Add Security Linter: gosec (#343)

2026-01-10 07:58:22 -05:00 · 2018-07-28 20:44:24 -04:00
parent 9ab02849b6
commit 9cf375267e
12 changed files with 80 additions and 28 deletions
--- a/.gometalinter.json
+++ b/.gometalinter.json
@@ -6,6 +6,7 @@
    "goimports",
    "nakedret",
    "unparam",
-    "megacheck"
+    "megacheck",
+    "gosec"
  ]
 }
--- a/beacon-chain/node/node.go
+++ b/beacon-chain/node/node.go
@@ -161,10 +161,14 @@ func (b *BeaconNode) registerPOWChainService() error {

 func (b *BeaconNode) registerSyncService() error {
 	var chainService *blockchain.ChainService
-	b.services.FetchService(&chainService)
+	if err := b.services.FetchService(&chainService); err != nil {
+		return err
+	}

 	var p2pService *p2p.Server
-	b.services.FetchService(&p2pService)
+	if err := b.services.FetchService(&p2pService); err != nil {
+		return err
+	}

 	syncService := rbcsync.NewSyncService(context.Background(), rbcsync.DefaultConfig(), p2pService, chainService)
 	return b.services.RegisterService(syncService)
--- a/beacon-chain/sync/service.go
+++ b/beacon-chain/sync/service.go
@@ -102,8 +102,7 @@ func (ss *Service) ReceiveBlock(data *pb.BeaconBlockResponse) error {
 	ss.p2p.Broadcast(&pb.BeaconBlockHashAnnounce{
 		Hash: h[:],
 	})
-	ss.chainService.ProcessBlock(block)
-	return nil
+	return ss.chainService.ProcessBlock(block)
 }

 func (ss *Service) run(done <-chan struct{}) {
--- a/client/proposer/proposer.go
+++ b/client/proposer/proposer.go
@@ -2,6 +2,7 @@ package proposer

 import (
 	"context"
+	"errors"
 	"fmt"
 	"math/big"

@@ -66,8 +67,12 @@ func createCollation(caller mainchain.ContractCaller, account *accounts.Account,
 	}

 	// check with SMC to see if we can add the header.
-	if a, _ := checkHeaderAdded(caller, shardID, period); !a {
-		return nil, fmt.Errorf("can't create collation, collation with same period has already been added")
+	a, err := checkHeaderAdded(caller, shardID, period)
+	if err != nil {
+		return nil, err
+	}
+	if !a {
+		return nil, errors.New("can't create collation, collation with same period has already been added")
 	}

 	// serialized tx to blob for collation body.
--- a/client/proposer/service.go
+++ b/client/proposer/service.go
@@ -179,7 +179,9 @@ func (p *Proposer) createCollation(ctx context.Context, txs []*gethTypes.Transac
 		return err
 	}
 	if canAdd {
-		AddHeader(p.client, p.client, collation)
+		if err := AddHeader(p.client, p.client, collation); err != nil {
+			return err
+		}
 	}

 	return nil
--- a/client/simulator/service.go
+++ b/client/simulator/service.go
@@ -119,7 +119,11 @@ func (s *Simulator) broadcastTransactions(delayChan <-chan time.Time, done <-cha
 // it is used for broadcastTransactions.
 func createTestTx() *pb.Transaction {
 	data := make([]byte, 1024)
-	rand.Read(data)
+
+	if _, err := rand.Read(data); err != nil {
+		log.Errorf("Failed to randomize data: %v", err)
+	}
+
 	// TODO: add more fields.
 	return &pb.Transaction{
 		Nonce: mrand.Uint64(),
--- a/client/types/collation.go
+++ b/client/types/collation.go
@@ -64,7 +64,11 @@ func NewCollationHeader(shardID *big.Int, chunkRoot *common.Hash, period *big.In
 // Hash takes the keccak256 of the collation header's data contents.
 func (h *CollationHeader) Hash() (hash common.Hash) {
 	hw := sha3.NewKeccak256()
-	rlp.Encode(hw, h.data)
+
+	if err := rlp.Encode(hw, h.data); err != nil {
+		log.Errorf("Failed to RLP encode data: %v", err)
+	}
+
 	hw.Sum(hash[:0])
 	return hash
 }
@@ -214,6 +218,9 @@ func (ch Chunks) Len() int { return len(ch) }

