Skip to content

feat!: upgrade to go 1.22#2460

Merged
gartnera merged 7 commits intodevelopfrom
go122
Jul 12, 2024
Merged

feat!: upgrade to go 1.22#2460
gartnera merged 7 commits intodevelopfrom
go122

Conversation

@gartnera
Copy link
Contributor

@gartnera gartnera commented Jul 10, 2024
edited
Loading

Description

Upgrade to go 1.22. Pretty simple on the node side, but please see zeta-chain/go-tss#19.

This is a breaking change because QUIC P2P will no longer function. We don't think anyone is using it but technically other zetaclientd operators could have configured it.

Unblocks: #2417

TODO:

  • cosmos gosec is unmaintained, I will rebase their ruleset on the upstream repo. Use fork until upstream changes are merged and released.
    • G701 is now upstream as G115. Update: need fix for upstream issue.
    • G703 is supposed to be an improved version of G104 but there is just a TODO to actually implement the functionality. I think it's ok to remove this check.
    • G702 is a dumber version of G103 and G404. I think it's ok to remove. It's also not currently enabled anyway.
    • G704 may be useful and I may try to upstream it. But the described scenario seems to be pretty dumb when strconv.ParseInt() exists.
  • Evaluate new gosec rule failures.
    • G115 false positives I had to suppress
    • Some MkdirAll 0o777 -> 0o750

How Has This Been Tested?

  • Tested CCTX in localnet
  • Tested in development environment
  • Go unit tests
  • Go integration tests
  • Tested via GitHub Actions

Summary by CodeRabbit

  • Chores

    • Updated the Go version from 1.20 to 1.22 across multiple configurations including GitHub Actions workflows and Dockerfiles.
    • Changed security annotations in comments from G701 to G115 to reflect updated security guidelines.

  • New Features

    • Introduced a new gosec.sh script for running security scans using the gosec tool.

  • Documentation

    • Updated comments in various files to align with the new security annotation standards.

@gartnera gartnera added the UPGRADE_LIGHT_TESTS Run make start-upgrade-test-light label Jul 10, 2024
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 10, 2024
edited
Loading

Important

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

26 files out of 84 files are above the max files limit of 50. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes predominantly involve updating the Go version from 1.20 to 1.22 across multiple files, including Dockerfiles, GitHub Actions workflows, and the go.mod file. Additionally, security comments have been updated from G701 to G115 to reflect new security guidelines. Other minor adjustments include changes to dependency versions and slight modifications in function comments and scripts.

Changes

Files Change Summary
.github/actions/install-dependencies/action.yml, .github/workflows/publish-release.yml, .github/workflows/sast-linters.yml, Dockerfile-localnet, go.mod Updated Go version from 1.20 to 1.22.
.github/workflows/sast-linters.yml Updated Gosec Security Scanner configuration to zeta-chain/gosec@v2.21.0-zeta with additional arguments.
Makefile Changed linting script from cosmos-gosec to gosec.
cmd/zetae2e/stress.go, cmd/zetatool/filterdeposit/btc.go, cmd/zetatool/filterdeposit/evm.go, contrib/rpctest/main.go, e2e/e2etests/test_update_bytecode_zrc20.go, ... Updated security comment annotations from G701 to G115.
scripts/gosec.sh Introduced new bash script for running gosec using Docker.
go.mod Updated dependencies, including github.com/zeta-chain/go-tss and github.com/onsi/gomega, and removed several indirect dependencies.

Poem

In the code where Go now shines,
From 1.20 to 1.22 aligns,
Securely checked, with G115 we trust,
Dependencies adjusted, as they must.
Through Docker and GitHub's dance,
Our systems now enhanced!
🐰✨ Code's elegance, in every glance.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot added the ci Changes to CI pipeline or github actions label Jul 10, 2024
@codecov
Copy link

codecov bot commented Jul 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 47.17%. Comparing base (ce8afec) to head (699a1bb).

