From dc1d49eb040bc153e9e7dfdafa899292ae07f860 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Mar 2024 10:14:01 +0900 Subject: [PATCH 1/6] chore(deps): Bump golangci/golangci-lint-action from 3 to 4 (#1231) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index df74a2d0d2..579a3f9e36 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -27,7 +27,7 @@ jobs: **/**.go go.mod go.sum - - uses: golangci/golangci-lint-action@v3 + - uses: golangci/golangci-lint-action@v4 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.55 From d9f1133a71d8de4bf0b26de132fe968d5a29b13c Mon Sep 17 00:00:00 2001 From: Jayden Lee <41176085+tkxkd0159@users.noreply.github.com> Date: Fri, 15 Mar 2024 17:07:53 +0900 Subject: [PATCH 2/6] fix(x/auth): ensure nil .BaseAccounts are reported in ModuleAccount.Validate (#1274) --- CHANGELOG.md | 1 + x/auth/types/account.go | 4 ++++ x/auth/types/account_test.go | 7 ++++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c5c5569f4..5ac04e13c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -53,6 +53,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Bug Fixes * chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue * (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint +* (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. ### Removed diff --git a/x/auth/types/account.go b/x/auth/types/account.go index 52813e9999..d770f0dfaa 100644 --- a/x/auth/types/account.go +++ b/x/auth/types/account.go @@ -225,6 +225,10 @@ func (ma ModuleAccount) Validate() error { return errors.New("module account name cannot be blank") } + if ma.BaseAccount == nil { + return errors.New("uninitialized ModuleAccount: BaseAccount is nil") + } + if ma.Address != sdk.AccAddress(crypto.AddressHash([]byte(ma.Name))).String() { return fmt.Errorf("address %s cannot be derived from the module name '%s'", ma.Address, ma.Name) } diff --git a/x/auth/types/account_test.go b/x/auth/types/account_test.go index 0aed16c51c..a90a633051 100644 --- a/x/auth/types/account_test.go +++ b/x/auth/types/account_test.go @@ -7,7 +7,7 @@ import ( "testing" "github.com/stretchr/testify/require" - yaml "gopkg.in/yaml.v2" + "gopkg.in/yaml.v2" "github.com/Finschia/finschia-sdk/crypto/keys/secp256k1" "github.com/Finschia/finschia-sdk/testutil/testdata" @@ -207,3 +207,8 @@ func TestGenesisAccountsContains(t *testing.T) { genAccounts = append(genAccounts, acc) require.True(t, genAccounts.Contains(acc.GetAddress())) } + +func TestModuleAccountValidateNilBaseAccount(t *testing.T) { + ma := &types.ModuleAccount{Name: "foo"} + _ = ma.Validate() +} From 47a5e9fec430428b559a7c7ba7ec5e43774f7197 Mon Sep 17 00:00:00 2001 From: jaeseung-bae <119839167+jaeseung-bae@users.noreply.github.com> Date: Fri, 15 Mar 2024 18:12:33 +0900 Subject: [PATCH 3/6] fix: add non-zero check of nextTokenID.Id for genesis (#1276) * fix: add non-zero check of nextTokenID.Id for genesis * chore: add testcase * chore: update changelog * chore: move validation logic to validate function * chore: add testcase --- CHANGELOG.md | 1 + x/collection/genesis.go | 7 +++++-- x/collection/genesis_test.go | 11 +++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ac04e13c8..ae00fbdc8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,6 +54,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue * (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint * (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. +* (x/collection) [\#1276](https://github.com/Finschia/finschia-sdk/pull/1276) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis ### Removed diff --git a/x/collection/genesis.go b/x/collection/genesis.go index ac08c34fe0..028101b3f7 100644 --- a/x/collection/genesis.go +++ b/x/collection/genesis.go @@ -64,8 +64,11 @@ func ValidateGenesis(data GenesisState) error { if len(contractNextTokenIDs.TokenIds) == 0 { return sdkerrors.ErrInvalidRequest.Wrap("next token ids cannot be empty") } - for _, nextTokenIDs := range contractNextTokenIDs.TokenIds { - if err := ValidateClassID(nextTokenIDs.ClassId); err != nil { + for _, nextTokenID := range contractNextTokenIDs.TokenIds { + if nextTokenID.Id.IsZero() { + return sdkerrors.ErrInvalidRequest.Wrap("nextTokenID.Id is not supposed to be zero") + } + if err := ValidateClassID(nextTokenID.ClassId); err != nil { return err } } diff --git a/x/collection/genesis_test.go b/x/collection/genesis_test.go index d4c7d0a7c1..4fcc543541 100644 --- a/x/collection/genesis_test.go +++ b/x/collection/genesis_test.go @@ -445,6 +445,17 @@ func TestValidateGenesis(t *testing.T) { }, false, }, + "should throw error when next token id is zero in genesis": { + &collection.GenesisState{ + Params: collection.Params{}, + NextTokenIds: []collection.ContractNextTokenIDs{ + {ContractId: "deadbeef", TokenIds: []collection.NextTokenID{ + {ClassId: "deadbeef", Id: sdk.NewUint(0)}, + }}, + }, + }, + false, + }, } for name, tc := range testCases { From 089aff838cfbde80e454d7329fe947e85fbcfdd6 Mon Sep 17 00:00:00 2001 From: jaeseung-bae <119839167+jaeseung-bae@users.noreply.github.com> Date: Sun, 17 Mar 2024 12:46:12 +0900 Subject: [PATCH 4/6] fix: add init logic of module accounts just in case (#1277) * fix: add init logic of module accounts just in case * chore: update changelog * chore: check if module account successfully created * chore: fix lint * chore: