nil {
 		return "", nil, output.NewError(output.InputError, "failed to read config", err)
 	}

ioctl/config/config.go

@@ -9,6 +9,7 @@ package config
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v2"
@@ -137,7 +138,7 @@ func LoadConfig() (Config, error) {
 	ReadConfig := Config{
 		Aliases: make(map[string]string),
 	}
-	in, err := os.ReadFile(DefaultConfigFile)
+	in, err := os.ReadFile(filepath.Clean(DefaultConfigFile))
 	if err == nil {
 		if err := yaml.Unmarshal(in, &ReadConfig); err != nil {
 			return ReadConfig, err

ioctl/doc/doc.go

@@ -32,7 +32,7 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 		filename = filepath.Join(path, "README.md")
 	}
 
-	f, err := os.Create(filename)
+	f, err := os.Create(filepath.Clean(filename))
 	if err != nil {
 		return err
 	}