Skip to content

Commit

Permalink
add gosec suppressions/fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
gartnera committed Oct 28, 2024
1 parent 4a032cd commit b1692f5
Show file tree
Hide file tree
Showing 25 changed files with 119 additions and 45 deletions.
2 changes: 1 addition & 1 deletion app/ante/authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func NewAuthzLimiterDecorator(disabledMsgTypes []string) AuthzLimiterDecorator {

func (ald AuthzLimiterDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (newCtx sdk.Context, err error) {
if err := ald.checkDisabledMsgs(tx.GetMsgs(), false, 0); err != nil {
return ctx, errorsmod.Wrapf(errortypes.ErrUnauthorized, err.Error())
return ctx, errorsmod.Wrapf(errortypes.ErrUnauthorized, "%v", err)
}
return next(ctx, tx, simulate)
}
Expand Down
2 changes: 2 additions & 0 deletions app/ante/fee_checker.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ func checkTxFeeWithValidatorMinGasPrices(ctx sdk.Context, tx sdk.FeeTx) (sdk.Coi

// Determine the required fees by multiplying each required minimum gas
// price by the gas limit, where fee = ceil(minGasPrice * gasLimit).
// #nosec G115 always in range
glDec := sdk.NewDec(int64(gas))

for i, gp := range minGasPrices {
Expand All @@ -132,6 +133,7 @@ func checkTxFeeWithValidatorMinGasPrices(ctx sdk.Context, tx sdk.FeeTx) (sdk.Coi
}
}

// #nosec G115 always in range
priority := getTxPriority(feeCoins, int64(gas))
return feeCoins, priority, nil
}
Expand Down
1 change: 1 addition & 0 deletions app/ante/setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ func (eeed EthEmitEventDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulat
ctx.EventManager().EmitEvent(sdk.NewEvent(
evmtypes.EventTypeEthereumTx,
sdk.NewAttribute(evmtypes.AttributeKeyEthereumTxHash, msgEthTx.Hash),
// #nosec G115 index always positive
sdk.NewAttribute(evmtypes.AttributeKeyTxIndex, strconv.FormatUint(txIndex+uint64(i), 10)),
))
}
Expand Down
2 changes: 1 addition & 1 deletion ethereum/eip712/domain.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func createEIP712Domain(chainID uint64) apitypes.TypedDataDomain {
domain := apitypes.TypedDataDomain{
Name: "Cosmos Web3",
Version: "1.0.0",
ChainId: math.NewHexOrDecimal256(int64(chainID)), // #nosec G701
ChainId: math.NewHexOrDecimal256(int64(chainID)), // #nosec G701 G115

Check failure

Code scanning / gosec

Potential integer overflow by integer type conversion Error

Potential integer overflow by integer type conversion
VerifyingContract: "cosmos",
Salt: "0",
}
Expand Down
5 changes: 3 additions & 2 deletions ethereum/eip712/eip712_legacy.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,9 @@ func LegacyWrapTxToTypedData(
}

domain := apitypes.TypedDataDomain{
Name: "Cosmos Web3",
Version: "1.0.0",
Name: "Cosmos Web3",
Version: "1.0.0",
// #nosec G115 chainID always positive
ChainId: math.NewHexOrDecimal256(int64(chainID)),
VerifyingContract: "cosmos",
Salt: "0",
Expand Down
9 changes: 7 additions & 2 deletions indexer/kv_indexer.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,10 @@ func (kv *KVIndexer) IndexBlock(block *tmtypes.Block, txResults []*abci.Response
txHash := common.HexToHash(ethMsg.Hash)

txResult := ethermint.TxResult{
Height: height,
TxIndex: uint32(txIndex),
Height: height,
// #nosec G115 index always positive
TxIndex: uint32(txIndex),

Check failure

Code scanning / gosec

Potential integer overflow by integer type conversion Error

Potential integer overflow by integer type conversion
// #nosec G115 index always positive
MsgIndex: uint32(msgIndex),
EthTxIndex: ethTxIndex,
}
Expand Down Expand Up @@ -180,7 +182,9 @@ func TxHashKey(hash common.Hash) []byte {

// TxIndexKey returns the key for db entry: `(block number, tx index) -> tx hash`
func TxIndexKey(blockNumber int64, txIndex int32) []byte {
// #nosec G115 block number always positive
bz1 := sdk.Uint64ToBigEndian(uint64(blockNumber))
// #nosec G115 index always positive
bz2 := sdk.Uint64ToBigEndian(uint64(txIndex))
return append(append([]byte{KeyPrefixTxIndex}, bz1...), bz2...)
}
Expand Down Expand Up @@ -241,5 +245,6 @@ func parseBlockNumberFromKey(key []byte) (int64, error) {
return 0, fmt.Errorf("wrong tx index key length, expect: %d, got: %d", TxIndexKeyLength, len(key))
}

