fix: gosec issues (#779)

* remove gosec warnigs with medium severity

* Improvement(Ethermint): Fix gosec vulnerabilities

* Improvement(Evmos): address pr comments

* Improvement(Ethermint): Fix flags test by using PersistentFlags() instead of Flags()

* Improvement(Ethermint): Fix return of defer function

* Improvement(Ethermint): Replace PersistentFlags with Flags

* Apply suggestions from code review

* Improvement(Ethermint): Use persisentFlags again and remove required attribute for chain id

Co-authored-by: Federico Kunze Küllmer <31522760+fedekunze@users.noreply.github.com>
This commit is contained in:
Daniel Burckhardt 2021-11-25 16:12:57 +01:00 committed by GitHub
parent 32eaec8d99
commit 2d8be4e85b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 63 additions and 29 deletions

View File

@ -186,7 +186,9 @@ func (app *EthermintApp) prepForZeroHeightGenesis(ctx sdk.Context, jailAllowedAd
app.StakingKeeper.SetValidator(ctx, validator) app.StakingKeeper.SetValidator(ctx, validator)
} }
iter.Close() if err := iter.Close(); err != nil {
return err
}
if _, err := app.StakingKeeper.ApplyAndReturnValidatorSetUpdates(ctx); err != nil { if _, err := app.StakingKeeper.ApplyAndReturnValidatorSetUpdates(ctx); err != nil {
return err return err

View File

@ -556,7 +556,10 @@ func startTestnet(cmd *cobra.Command, args startArgs) error {
} }
cmd.Println("press the Enter Key to terminate") cmd.Println("press the Enter Key to terminate")
fmt.Scanln() // wait for Enter Key _, err = fmt.Scanln() // wait for Enter Key
if err != nil {
return err
}
testnet.Cleanup() testnet.Cleanup()
return nil return nil

View File

@ -119,7 +119,11 @@ func NewRootCmd() (*cobra.Command, params.EncodingConfig) {
txCommand(), txCommand(),
ethermintclient.KeyCommands(app.DefaultNodeHome), ethermintclient.KeyCommands(app.DefaultNodeHome),
) )
rootCmd = srvflags.AddTxFlags(rootCmd)
rootCmd, err := srvflags.AddTxFlags(rootCmd)
if err != nil {
panic(err)
}
// add rosetta // add rosetta
rootCmd.AddCommand(sdkserver.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Marshaler)) rootCmd.AddCommand(sdkserver.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Marshaler))

View File

@ -19,8 +19,10 @@ import (
evmtypes "github.com/tharsis/ethermint/x/evm/types" evmtypes "github.com/tharsis/ethermint/x/evm/types"
"github.com/cosmos/cosmos-sdk/client" "github.com/cosmos/cosmos-sdk/client"
stderrors "github.com/pkg/errors"
"github.com/cosmos/cosmos-sdk/server" "github.com/cosmos/cosmos-sdk/server"
"github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/hexutil" "github.com/ethereum/go-ethereum/common/hexutil"
"github.com/ethereum/go-ethereum/consensus/ethash" "github.com/ethereum/go-ethereum/consensus/ethash"
@ -351,7 +353,10 @@ func (a *API) StartCPUProfile(file string) error {
} }
if err := pprof.StartCPUProfile(f); err != nil { if err := pprof.StartCPUProfile(f); err != nil {
a.logger.Debug("cpu profiling already in use", "error", err.Error()) a.logger.Debug("cpu profiling already in use", "error", err.Error())
f.Close() if err := f.Close(); err != nil {
a.logger.Debug("failed to close cpu profile file")
return stderrors.Wrap(err, "failed to close cpu profile file")
}
return err return err
} }
@ -375,7 +380,10 @@ func (a *API) StopCPUProfile() error {
case a.handler.cpuFile != nil: case a.handler.cpuFile != nil:
a.logger.Info("Done writing CPU profile", "profile", a.handler.cpuFilename) a.logger.Info("Done writing CPU profile", "profile", a.handler.cpuFilename)
pprof.StopCPUProfile() pprof.StopCPUProfile()
a.handler.cpuFile.Close() if err := a.handler.cpuFile.Close(); err != nil {
a.logger.Debug("failed to close cpu file")
return stderrors.Wrap(err, "failed to close cpu file")
}
a.handler.cpuFile = nil a.handler.cpuFile = nil
a.handler.cpuFilename = "" a.handler.cpuFilename = ""
return nil return nil