add test * chore: fix test --- CHANGELOG.md | 1 + baseapp/block_gas_test.go | 2 +- x/foundation/keeper/internal/genesis.go | 9 +++ x/foundation/keeper/internal/genesis_test.go | 58 ++++++++++++++++++++ 4 files changed, 69 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae00fbdc8d..b35b7835a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -55,6 +55,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/auth, x/slashing) [\#1179](https://github.com/Finschia/finschia-sdk/pull/1179) modify missing changes of converting to tendermint * (x/auth) [#1274](https://github.com/Finschia/finschia-sdk/pull/1274) `ModuleAccount.Validate` now reports a nil `.BaseAccount` instead of panicking. * (x/collection) [\#1276](https://github.com/Finschia/finschia-sdk/pull/1276) eliminates potential risk for Insufficient Sanity Check of tokenID in Genesis +* (x/foundation) [\#1277](https://github.com/Finschia/finschia-sdk/pull/1277) add init logic of foundation module accounts to InitGenesis in order to eliminate potential panic ### Removed diff --git a/baseapp/block_gas_test.go b/baseapp/block_gas_test.go index c831fb21ba..933dde385a 100644 --- a/baseapp/block_gas_test.go +++ b/baseapp/block_gas_test.go @@ -100,7 +100,7 @@ func TestBaseApp_BlockGas(t *testing.T) { txBuilder.SetFeeAmount(feeAmount) txBuilder.SetGasLimit(txtypes.MaxGasWanted) // tx validation checks that gasLimit can't be bigger than this - privs, accNums, accSeqs := []cryptotypes.PrivKey{priv1}, []uint64{6}, []uint64{0} + privs, accNums, accSeqs := []cryptotypes.PrivKey{priv1}, []uint64{8}, []uint64{0} _, txBytes, err := createTestTx(encCfg.TxConfig, txBuilder, privs, accNums, accSeqs, ctx.ChainID()) require.NoError(t, err) diff --git a/x/foundation/keeper/internal/genesis.go b/x/foundation/keeper/internal/genesis.go index a88d6fa6a6..b5320033f6 100644 --- a/x/foundation/keeper/internal/genesis.go +++ b/x/foundation/keeper/internal/genesis.go @@ -1,6 +1,8 @@ package internal import ( + "fmt" + sdk "github.com/Finschia/finschia-sdk/types" "github.com/Finschia/finschia-sdk/x/foundation" ) @@ -48,6 +50,13 @@ func (k Keeper) InitGenesis(ctx sdk.Context, data *foundation.GenesisState) erro k.SetPool(ctx, data.Pool) + // init module accounts just in case + if acc := k.authKeeper.GetModuleAccount(ctx, foundation.ModuleName); acc == nil { + panic(fmt.Sprintf("failed to create module account=%s", foundation.ModuleName)) + } + if acc := k.authKeeper.GetModuleAccount(ctx, foundation.TreasuryName); acc == nil { + panic(fmt.Sprintf("failed to create module account=%s", foundation.TreasuryName)) + } return nil } diff --git a/x/foundation/keeper/internal/genesis_test.go b/x/foundation/keeper/internal/genesis_test.go index 81d34636f3..fb7149c93f 100644 --- a/x/foundation/keeper/internal/genesis_test.go +++ b/x/foundation/keeper/internal/genesis_test.go @@ -4,6 +4,7 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" tmproto "github.com/tendermint/tendermint/proto/tendermint/types" @@ -11,7 +12,9 @@ import ( "github.com/Finschia/finschia-sdk/simapp" "github.com/Finschia/finschia-sdk/testutil/testdata" sdk "github.com/Finschia/finschia-sdk/types" + authtypes "github.com/Finschia/finschia-sdk/x/auth/types" "github.com/Finschia/finschia-sdk/x/foundation" + "github.com/Finschia/finschia-sdk/x/foundation/keeper/internal" ) func workingPolicy() foundation.DecisionPolicy { @@ -285,3 +288,58 @@ func TestImportExportGenesis(t *testing.T) { require.Equal(t, tc.export, actual, name) } } + +func TestShouldPanicWhenFailToGenerateFoundationModuleAccountInInitGenesis(t *testing.T) { + checkTx := false + app := simapp.Setup(checkTx) + testdata.RegisterInterfaces(app.InterfaceRegistry()) + testdata.RegisterMsgServer(app.MsgServiceRouter(), testdata.MsgServerImpl{}) + gs := &foundation.GenesisState{ + Params: foundation.DefaultParams(), + Foundation: foundation.DefaultFoundation(), + } + ctx := app.BaseApp.NewContext(checkTx, tmproto.Header{}) + + testCases := map[string]struct { + mockAccKeeper *stubAccKeeper + }{ + "failed to generate module account=" + foundation.ModuleName: { + mockAccKeeper: &stubAccKeeper{nameToFail: foundation.ModuleName}, + }, + "failed to generate module account=" + foundation.TreasuryName: { + mockAccKeeper: &stubAccKeeper{nameToFail: foundation.TreasuryName}, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + assert.Panics(t, func() { + k := internal.NewKeeper( + app.AppCodec(), + app.GetKey(foundation.ModuleName), + app.MsgServiceRouter(), + tc.mockAccKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + foundation.DefaultConfig(), + foundation.DefaultAuthority().String(), + app.GetSubspace(foundation.ModuleName), + ) + + _ = k.InitGenesis(ctx, gs) + assert.FailNow(t, "not supposed to reach here, should panic before") + }) + }) + } +} + +type stubAccKeeper struct { + nameToFail string +} + +func (s *stubAccKeeper) GetModuleAccount(_ sdk.Context, name string) authtypes.ModuleAccountI { + if s.nameToFail == name { + return nil + } + return authtypes.NewEmptyModuleAccount("dontcare") +} From 4fffc23b70aeab29271e52097332c5e022ec19be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 02:20:53 +0000 Subject: [PATCH 5/6] chore(deps): Bump codecov/codecov-action from 3.1.5 to 4.1.0 (#1256) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.1.0.
Release notes