 // GetRlp returns the RLP encoding of one chunk from the list.
 func (ch Chunks) GetRlp(i int) []byte {
-	bytes, _ := rlp.EncodeToBytes(ch[i])
+	bytes, err := rlp.EncodeToBytes(ch[i])
+	if err != nil {
+		log.Errorf("Unable to RLP encode to bytes: %v", err)
+	}
 	return bytes
 }
--- a/client/types/shard.go
+++ b/client/types/shard.go
@@ -199,7 +199,9 @@ func (s *Shard) SaveBody(body []byte) error {
 	}
 	chunks := Chunks(body)                   // wrapper allowing us to merklizing the chunks.
 	chunkRoot := gethTypes.DeriveSha(chunks) // merklize the serialized blobs.
-	s.SetAvailability(&chunkRoot, true)
+	if err := s.SetAvailability(&chunkRoot, true); err != nil {
+		return err
+	}
 	return s.shardDB.Put(chunkRoot.Bytes(), body)
 }

--- a/contracts/deployVRC/deployVRC.go
+++ b/contracts/deployVRC/deployVRC.go
@@ -94,6 +94,7 @@ func main() {

 			// User inputs keystore json file, sign tx with keystore json
 		} else {
+			// #nosec - Inclusion of file via variable is OK for this tool.
 			file, err := os.Open(passwordFile)
 			if err != nil {
 				log.Fatal(err)
@@ -104,7 +105,11 @@ func main() {
 			scanner.Scan()
 			password := scanner.Text()

-			keyJSON, _ := ioutil.ReadFile(keystoreUTCPath)
+			// #nosec - Inclusion of file via variable is OK for this tool.
+			keyJSON, err := ioutil.ReadFile(keystoreUTCPath)
+			if err != nil {
+				log.Fatal(err)
+			}
 			privKey, err := keystore.DecryptKey(keyJSON, password)
 			if err != nil {
 				log.Fatal(err)
--- a/shared/debug/debug.go
+++ b/shared/debug/debug.go
@@ -104,8 +104,7 @@ func (h *HandlerT) CPUProfile(file string, nsec uint) error {
 		return err
 	}
 	time.Sleep(time.Duration(nsec) * time.Second)
-	h.StopCPUProfile()
-	return nil
+	return h.StopCPUProfile()
 }

 // StartCPUProfile turns on CPU profiling, writing to the given file.
@@ -120,7 +119,9 @@ func (h *HandlerT) StartCPUProfile(file string) error {
 		return err
 	}
 	if err := pprof.StartCPUProfile(f); err != nil {
-		f.Close()
+		if err := f.Close(); err != nil {
+			log.Errorf("Failed to close file: %v", err)
+		}
 		return err
 	}
 	h.cpuW = f
@@ -138,7 +139,9 @@ func (h *HandlerT) StopCPUProfile() error {
 		return errors.New("CPU profiling not in progress")
 	}
 	log.Info("Done writing CPU profile", "dump", h.cpuFile)
-	h.cpuW.Close()
+	if err := h.cpuW.Close(); err != nil {
+		return err
+	}
 	h.cpuW = nil
 	h.cpuFile = ""
 	return nil
@@ -151,8 +154,7 @@ func (h *HandlerT) GoTrace(file string, nsec uint) error {
 		return err
 	}
 	time.Sleep(time.Duration(nsec) * time.Second)
-	h.StopGoTrace()
-	return nil
+	return h.StopGoTrace()
 }