// #nosec G115 block number always in range
return int64(sdk.BigEndianToUint64(key[1:9])), nil
}
2 changes: 2 additions & 0 deletions rpc/backend/account_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ func (b *Backend) GetProof(address common.Address, storageKeys []string, blockNr
return nil, fmt.Errorf("not able to query block number greater than MaxInt64")
}

// #nosec G115 block number always in range
height = int64(bn)
}

Expand Down Expand Up @@ -195,6 +196,7 @@ func (b *Backend) GetTransactionCount(address common.Address, blockNum rpctypes.
return &n, err
}
height := blockNum.Int64()
// #nosec G115 block number always in range
currentHeight := int64(bn)
if height > currentHeight {
return &n, errorsmod.Wrapf(
Expand Down
4 changes: 4 additions & 0 deletions rpc/backend/blocks.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,7 @@ func (b *Backend) TendermintBlockByNumber(blockNum rpctypes.BlockNumber) (*tmrpc
if err != nil {
return nil, err
}
// #nosec G115 always in range
height = int64(n)
}
resBlock, err := b.clientCtx.Client.Block(b.ctx, &height)
Expand Down Expand Up @@ -401,7 +402,9 @@ func (b *Backend) RPCBlockFromTendermintBlock(
rpcTx, err := rpctypes.NewRPCTransaction(
tx,
common.BytesToHash(block.Hash()),
// #nosec G115 block height always positive
uint64(block.Height),
// #nosec G115 txIndex always positive
uint64(txIndex),
baseFee,
b.chainID,
Expand Down Expand Up @@ -457,6 +460,7 @@ func (b *Backend) RPCBlockFromTendermintBlock(
// block gas limit has exceeded, other txs must have failed with same reason.
break
}
// #nosec G115 gas used always positive
gasUsed += uint64(txsResult.GetGasUsed())
}

Expand Down
3 changes: 3 additions & 0 deletions rpc/backend/chain_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,9 +173,11 @@ func (b *Backend) FeeHistory(
if err != nil {
return nil, err
}
// #nosec G115 block number always in range
blockEnd = int64(blockNumber)
}

// #nosec G115 not security relevant
blocks := int64(userBlockCount)
maxBlockCount := int64(b.cfg.JSONRPC.FeeHistoryCap)
if blocks > maxBlockCount {
Expand Down Expand Up @@ -204,6 +206,7 @@ func (b *Backend) FeeHistory(

// fetch block
for blockID := blockStart; blockID <= blockEnd; blockID++ {
// #nosec G115 out of range would just result in confusing output
index := int32(blockID - blockStart)
// tendermint block
tendermintblock, err := b.TendermintBlockByNumber(rpctypes.BlockNumber(blockID))
Expand Down
4 changes: 3 additions & 1 deletion rpc/backend/node_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,10 @@ func (b *Backend) Syncing() (interface{}, error) {
}

return map[string]interface{}{
// #nosec G115 block height always positive
"startingBlock": hexutil.Uint64(status.SyncInfo.EarliestBlockHeight),
"currentBlock": hexutil.Uint64(status.SyncInfo.LatestBlockHeight),
// #nosec G115 block height always positive
"currentBlock": hexutil.Uint64(status.SyncInfo.LatestBlockHeight),
// "highestBlock": nil, // NA
// "pulledStates": nil, // NA
// "knownStates": nil, // NA
Expand Down
1 change: 1 addition & 0 deletions rpc/backend/tracing.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ func (b *Backend) TraceTransaction(hash common.Hash, config *evmtypes.TraceConfi
}

