Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(*): add gosec #94

Merged
merged 14 commits into from
Nov 5, 2024
Merged

chore(*): add gosec #94

merged 14 commits into from
Nov 5, 2024

Conversation

Lazar955
Copy link
Member

@Lazar955 Lazar955 commented Nov 4, 2024

Adds gosec

@Lazar955 Lazar955 requested a review from gitferry November 4, 2024 16:17
RafilxTenfen
RafilxTenfen reviewed Nov 4, 2024
View reviewed changes
btcclient/query.go Outdated Show resolved Hide resolved
RafilxTenfen
RafilxTenfen reviewed Nov 4, 2024
View reviewed changes
btcclient/query.go Outdated
@@ -34,7 +38,11 @@ func (c *Client) GetBlockByHash(blockHash *chainhash.Hash) (*types.IndexedBlock,
}

btcTxs := types.GetWrappedTxs(mBlock)
return types.NewIndexedBlock(int32(blockInfo.Height), &mBlock.Header, btcTxs), mBlock, nil
height := blockInfo.Height
if height < 0 || height > int64(^uint32(0)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems a bit overkill and removing this check and running make gosec-local does not errors 🤔

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure? Because it does for me:
image

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will clean cache and try again

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeap, for me it doesn't appear the error

$~ make gosec-local

Results:


Summary:
  Gosec  : 2.20.0
  Files  : 90
  Lines  : 10303
  Nosec  : 5
  Issues : 0

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you do any other configuration?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it, I was on a "dev" version. Fixed, thanks @RafilxTenfen

Copy link
Member Author

@Lazar955 Lazar955 Nov 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah now the CI fails, so seems that we do need it, as our CI used the latest version. I'll be reverting this code then. And you should upgrade to latest version of gosec (2.21.4).

Summary:
  Gosec  : dev
  Files  : 90
  Lines  : 10287
  Nosec  : 5
  Issues : 2

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

 curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.21.4

And try again @RafilxTenfen

@Lazar955 Lazar955 requested a review from RafilxTenfen November 5, 2024 09:56
@Lazar955 Lazar955 linked an issue Nov 5, 2024 that may be closed by this pull request
Enable gosec for vigilante #85
Closed
gitferry
gitferry approved these changes Nov 5, 2024
View reviewed changes
Copy link
Member

@gitferry gitferry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

CHANGELOG.md
@@ -37,6 +37,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

## Unreleased

* [#94](https://github.com/babylonlabs-io/vigilante/pull/94) adds gosec and fixes gosec issues

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

empty line

config/submitter.go Outdated
Comment on lines 42 to 44
if cfg.PollingIntervalSeconds < 0 {
return errors.New("invalid polling-interval-seconds, should not be less than 0")
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if cfg.PollingIntervalSeconds < 0 {
return errors.New("invalid polling-interval-seconds, should not be less than 0")
}
if cfg.PollingIntervalSeconds <= 0 {
return errors.New("invalid polling-interval-seconds, should be positive")
}

monitor/monitor.go
@@ -143,6 +144,9 @@ func (m *Monitor) Start(baseHeight uint32) {
} else if !exists {
startHeight = baseHeight
} else {
if dbHeight > math.MaxUint32 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems in some places we use math.MaxUint32 and in other places we use ^uint32(0). Are they the same? If so, should we keep using one?

@Lazar955 Lazar955 merged commit 2d2468c into main Nov 5, 2024
12 checks passed
@Lazar955 Lazar955 deleted the lazar/add-gosec branch November 5, 2024 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gitferry gitferry gitferry approved these changes

@KonradStaniec KonradStaniec Awaiting requested review from KonradStaniec

@RafilxTenfen RafilxTenfen Awaiting requested review from RafilxTenfen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable gosec for vigilante
3 participants
@Lazar955 @gitferry @RafilxTenfen