Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add gosec checker #69

Merged
merged 2 commits into from
Feb 21, 2023
Merged

ci: add gosec checker #69

merged 2 commits into from
Feb 21, 2023

Conversation

j75689
Copy link
Contributor

@j75689 j75689 commented Feb 20, 2023

Description

  1. add ci job to check codes by gosec
  2. fix some issues above medium in the gosec report

Rationale

gosec -quiet -severity medium -confidence medium ./...
Results:


[/Users/dylan.huang/git/bfs/e2e/core/utils.go:23] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
    22: func GenRandomAddr() sdk.AccAddress {
  > 23:         return sdk.AccAddress(crypto.AddressHash([]byte(fmt.Sprintf("%d", rand.Int()))))
    24: }



[/Users/dylan.huang/git/bfs/x/storage/client/cli/tx.go:232] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    231:                        // read file
  > 232:                        f, err := os.OpenFile(argObjectPath, os.O_RDONLY, 0644)
    233:                        if err != nil {



[/Users/dylan.huang/git/bfs/e2e/core/config.go:56] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    55: func ParseMnemonicFromFile(fileName string) string {
  > 56:         file, err := os.Open(fileName)
    57:         if err != nil {



[/Users/dylan.huang/git/bfs/x/payment/keeper/storage_fee_charge.go:35] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
    34:         for _, fc := range streamRecordChanges {
  > 35:                 _, err := k.UpdateStreamRecordByAddr(ctx, &fc)
    36:                 if err != nil {



[/Users/dylan.huang/git/bfs/x/storage/client/cli/tx.go:232] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
    231:                        // read file
  > 232:                        f, err := os.OpenFile(argObjectPath, os.O_RDONLY, 0644)
    233:                        if err != nil {



[/Users/dylan.huang/git/bfs/e2e/core/config.go:60] - G307 (CWE-703): Deferring unsafe method "Close" on type "*os.File" (Confidence: HIGH, Severity: MEDIUM)
    59:         }
  > 60:         defer file.Close()
    61: 



Summary:
  Gosec  : dev
  Files  : 201
  Lines  : 58950
  Nosec  : 3
  Issues : 6

Example

gosec -quiet -severity medium -confidence medium ./...

Changes

Notable changes:

  • ci

@unclezoro unclezoro merged commit 0ec0758 into develop Feb 21, 2023
This was referenced Feb 24, 2023
Merged
Merged
@unclezoro unclezoro deleted the ci/gosec branch April 18, 2023 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unclezoro unclezoro unclezoro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@j75689 @unclezoro