// check tx index is not out of bound
// #nosec G115 len() is always >= 0
if uint32(len(blk.Block.Txs)) < transaction.TxIndex {
b.logger.Debug("tx index out of bounds", "index", transaction.TxIndex, "hash", hash.String(), "height", blk.Block.Height)
return nil, fmt.Errorf("transaction not included in block %v", blk.Block.Height)
Expand Down
15 changes: 13 additions & 2 deletions rpc/backend/tx_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ func (b *Backend) GetTransactionByHash(txHash common.Hash) (*rpctypes.RPCTransac
msgs := b.EthMsgsFromTendermintBlock(block, blockRes)
for i := range msgs {
if msgs[i].Hash == hexTx {
// #nosec G115 block size limit prevents out of range
res.EthTxIndex = int32(i)
break
}
Expand All @@ -88,7 +89,9 @@ func (b *Backend) GetTransactionByHash(txHash common.Hash) (*rpctypes.RPCTransac
return rpctypes.NewTransactionFromMsg(
msg,
common.BytesToHash(block.BlockID.Hash.Bytes()),
// #nosec G115 height always in range
uint64(res.Height),
// #nosec G115 index always positive
uint64(res.EthTxIndex),
baseFee,
b.chainID,
Expand Down Expand Up @@ -179,6 +182,7 @@ func (b *Backend) GetTransactionReceipt(hash common.Hash) (map[string]interface{
return nil, nil
}
for _, txResult := range blockRes.TxsResults[0:res.TxIndex] {
// #nosec G115 txResult.GasUsed always positive
cumulativeGasUsed += uint64(txResult.GasUsed)
}
cumulativeGasUsed += res.CumulativeGasUsed
Expand Down Expand Up @@ -210,6 +214,7 @@ func (b *Backend) GetTransactionReceipt(hash common.Hash) (map[string]interface{
msgs := b.EthMsgsFromTendermintBlock(resBlock, blockRes)
for i := range msgs {
if msgs[i].Hash == hexTx {
// #nosec G115 block size limit prevents out of range
res.EthTxIndex = int32(i)
break
}
Expand All @@ -235,8 +240,10 @@ func (b *Backend) GetTransactionReceipt(hash common.Hash) (map[string]interface{

// Inclusion information: These fields provide information about the inclusion of the
// transaction corresponding to this receipt.
"blockHash": common.BytesToHash(resBlock.Block.Header.Hash()).Hex(),
"blockNumber": hexutil.Uint64(res.Height),
"blockHash": common.BytesToHash(resBlock.Block.Header.Hash()).Hex(),
// #nosec G115 height always positive
"blockNumber": hexutil.Uint64(res.Height),
// #nosec G115 index always positive
"transactionIndex": hexutil.Uint64(res.EthTxIndex),

// sender and receiver (contract or EOA) addreses
Expand Down Expand Up @@ -330,6 +337,7 @@ func (b *Backend) GetTxByEthHash(hash common.Hash) (*ethermint.TxResult, error)
// GetTxByTxIndex uses `/tx_query` to find transaction by tx index of valid ethereum txs
func (b *Backend) GetTxByTxIndex(height int64, index uint) (*ethermint.TxResult, error) {
if b.indexer != nil {
// #nosec G115 not security relevant
return b.indexer.GetByBlockAndIndex(height, int32(index))
}

Expand All @@ -339,6 +347,7 @@ func (b *Backend) GetTxByTxIndex(height int64, index uint) (*ethermint.TxResult,
evmtypes.AttributeKeyTxIndex, index,
)
txResult, err := b.queryTendermintTxIndexer(query, func(txs *rpctypes.ParsedTxs) *rpctypes.ParsedTx {
// #nosec G115 out of range would just result in confusing output
return txs.GetTxByTxIndex(int(index))
})
if err != nil {
Expand Down Expand Up @@ -398,6 +407,7 @@ func (b *Backend) GetTransactionByBlockAndIndex(block *tmrpctypes.ResultBlock, i
return nil, nil
}
} else {
// #nosec G115 out of range would just result in confusing output
i := int(idx)
ethMsgs := b.EthMsgsFromTendermintBlock(block, blockRes)
if i >= len(ethMsgs) {
Expand All @@ -417,6 +427,7 @@ func (b *Backend) GetTransactionByBlockAndIndex(block *tmrpctypes.ResultBlock, i
return rpctypes.NewTransactionFromMsg(
msg,
common.BytesToHash(block.Block.Hash()),
// #nosec G115 block height always in range
uint64(block.Block.Height),
uint64(idx),
baseFee,
Expand Down
1 change: 1 addition & 0 deletions rpc/backend/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ func (b *Backend) processBlock(
b.logger.Debug("failed to decode transaction in block", "height", blockHeight, "error", err.Error())
continue
}
// #nosec G115 gas used always positive
txGasUsed := uint64(eachTendermintTxResult.GasUsed)
for _, msg := range tx.GetMsgs() {
ethMsg, ok := msg.(*evmtypes.MsgEthereumTx)
Expand Down
7 changes: 7 additions & 0 deletions rpc/namespaces/ethereum/debug/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ func (a *API) BlockProfile(file string, nsec uint) error {
runtime.SetBlockProfileRate(1)
defer runtime.SetBlockProfileRate(0)