❗ There is a different number of reports uploaded between BASE (ce8afec) and HEAD (699a1bb). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (ce8afec) HEAD (699a1bb)
2 1
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##           develop    #2460       +/-   ##
============================================
- Coverage    68.94%   47.17%   -21.77%     
============================================
  Files          308      433      +125     
  Lines        19223    29129     +9906     
============================================
+ Hits         13253    13743      +490     
- Misses        5295    14604     +9309     
- Partials       675      782      +107
Files Coverage Δ
e2e/e2etests/test_update_bytecode_zrc20.go 0.00% <ø> (ø)
e2e/runner/accounting.go 0.00% <ø> (ø)
e2e/runner/evm.go 0.00% <ø> (ø)
pkg/chains/conversion.go 100.00% <ø> (ø)
pkg/coin/coin.go 100.00% <ø> (ø)
pkg/mempool/custom_proposal_handler.go 71.92% <ø> (ø)
pkg/proofs/ethereum/proof.go 92.77% <ø> (ø)
pkg/proofs/proof.go 76.47% <ø> (ø)
rpc/backend/account_info.go 83.89% <ø> (ø)
rpc/backend/blocks.go 87.35% <ø> (ø)
... and 26 more

... and 120 files with indirect coverage changes

@gartnera gartnera force-pushed the go122 branch 2 times, most recently from f5a4763 to 699a1bb Compare July 11, 2024 23:00
@github-actions
Copy link

github-actions bot commented Jul 11, 2024
edited
Loading

!!!WARNING!!!
nosec detected in the following files: cmd/zetae2e/stress.go, cmd/zetatool/filterdeposit/btc.go, cmd/zetatool/filterdeposit/evm.go, contrib/rpctest/main.go, e2e/e2etests/test_update_bytecode_zrc20.go, e2e/runner/accounting.go, e2e/runner/evm.go, pkg/chains/conversion.go, pkg/coin/coin.go, pkg/mempool/custom_proposal_handler.go, pkg/proofs/ethereum/proof.go, pkg/proofs/proof.go, rpc/backend/account_info.go, rpc/backend/blocks.go, rpc/backend/chain_info.go, rpc/backend/tx_info.go, rpc/backend/utils.go, rpc/namespaces/ethereum/eth/api.go, rpc/types/block.go, rpc/types/events.go, rpc/types/utils.go, testutil/nullify/nullify.go, x/crosschain/client/cli/cli_whitelist_erc20.go, x/crosschain/client/cli/query_cctx.go, x/crosschain/client/querytests/cctx.go, x/crosschain/client/querytests/gas_price.go, x/crosschain/client/querytests/inbound_hash.go, x/crosschain/client/querytests/inbound_tracker.go, x/crosschain/client/querytests/last_block_height.go, x/crosschain/client/querytests/outbound_tracker.go, x/crosschain/keeper/cctx.go, x/crosschain/keeper/cctx_orchestrator_validate_outbound.go, x/crosschain/keeper/cctx_utils.go, x/crosschain/keeper/evm_deposit.go, x/crosschain/keeper/grpc_query_cctx.go, x/crosschain/keeper/grpc_query_cctx_rate_limit.go, x/crosschain/keeper/grpc_query_cctx_rate_limit_test.go, x/crosschain/keeper/grpc_query_zeta_conversion_rate.go, x/crosschain/keeper/grpc_query_zeta_conversion_rate_test.go, x/crosschain/keeper/msg_server_vote_gas_price.go, x/crosschain/keeper/msg_server_vote_inbound_tx.go, x/crosschain/keeper/msg_server_vote_outbound_tx.go, x/crosschain/keeper/msg_server_whitelist_erc20.go, x/crosschain/migrations/v2/migrate.go, x/crosschain/migrations/v5/migrate.go, x/fungible/client/cli/tx_deploy_fungible_coin_zrc_4.go, x/fungible/keeper/evm.go, x/fungible/keeper/gas_coin_and_pool.go, x/fungible/keeper/msg_server_deploy_fungible_coin_zrc20.go, x/observer/abci.go, x/observer/client/cli/tx_update_gas_price_increase_flags.go, x/observer/client/cli/tx_update_observer.go, x/observer/client/querytests/chain_nonces.go, x/observer/keeper/msg_server_reset_chain_nonces.go, x/observer/keeper/pending_nonces.go, zetaclient/chains/bitcoin/fee.go, zetaclient/chains/bitcoin/fee_test.go, zetaclient/chains/bitcoin/observer/inbound.go, zetaclient/chains/bitcoin/observer/inbound_test.go, zetaclient/chains/bitcoin/observer/observer.go, zetaclient/chains/bitcoin/observer/outbound.go, zetaclient/chains/bitcoin/rpc/rpc.go, zetaclient/chains/bitcoin/signer/signer.go, zetaclient/chains/bitcoin/tx_script.go, zetaclient/chains/bitcoin/utils.go, zetaclient/chains/evm/observer/observer.go, zetaclient/chains/evm/observer/observer_test.go, zetaclient/orchestrator/orchestrator.go, zetaclient/orchestrator/orchestrator_test.go, zetaclient/tss/tss_signer.go, zetaclient/zetacore/broadcast.go, zetaclient/zetacore/client_monitor.go, zetaclient/zetacore/client_vote.go

