chore: codeql changes (#20091)

2024-04-20 16:23:39 +02:00 · 2024-04-20 16:23:39 +02:00 · 13cf11aa92
commit 13cf11aa92
parent d41aa7af8c
5 changed files with 29 additions and 44 deletions
--- a/.github/codeql/config.yml
+++ b/.github/codeql/config.yml
@ -0,0 +1,11 @@
+packs:
+  - crypto-com/cosmos-sdk-codeql
+queries:
+  - uses: security-and-quality
+  - uses: security-experimental
+  - uses: security-extended
+paths-ignore:
+  - api
+  - '**/*_test.go'
+  - '**/*.pulsar.go'
+  - '**/*.pb.gp'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -32,8 +32,8 @@ jobs:
        uses: github/codeql-action/init@v3
        with:
          languages: "go"
-          queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main
-          packs: +crypto-com/cosmos-sdk-codeql
+          config-file: ./.github/codeql/config.yml
+          
          # If you wish to specify custom queries, you can do so here or in a config file.
          # By default, queries listed here will override any specified in a config file.
          # Prefix the list here with "+" to use these queries and those in the config file.
--- a/crypto/keys/bcrypt/bcrypt.go
+++ b/crypto/keys/bcrypt/bcrypt.go
@ -268,15 +268,15 @@ func (p *hashed) decodeVersion(sbytes []byte) (int, error) {

 // decodeCost sbytes should begin where decodeVersion left off.
 func (p *hashed) decodeCost(sbytes []byte) (int, error) {
-	cost, err := strconv.Atoi(string(sbytes[0:2]))
+	cost, err := strconv.ParseUint(string(sbytes[0:2]), 10, 32)
 	if err != nil {
 		return -1, err
 	}
-	err = checkCost(uint32(cost))
+	err = checkCost(uint64to32(cost))
 	if err != nil {
 		return -1, err
 	}
-	p.cost = uint32(cost)
+	p.cost = uint64to32(cost)
 	return 3, nil
 }

@ -290,3 +290,13 @@ func checkCost(cost uint32) error {
 	}
 	return nil
 }
+
+// uint64to32 converts a uint64 value to a uint32 value.
+// If the input value is greater than 0xFFFFFFFF, it returns 0xFFFFFFFF.
+// Otherwise, it returns the input value converted to uint32.
+func uint64to32(u uint64) uint32 {
+	if u > 0xFFFFFFFF {
+		return 0xFFFFFFFF
+	}
+	return uint32(u)
+}
--- a/store/db/db.go
+++ b/store/db/db.go
@ -10,9 +10,9 @@ type RawDBType string

 const (
 	DBTypeGoLevelDB RawDBType = "goleveldb"
-	DBTypeRocksDB             = "rocksdb"
-	DBTypePebbleDB            = "pebbledb"
-	DBTypePrefixDB            = "prefixdb"
+	DBTypeRocksDB   RawDBType = "rocksdb"
+	DBTypePebbleDB  RawDBType = "pebbledb"
+	DBTypePrefixDB  RawDBType = "prefixdb"

 	DBFileSuffix string = ".db"
 )
--- a/store/db/rocksdb_noflag.go
+++ b/store/db/rocksdb_noflag.go
@ -50,39 +50,3 @@ func (db *RocksDB) NewBatch() store.RawBatch {
 func (db *RocksDB) NewBatchWithSize(_ int) store.RawBatch {
 	return db.NewBatch()
 }
-
-var _ corestore.Iterator = (*rocksDBIterator)(nil)
-
-type rocksDBIterator struct{}
-
-func (itr *rocksDBIterator) Domain() (start, end []byte) {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Valid() bool {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Key() []byte {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Value() []byte {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Next() {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Error() error {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) Close() error {
-	panic("rocksdb must be built with -tags rocksdb")
-}
-
-func (itr *rocksDBIterator) assertIsValid() {
-	panic("rocksdb must be built with -tags rocksdb")
-}