Sourced from codecov/codecov-action's releases.

v4.1.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.2...v4.1.0

v4.0.2

What's Changed

New Contributors

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.1...v4.0.2

v4.0.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.0.0...v4.0.1

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

  • The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.
  • Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.5&new-version=4.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 99d5adac12..5adbc8afa6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -187,7 +187,7 @@ jobs: sed -i.bak "/$(echo $filename | sed 's/\//\\\//g')/d" coverage.txt done if: env.GIT_DIFF - - uses: codecov/codecov-action@v3.1.5 + - uses: codecov/codecov-action@v4.1.0 with: token: ${{ secrets.CODECOV_TOKEN }} file: ./coverage.txt From 5636259743ba74fc4bf4d702a98d4387895bc9b5 Mon Sep 17 00:00:00 2001 From: Shogo Hyodo Date: Tue, 19 Mar 2024 11:34:24 +0900 Subject: [PATCH 6/6] fix: add nft id validation to MsgSendNFT (#1287) * add nft id validation * Update CHANGELOG --- CHANGELOG.md | 1 + x/collection/msgs.go | 2 +- x/collection/msgs_test.go | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b35b7835a2..d14bde6448 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ Ref: https://keepachangelog.com/en/1.0.0/ * (x/crisis) [#1167](https://github.com/Finschia/finschia-sdk/pull/1167) Use `CacheContext()` in `AssertInvariants()` * (chore) [\#1168](https://github.com/Finschia/finschia-sdk/pull/1168) Replace `ExactArgs(0)` with `NoArgs()` in `x/upgrade` module * (server) [\#1175](https://github.com/Finschia/finschia-sdk/pull/1175) Use go embed for swagger +* (x/collection) [\#1287](https://github.com/Finschia/finschia-sdk/pull/1287) add nft id validation to MsgSendNFT ### Bug Fixes * chore(deps) [\#1141](https://github.com/Finschia/finschia-sdk/pull/1141) Bump github.com/cosmos/ledger-cosmos-go from 0.12.2 to 0.13.2 to fix ledger signing issue diff --git a/x/collection/msgs.go b/x/collection/msgs.go index 71f3c2ec9e..4c416335f0 100644 --- a/x/collection/msgs.go +++ b/x/collection/msgs.go @@ -340,7 +340,7 @@ func (m MsgSendNFT) ValidateBasic() error { return ErrEmptyField.Wrap("token ids cannot be empty") } for _, id := range m.TokenIds { - if err := ValidateTokenID(id); err != nil { + if err := ValidateNFTID(id); err != nil { return err } } diff --git a/x/collection/msgs_test.go b/x/collection/msgs_test.go index 9f8ebba60d..236629d1ab 100644 --- a/x/collection/msgs_test.go +++ b/x/collection/msgs_test.go @@ -259,6 +259,13 @@ func TestMsgSendNFT(t *testing.T) { ids: []string{""}, err: collection.ErrInvalidTokenID, }, + "FT ids": { + contractID: "deadbeef", + from: addrs[0], + to: addrs[1], + ids: []string{collection.NewFTID("deadbeef")}, + err: sdkerrors.ErrInvalidRequest.Wrapf("invalid id: %s", collection.NewFTID("deadbeef")), + }, } for name, tc := range testCases {