View File

@ -23,6 +23,8 @@ import (
"errors" "errors"
"os" "os"
"runtime/trace" "runtime/trace"
stderrors "github.com/pkg/errors"
) )
// StartGoTrace turns on tracing, writing to the given file. // StartGoTrace turns on tracing, writing to the given file.
@ -47,7 +49,11 @@ func (a *API) StartGoTrace(file string) error {
} }
if err := trace.Start(f); err != nil { if err := trace.Start(f); err != nil {
a.logger.Debug("Go tracing already started", "error", err.Error()) a.logger.Debug("Go tracing already started", "error", err.Error())
f.Close() if err := f.Close(); err != nil {
a.logger.Debug("failed to close trace file")
return stderrors.Wrap(err, "failed to close trace file")
}
return err return err
} }
a.handler.traceFile = f a.handler.traceFile = f
@ -68,7 +74,10 @@ func (a *API) StopGoTrace() error {
return errors.New("trace not in progress") return errors.New("trace not in progress")
} }
a.logger.Info("Done writing Go trace", "dump", a.handler.traceFilename) a.logger.Info("Done writing Go trace", "dump", a.handler.traceFilename)
a.handler.traceFile.Close() if err := a.handler.traceFile.Close(); err != nil {
a.logger.Debug("failed to close trace file")
return stderrors.Wrap(err, "failed to close trace file")
}
a.handler.traceFile = nil a.handler.traceFile = nil
a.handler.traceFilename = "" a.handler.traceFilename = ""
return nil return nil

View File

@ -50,7 +50,9 @@ func writeProfile(name, file string, log log.Logger) error {
} }
if err := p.WriteTo(f, 0); err != nil { if err := p.WriteTo(f, 0); err != nil {
f.Close() if err := f.Close(); err != nil {
return err
}
return err return err
} }

View File

@ -49,7 +49,7 @@ const (
) )
// AddTxFlags adds common flags for commands to post tx // AddTxFlags adds common flags for commands to post tx
func AddTxFlags(cmd *cobra.Command) *cobra.Command { func AddTxFlags(cmd *cobra.Command) (*cobra.Command, error) {
cmd.PersistentFlags().String(flags.FlagChainID, "testnet", "Specify Chain ID for sending Tx") cmd.PersistentFlags().String(flags.FlagChainID, "testnet", "Specify Chain ID for sending Tx")
cmd.PersistentFlags().String(flags.FlagFrom, "", "Name or address of private key with which to sign") cmd.PersistentFlags().String(flags.FlagFrom, "", "Name or address of private key with which to sign")
cmd.PersistentFlags().String(flags.FlagFees, "", "Fees to pay along with transaction; eg: 10aphoton") cmd.PersistentFlags().String(flags.FlagFees, "", "Fees to pay along with transaction; eg: 10aphoton")
@ -66,13 +66,11 @@ func AddTxFlags(cmd *cobra.Command) *cobra.Command {
// )) // ))
// viper.BindPFlag(flags.FlagTrustNode, cmd.Flags().Lookup(flags.FlagTrustNode)) // viper.BindPFlag(flags.FlagTrustNode, cmd.Flags().Lookup(flags.FlagTrustNode))
if err := viper.BindPFlag(flags.FlagNode, cmd.PersistentFlags().Lookup(flags.FlagNode)); err != nil {
// TODO: we need to handle the errors for these, decide if we should return error upward and handle return nil, err
// nolint: errcheck }
viper.BindPFlag(flags.FlagNode, cmd.Flags().Lookup(flags.FlagNode)) if err := viper.BindPFlag(flags.FlagKeyringBackend, cmd.PersistentFlags().Lookup(flags.FlagKeyringBackend)); err != nil {
// nolint: errcheck return nil, err
viper.BindPFlag(flags.FlagKeyringBackend, cmd.Flags().Lookup(flags.FlagKeyringBackend)) }
// nolint: errcheck return cmd, nil
cmd.MarkFlagRequired(flags.FlagChainID)
return cmd
} }

