Skip to content

Commit

Permalink
ci: remove duplicate gosec & lint fixes (backport #21685) (#21686)
Browse files Browse the repository at this point in the history
Co-authored-by: Julien Robert <[email protected]>
  • Loading branch information
mergify[bot] and julienrbrt authored Sep 12, 2024
1 parent 1ff55a7 commit b88a473
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 99 deletions.
45 changes: 0 additions & 45 deletions .github/workflows/gosec.yml

This file was deleted.

46 changes: 6 additions & 40 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,6 @@ issues:
- crypto/keys/secp256k1/internal/*
- types/coin_regex.go
exclude-rules:
- text: "Use of weak random number generator"
linters:
- gosec
- text: "ST1003:"
linters:
- stylecheck
Expand Down Expand Up @@ -95,44 +92,13 @@ linters-settings:
disabled: true

gosec:
# To select a subset of rules to run.
# Available rules: https://github.com/securego/gosec#available-rules
# Default: [] - means include all rules
includes:
# - G101 # Look for hard coded credentials
- G102 # Bind to all interfaces
- G103 # Audit the use of unsafe block
- G104 # Audit errors not checked
- G106 # Audit the use of ssh.InsecureIgnoreHostKey
- G107 # Url provided to HTTP request as taint input
- G108 # Profiling endpoint automatically exposed on /debug/pprof
- G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
- G110 # Potential DoS vulnerability via decompression bomb
- G111 # Potential directory traversal
- G112 # Potential slowloris attack
- G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
- G114 # Use of net/http serve function that has no support for setting timeouts
- G201 # SQL query construction using format string
- G202 # SQL query construction using string concatenation
- G203 # Use of unescaped data in HTML templates
- G204 # Audit use of command execution
- G301 # Poor file permissions used when creating a directory
- G302 # Poor file permissions used with chmod
- G303 # Creating tempfile using a predictable path
- G304 # File path provided as taint input
- G305 # File traversal when extracting zip/tar archive
- G306 # Poor file permissions used when writing to a new file
- G307 # Deferring a method which returns an error
- G401 # Detect the usage of DES, RC4, MD5 or SHA1
- G402 # Look for bad TLS connection settings
- G403 # Ensure minimum RSA key length of 2048 bits
- G404 # Insecure random number source (rand)
- G501 # Import blocklist: crypto/md5
- G502 # Import blocklist: crypto/des
- G503 # Import blocklist: crypto/rc4
- G504 # Import blocklist: net/http/cgi
- G505 # Import blocklist: crypto/sha1
- G601 # Implicit memory aliasing of items from a range statement
excludes:
- G101 # Potential hardcoded credentials
- G107 # Potential HTTP request made with variable url
- G404 # Use of weak random number generator (math/rand instead of crypto/rand)
exclude-generated: true
confidence: medium
misspell:
locale: US
gofumpt:
Expand Down
7 changes: 5 additions & 2 deletions server/v2/cometbft/abci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -575,7 +575,7 @@ func TestConsensus_Query(t *testing.T) {
c := setUpConsensus(t, 100_000, cometmock.MockMempool[mock.Tx]{})

// Write data to state storage
c.store.GetStateStorage().ApplyChangeset(1, &store.Changeset{
err := c.store.GetStateStorage().ApplyChangeset(1, &store.Changeset{
Changes: []store.StateChanges{
{
Actor: actorName,
Expand All @@ -589,8 +589,9 @@ func TestConsensus_Query(t *testing.T) {
},
},
})
require.NoError(t, err)

_, err := c.InitChain(context.Background(), &abciproto.InitChainRequest{
_, err = c.InitChain(context.Background(), &abciproto.InitChainRequest{
Time: time.Now(),
ChainId: "test",
InitialHeight: 1,
Expand Down Expand Up @@ -630,6 +631,8 @@ func TestConsensus_Query(t *testing.T) {
}

func setUpConsensus(t *testing.T, gasLimit uint64, mempool mempool.Mempool[mock.Tx]) *Consensus[mock.Tx] {
t.Helper()

msgRouterBuilder := getMsgRouterBuilder(t, func(ctx context.Context, msg *gogotypes.BoolValue) (*gogotypes.BoolValue, error) {
return nil, nil
})
Expand Down
5 changes: 2 additions & 3 deletions server/v2/cometbft/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,6 @@ import (
"strconv"
"strings"

"github.com/spf13/cobra"
"sigs.k8s.io/yaml"

cmtcfg "github.com/cometbft/cometbft/config"
cmtjson "github.com/cometbft/cometbft/libs/json"
"github.com/cometbft/cometbft/node"
Expand All @@ -18,6 +15,8 @@ import (
rpchttp "github.com/cometbft/cometbft/rpc/client/http"
cmtversion "github.com/cometbft/cometbft/version"
gogoproto "github.com/cosmos/gogoproto/proto"
"github.com/spf13/cobra"
"sigs.k8s.io/yaml"

"cosmossdk.io/server/v2/cometbft/client/rpc"

Expand Down
19 changes: 12 additions & 7 deletions server/v2/cometbft/internal/mock/mock_store.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,17 +91,22 @@ func (s *MockStore) GetStateCommitment() storev2.Committer {
return s.Committer
}

type Result struct {
key []byte
value []byte
version uint64
proofOps []proof.CommitmentOp
}

func (s *MockStore) Query(storeKey []byte, version uint64, key []byte, prove bool) (storev2.QueryResult, error) {
state, err := s.StateAt(version)
if err != nil {
return storev2.QueryResult{}, err
}

reader, err := state.GetReader(storeKey)
if err != nil {
return storev2.QueryResult{}, err
}

value, err := reader.Get(key)
if err != nil {
return storev2.QueryResult{}, err
}

res := storev2.QueryResult{
Key: key,
Value: value,
Expand Down
4 changes: 2 additions & 2 deletions testutil/rest.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func GetRequestWithHeaders(url string, headers map[string]string) ([]byte, error
// GetRequest defines a wrapper around an HTTP GET request with a provided URL.
// An error is returned if the request or reading the body fails.
func GetRequest(url string) ([]byte, error) {
res, err := http.Get(url) //nolint:gosec // only used for testing
res, err := http.Get(url)
if err != nil {
return nil, err
}
Expand All @@ -61,7 +61,7 @@ func GetRequest(url string) ([]byte, error) {
// PostRequest defines a wrapper around an HTTP POST request with a provided URL and data.
// An error is returned if the request or reading the body fails.
func PostRequest(url, contentType string, data []byte) ([]byte, error) {
res, err := http.Post(url, contentType, bytes.NewBuffer(data)) //nolint:gosec // only used for testing
res, err := http.Post(url, contentType, bytes.NewBuffer(data))
if err != nil {
return nil, fmt.Errorf("error while sending post request: %w", err)
}
Expand Down

0 comments on commit b88a473

Please sign in to comment.