mirror of
https://github.com/OffchainLabs/prysm.git
synced 2026-01-09 15:37:56 -05:00
2fd6bd8150
* Ran gopls modernize to fix everything go run golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize@latest -fix -test ./... * Override rules_go provided dependency for golang.org/x/tools to v0.38.0. To update this, checked out rules_go, then ran `bazel run //go/tools/releaser -- upgrade-dep -mirror=false org_golang_x_tools` and copied the patches. * Fix buildtag violations and ignore buildtag violations in external * Introduce modernize analyzer package. * Add modernize "any" analyzer. * Fix violations of any analyzer * Add modernize "appendclipped" analyzer. * Fix violations of appendclipped * Add modernize "bloop" analyzer. * Add modernize "fmtappendf" analyzer. * Add modernize "forvar" analyzer. * Add modernize "mapsloop" analyzer. * Add modernize "minmax" analyzer. * Fix violations of minmax analyzer * Add modernize "omitzero" analyzer. * Add modernize "rangeint" analyzer. * Fix violations of rangeint. * Add modernize "reflecttypefor" analyzer. * Fix violations of reflecttypefor analyzer. * Add modernize "slicescontains" analyzer. * Add modernize "slicessort" analyzer. * Add modernize "slicesdelete" analyzer. This is disabled by default for now. See https://go.dev/issue/73686. * Add modernize "stringscutprefix" analyzer. * Add modernize "stringsbuilder" analyzer. * Fix violations of stringsbuilder analyzer. * Add modernize "stringsseq" analyzer. * Add modernize "testingcontext" analyzer. * Add modernize "waitgroup" analyzer. * Changelog fragment * gofmt * gazelle * Add modernize "newexpr" analyzer. * Disable newexpr until go1.26 * Add more details in WORKSPACE on how to update the override * @nalepae feedback on min() * gofmt * Fix violations of forvar
84 lines
2.3 KiB
Go
84 lines
2.3 KiB
Go
// Package cryptorand implements a static analyzer to ensure that the crypto/rand package is used
|
|
// for randomness throughout the codebase.
|
|
package cryptorand
|
|
|
|
import (
|
|
"errors"
|
|
"go/ast"
|
|
"strings"
|
|
|
|
"golang.org/x/tools/go/analysis"
|
|
"golang.org/x/tools/go/analysis/passes/inspect"
|
|
"golang.org/x/tools/go/ast/inspector"
|
|
)
|
|
|
|
// Doc explaining the tool.
|
|
const Doc = "Tool to enforce the use of stronger crypto: crypto/rand instead of math/rand"
|
|
|
|
var errWeakCrypto = errors.New("crypto-secure RNGs are required, use CSPRNG or PRNG defined in github.com/prysmaticlabs/prysm/crypto/rand")
|
|
|
|
// Analyzer runs static analysis.
|
|
var Analyzer = &analysis.Analyzer{
|
|
Name: "cryptorand",
|
|
Doc: Doc,
|
|
Requires: []*analysis.Analyzer{inspect.Analyzer},
|
|
Run: run,
|
|
}
|
|
|
|
func run(pass *analysis.Pass) (any, error) {
|
|
inspection, ok := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
|
|
if !ok {
|
|
return nil, errors.New("analyzer is not type *inspector.Inspector")
|
|
}
|
|
|
|
nodeFilter := []ast.Node{
|
|
(*ast.File)(nil),
|
|
(*ast.ImportSpec)(nil),
|
|
(*ast.CallExpr)(nil),
|
|
}
|
|
|
|
aliases := make(map[string]string)
|
|
disallowedFns := []string{"NewSource", "New", "Seed", "Int63", "Uint32", "Uint64", "Int31", "Int",
|
|
"Int63n", "Int31n", "Intn", "Float64", "Float32", "Perm", "Shuffle", "Read"}
|
|
|
|
inspection.Preorder(nodeFilter, func(node ast.Node) {
|
|
switch stmt := node.(type) {
|
|
case *ast.File:
|
|
// Reset aliases (per file).
|
|
aliases = make(map[string]string)
|
|
case *ast.ImportSpec:
|
|
// Collect aliases to rand packages.
|
|
pkg := stmt.Path.Value
|
|
if strings.HasSuffix(pkg, "/rand\"") && !strings.Contains(pkg, "/prysm/crypto/rand") {
|
|
if stmt.Name != nil {
|
|
aliases[stmt.Name.Name] = stmt.Path.Value
|
|
} else {
|
|
aliases["rand"] = stmt.Path.Value
|
|
}
|
|
}
|
|
case *ast.CallExpr:
|
|
// Check if any of disallowed functions have been used.
|
|
for pkg, path := range aliases {
|
|
for _, fn := range disallowedFns {
|
|
if isPkgDot(stmt.Fun, pkg, fn) {
|
|
pass.Reportf(node.Pos(),
|
|
"%s: %s.%s() (from %s)", errWeakCrypto.Error(), pkg, fn, path)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
})
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
func isPkgDot(expr ast.Expr, pkg, name string) bool {
|
|
sel, ok := expr.(*ast.SelectorExpr)
|
|
return ok && isIdent(sel.X, pkg) && isIdent(sel.Sel, name)
|
|
}
|
|
|
|
func isIdent(expr ast.Expr, ident string) bool {
|
|
id, ok := expr.(*ast.Ident)
|
|
return ok && id.Name == ident
|
|
}
|