 // StartGoTrace turns on tracing, writing to the given file.
@@ -167,7 +169,9 @@ func (h *HandlerT) StartGoTrace(file string) error {
 		return err
 	}
 	if err := trace.Start(f); err != nil {
-		f.Close()
+		if err := f.Close(); err != nil {
+			log.Errorf("Failed to close file: %v", err)
+		}
 		return err
 	}
 	h.traceW = f
@@ -185,7 +189,9 @@ func (h *HandlerT) StopGoTrace() error {
 		return errors.New("trace not in progress")
 	}
 	log.Info("Done writing Go trace", "dump", h.traceFile)
-	h.traceW.Close()
+	if err := h.traceW.Close(); err != nil {
+		return err
+	}
 	h.traceW = nil
 	h.traceFile = ""
 	return nil
@@ -242,7 +248,9 @@ func (*HandlerT) WriteMemProfile(file string) error {
 // Stacks returns a printed representation of the stacks of all goroutines.
 func (*HandlerT) Stacks() string {
 	buf := new(bytes.Buffer)
-	pprof.Lookup("goroutine").WriteTo(buf, 2)
+	if err := pprof.Lookup("goroutine").WriteTo(buf, 2); err != nil {
+		log.Errorf("Failed to write pprof goroutine stacks: %v", err)
+	}
 	return buf.String()
 }

@@ -302,7 +310,9 @@ func MigrateFlags(action func(ctx *cli.Context) error) func(*cli.Context) error
 	return func(ctx *cli.Context) error {
 		for _, name := range ctx.FlagNames() {
 			if ctx.IsSet(name) {
-				ctx.GlobalSet(name, ctx.String(name))
+				if err := ctx.GlobalSet(name, ctx.String(name)); err != nil {
+					return err
+				}
 			}
 		}
 		return action(ctx)
@@ -351,6 +361,10 @@ func StartPProf(address string) {
 // Exit stops all running profiles, flushing their output to the
 // respective file.
 func Exit() {
-	Handler.StopCPUProfile()
-	Handler.StopGoTrace()
+	if err := Handler.StopCPUProfile(); err != nil {
+		log.Errorf("Failed to stop CPU profiling: %v", err)
+	}
+	if err := Handler.StopGoTrace(); err != nil {
+		log.Errorf("Failed to stop go tracing: %v", err)
+	}
 }
--- a/shared/p2p/options.go
+++ b/shared/p2p/options.go
@@ -19,8 +19,15 @@ var portRange int32 = 100
 // identity.
 func buildOptions() []libp2p.Option {
 	rand.Seed(int64(time.Now().Nanosecond()))
-	priv, _, _ := crypto.GenerateKeyPair(crypto.Secp256k1, 512)
-	listen, _ := ma.NewMultiaddr(fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", port+(rand.Int31n(portRange))))
+	priv, _, err := crypto.GenerateKeyPair(crypto.Secp256k1, 512)
+	if err != nil {
+		log.Errorf("Failed to generate crypto key pair: %v", err)
+	}
+
+	listen, err := ma.NewMultiaddr(fmt.Sprintf("/ip4/127.0.0.1/tcp/%d", port+(rand.Int31n(portRange))))
+	if err != nil {
+		log.Errorf("Failed to p2p listen: %v", err)
+	}

 	return []libp2p.Option{
 		libp2p.ListenAddrs(listen),
--- a/shared/p2p/service.go
+++ b/shared/p2p/service.go
@@ -133,7 +133,9 @@ func (s *Server) Broadcast(msg interface{}) {
 		log.Errorf("Failed to marshal data for broadcast: %v", err)
 		return
 	}
-	s.gsub.Publish(topic.String(), b)
+	if err := s.gsub.Publish(topic.String(), b); err != nil {
+		log.Errorf("Failed to publish to gossipsub topic: %v", err)
+	}
 }

 func (s *Server) subscribeToTopic(topic pb.Topic, msgType reflect.Type) {