// #nosec G115 out of range would just result in confusing output
time.Sleep(time.Duration(nsec) * time.Second)
return writeProfile("block", file, a.logger)
}
Expand All @@ -134,6 +135,7 @@ func (a *API) CpuProfile(file string, nsec uint) error { //nolint: golint, style
if err := a.StartCPUProfile(file); err != nil {
return err
}
// #nosec G115 out of range would just result in confusing output
time.Sleep(time.Duration(nsec) * time.Second)
return a.StopCPUProfile()
}
Expand All @@ -153,6 +155,7 @@ func (a *API) GoTrace(file string, nsec uint) error {
if err := a.StartGoTrace(file); err != nil {
return err
}
// #nosec G115 out of range would just result in confusing output
time.Sleep(time.Duration(nsec) * time.Second)
return a.StopGoTrace()
}
Expand Down Expand Up @@ -269,6 +272,7 @@ func (a *API) WriteMemProfile(file string) error {
func (a *API) MutexProfile(file string, nsec uint) error {
a.logger.Debug("debug_mutexProfile", "file", file, "nsec", nsec)
runtime.SetMutexProfileFraction(1)
// #nosec G115 out of range would only result in confusing output
time.Sleep(time.Duration(nsec) * time.Second)
defer runtime.SetMutexProfileFraction(0)
return writeProfile("mutex", file, a.logger)
Expand Down Expand Up @@ -301,6 +305,7 @@ func (a *API) SetGCPercent(v int) int {

// GetHeaderRlp retrieves the RLP encoded for of a single header.
func (a *API) GetHeaderRlp(number uint64) (hexutil.Bytes, error) {
// #nosec G115 out of range would only result in confusing output
header, err := a.backend.HeaderByNumber(rpctypes.BlockNumber(number))
if err != nil {
return nil, err
Expand All @@ -311,6 +316,7 @@ func (a *API) GetHeaderRlp(number uint64) (hexutil.Bytes, error) {

// GetBlockRlp retrieves the RLP encoded for of a single block.
func (a *API) GetBlockRlp(number uint64) (hexutil.Bytes, error) {
// #nosec G115 out of range would only result in confusing output
block, err := a.backend.EthBlockByNumber(rpctypes.BlockNumber(number))
if err != nil {
return nil, err
Expand All @@ -321,6 +327,7 @@ func (a *API) GetBlockRlp(number uint64) (hexutil.Bytes, error) {

// PrintBlock retrieves a block and returns its pretty printed form.
func (a *API) PrintBlock(number uint64) (string, error) {
// #nosec G115 out of range would only result in confusing output
block, err := a.backend.EthBlockByNumber(rpctypes.BlockNumber(number))
if err != nil {
return "", err
Expand Down
11 changes: 9 additions & 2 deletions rpc/types/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package types

import (
"fmt"
"math"
"strconv"

abci "github.com/cometbft/cometbft/abci/types"
Expand Down Expand Up @@ -135,6 +136,7 @@ func ParseTxResult(result *abci.ResponseDeliverTx, tx sdk.Tx) (*ParsedTxs, error

// some old versions miss some events, fill it with tx result
if len(p.Txs) == 1 {
// #nosec G115 result.GasUsed always positive
p.Txs[0].GasUsed = uint64(result.GasUsed)
}

Expand Down Expand Up @@ -164,8 +166,9 @@ func ParseTxIndexerResult(txResult *tmrpctypes.ResultTx, tx sdk.Tx, getter func(
}

return &ethermint.TxResult{
Height: txResult.Height,
TxIndex: txResult.Index,
Height: txResult.Height,
TxIndex: txResult.Index,
// #nosec G115 parsedTx.MsgIndex always positive
MsgIndex: uint32(parsedTx.MsgIndex),
EthTxIndex: parsedTx.EthTxIndex,
Failed: parsedTx.Failed,
Expand Down Expand Up @@ -251,6 +254,10 @@ func fillTxAttribute(tx *ParsedTx, key []byte, value []byte) error {
if err != nil {
return err
}
if txIndex > math.MaxInt32 {
return fmt.Errorf("%s exceeds int32 range", value)
}
// #nosec G115 range checked
tx.EthTxIndex = int32(txIndex)
case evmtypes.AttributeKeyTxGasUsed:
gasUsed, err := strconv.ParseUint(string(value), 10, 64)
Expand Down
Loading

0 comments on commit b1692f5

Please sign in to comment.