View File

@ -219,11 +219,11 @@ func startStandAlone(ctx *server.Context, appCreator types.AppCreator) error {
} }
// legacyAminoCdc is used for the legacy REST API // legacyAminoCdc is used for the legacy REST API
func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator types.AppCreator) error { func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator types.AppCreator) (err error) {
cfg := ctx.Config cfg := ctx.Config
home := cfg.RootDir home := cfg.RootDir
logger := ctx.Logger logger := ctx.Logger
var cpuProfileCleanup func() var cpuProfileCleanup func() error
if cpuProfile := ctx.Viper.GetString(srvflags.CPUProfile); cpuProfile != "" { if cpuProfile := ctx.Viper.GetString(srvflags.CPUProfile); cpuProfile != "" {
fp, err := ethdebug.ExpandHome(cpuProfile) fp, err := ethdebug.ExpandHome(cpuProfile)
@ -241,10 +241,14 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
return err return err
} }
cpuProfileCleanup = func() { cpuProfileCleanup = func() error {
ctx.Logger.Info("stopping CPU profiler", "profile", cpuProfile) ctx.Logger.Info("stopping CPU profiler", "profile", cpuProfile)
pprof.StopCPUProfile() pprof.StopCPUProfile()
f.Close() if err := f.Close(); err != nil {
logger.Error("failed to close CPU profiler file", "error", err.Error())
return err
}
return nil
} }
} }
@ -359,7 +363,7 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
if config.GRPCWeb.Enable { if config.GRPCWeb.Enable {
grpcWebSrv, err = servergrpc.StartGRPCWeb(grpcSrv, config.Config) grpcWebSrv, err = servergrpc.StartGRPCWeb(grpcSrv, config.Config)
if err != nil { if err != nil {
ctx.Logger.Error("failed to start grpc-web http server: ", err) ctx.Logger.Error("failed to start grpc-web http server", "error", err)
return err return err
} }
} }
@ -429,7 +433,7 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
} }
if cpuProfileCleanup != nil { if cpuProfileCleanup != nil {
cpuProfileCleanup() _ = cpuProfileCleanup()
} }
if apiSrv != nil { if apiSrv != nil {
@ -439,7 +443,9 @@ func startInProcess(ctx *server.Context, clientCtx client.Context, appCreator ty
if grpcSrv != nil { if grpcSrv != nil {
grpcSrv.Stop() grpcSrv.Stop()
if grpcWebSrv != nil { if grpcWebSrv != nil {
grpcWebSrv.Close() if err := grpcWebSrv.Close(); err != nil {
logger.Error("failed to close the grpcWebSrc", "error", err.Error())
}
} }
} }
@ -474,9 +480,11 @@ func openTraceWriter(traceWriterFile string) (w io.Writer, err error) {
if traceWriterFile == "" { if traceWriterFile == "" {
return return
} }
filePath := filepath.Clean(traceWriterFile)
return os.OpenFile( return os.OpenFile(
traceWriterFile, filePath,
os.O_WRONLY|os.O_APPEND|os.O_CREATE, os.O_WRONLY|os.O_APPEND|os.O_CREATE,
0o666, 0o600,
) )
} }

View File

@ -334,12 +334,12 @@ func New(l Logger, baseDir string, cfg Config) (*Network, error) {
clientDir := filepath.Join(network.BaseDir, nodeDirName, "evmoscli") clientDir := filepath.Join(network.BaseDir, nodeDirName, "evmoscli")
gentxsDir := filepath.Join(network.BaseDir, "gentxs") gentxsDir := filepath.Join(network.BaseDir, "gentxs")
err := os.MkdirAll(filepath.Join(nodeDir, "config"), 0o755) err := os.MkdirAll(filepath.Join(nodeDir, "config"), 0o750)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = os.MkdirAll(clientDir, 0o755) err = os.MkdirAll(clientDir, 0o750)
if err != nil { if err != nil {
return nil, err return nil, err
} }