Be very careful about using #nosec in code. It can be a quick way to suppress security warnings and move forward with development, it should be employed with caution. Suppressing warnings with #nosec can hide potentially serious vulnerabilities. Only use #nosec when you're absolutely certain that the security issue is either a false positive or has been mitigated in another way.

Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203
Broad #nosec annotations should be avoided, as they can hide other vulnerabilities. The CI will block you from merging this PR until you remove #nosec annotations that do not target specific rules.

Pay extra attention to the way #nosec is being used in the files listed above.

@github-actions github-actions bot added the nosec label Jul 11, 2024
@gartnera gartnera marked this pull request as ready for review July 11, 2024 23:04
coderabbitai[bot]
coderabbitai bot reviewed Jul 11, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (3)
pkg/chains/conversion.go (1)

13-13: Verify range checks for nonce

The nonce value is not explicitly validated before calling the NonceMarkAmount function, which contradicts the comment #nosec G115 always in range. To ensure proper validation, add range checks for nonce before calling NonceMarkAmount.

  • pkg/chains/conversion.go: Function NonceMarkAmount lacks nonce validation.
  • Call sites in:
    • x/crosschain/types/tx_body_verification.go
    • zetaclient/chains/bitcoin/signer/signer.go
    • zetaclient/chains/bitcoin/observer/outbound_test.go
    • zetaclient/chains/bitcoin/observer/outbound.go
Analysis chain

Verify range checks for nonce

The comment #nosec G115 always in range indicates that the value is always in range. Ensure that the nonce value is properly validated before this point.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the range check for `nonce` in the `NonceMarkAmount` function

# Test: Check for the validation logic for `nonce`. Expect: Validation logic exists.
rg --type go --context 5 -e 'nonce.*ParseUint' -e 'nonce.*<'

Length of output: 12625

Script:

#!/bin/bash
# Description: Verify the range check for `nonce` in the `pkg/chains/conversion.go` file

# Test: Search for the `NonceMarkAmount` function and surrounding context to identify validation logic for `nonce`.
rg --type go --context 10 -e 'func NonceMarkAmount' -e 'nonce' pkg/chains/conversion.go

Length of output: 793

Script:

#!/bin/bash
# Description: Verify the range check for `nonce` by searching for call sites of `NonceMarkAmount` in the codebase.

# Test: Search for call sites of `NonceMarkAmount` and check for validation logic for `nonce` at those locations.
rg --type go --context 10 -e 'NonceMarkAmount'

Length of output: 13195

x/crosschain/client/cli/query_cctx.go (1)

68-68: Ensure additional validation for limit

The limit value is only validated for being a 32-bit unsigned integer using strconv.ParseUint, without any further checks on its value range or constraints. Consider adding additional validation logic to ensure limit meets the application's requirements.

  • File: x/crosschain/client/cli/query_cctx.go
  • Line: 68
Analysis chain

Verify bit size checks for limit

The comment #nosec G115 bit size verified indicates that the bit size is checked. Ensure that the limit value is properly validated before this point.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the bit size check for `limit` in the `CmdPendingCctx` function

# Test: Check for the validation logic for `limit`. Expect: Validation logic exists.
rg --type go --context 5 -e 'limit.*ParseUint' -e 'limit.*<'

Length of output: 1768

Script:

#!/bin/bash
# Description: Verify additional validation checks for `limit` in the `CmdPendingCctx` function

# Test: Check for any further validation logic for `limit` after parsing. Expect: Additional validation logic exists.
rg --type go --context 5 -e 'limit' x/crosschain/client/cli/query_cctx.go

Length of output: 804

x/fungible/keeper/evm.go (1)

Line range hint 118-118:
Reminder: Add unit tests and refactor repetitive code.

The TODO comment indicates that unit tests are missing, and there is repetitive code that needs refactoring.

Do you want me to generate the unit testing code or open a GitHub issue to track this task?

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ce8afec and 699a1bb.

Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
Files selected for processing (55)
  • .github/actions/install-dependencies/action.yml (1 hunks)
  • .github/workflows/publish-release.yml (3 hunks)
  • .github/workflows/sast-linters.yml (2 hunks)
  • Dockerfile-localnet (2 hunks)
  • Makefile (1 hunks)
  • cmd/zetae2e/stress.go (1 hunks)
  • cmd/zetatool/filterdeposit/btc.go (1 hunks)
  • cmd/zetatool/filterdeposit/evm.go (1 hunks)
  • contrib/rpctest/main.go (1 hunks)
  • e2e/e2etests/test_update_bytecode_zrc20.go (1 hunks)
  • e2e/runner/accounting.go (1 hunks)
  • e2e/runner/evm.go (1 hunks)
  • go.mod (6 hunks)
  • pkg/chains/conversion.go (1 hunks)
  • pkg/coin/coin.go (1 hunks)
  • pkg/mempool/custom_proposal_handler.go (4 hunks)
  • pkg/proofs/ethereum/proof.go (4 hunks)
  • pkg/proofs/proof.go (1 hunks)
  • rpc/backend/account_info.go (2 hunks)
  • rpc/backend/blocks.go (3 hunks)
  • rpc/backend/chain_info.go (3 hunks)
  • rpc/backend/tx_info.go (12 hunks)
  • rpc/backend/utils.go (2 hunks)
  • rpc/namespaces/ethereum/eth/api.go (1 hunks)
  • rpc/types/block.go (1 hunks)
  • rpc/types/events.go (6 hunks)
  • rpc/types/utils.go (3 hunks)
  • scripts/gosec.sh (1 hunks)
  • x/crosschain/client/cli/cli_whitelist_erc20.go (1 hunks)
  • x/crosschain/client/cli/query_cctx.go (1 hunks)
  • x/crosschain/client/querytests/cctx.go (3 hunks)
  • x/crosschain/client/querytests/gas_price.go (3 hunks)
  • x/crosschain/client/querytests/inbound_hash.go (3 hunks)
  • x/crosschain/client/querytests/inbound_tracker.go (2 hunks)
  • x/crosschain/client/querytests/last_block_height.go (3 hunks)
  • x/crosschain/client/querytests/outbound_tracker.go (3 hunks)
  • x/crosschain/keeper/cctx.go (1 hunks)
  • x/crosschain/keeper/cctx_orchestrator_validate_outbound.go (1 hunks)
  • x/crosschain/keeper/cctx_utils.go (1 hunks)
  • x/crosschain/keeper/evm_deposit.go (1 hunks)
  • x/crosschain/keeper/grpc_query_cctx.go (3 hunks)
  • x/crosschain/keeper/grpc_query_cctx_rate_limit.go (6 hunks)
  • x/crosschain/keeper/grpc_query_cctx_rate_limit_test.go (1 hunks)
  • x/crosschain/keeper/grpc_query_zeta_conversion_rate.go (1 hunks)
  • x/crosschain/keeper/grpc_query_zeta_conversion_rate_test.go (1 hunks)
  • x/crosschain/keeper/msg_server_vote_gas_price.go (1 hunks)
  • x/crosschain/keeper/msg_server_vote_inbound_tx.go (1 hunks)
  • x/crosschain/keeper/msg_server_vote_outbound_tx.go (1 hunks)
  • x/crosschain/keeper/msg_server_whitelist_erc20.go (2 hunks)
  • x/crosschain/migrations/v2/migrate.go (1 hunks)
  • x/crosschain/migrations/v5/migrate.go (1 hunks)
  • x/fungible/client/cli/tx_deploy_fungible_coin_zrc_4.go (1 hunks)
  • x/fungible/keeper/evm.go (1 hunks)
  • x/fungible/keeper/gas_coin_and_pool.go (1 hunks)
  • x/fungible/keeper/msg_server_deploy_fungible_coin_zrc20.go (3 hunks)
Files not processed due to max files limit (6)
  • x/observer/abci.go
  • x/observer/client/cli/tx_update_gas_price_increase_flags.go
  • x/observer/client/cli/tx_update_observer.go
  • x/observer/client/querytests/chain_nonces.go
  • x/observer/keeper/msg_server_reset_chain_nonces.go
  • x/observer/keeper/pending_nonces.go
Files skipped from review due to trivial changes (35)
  • .github/actions/install-dependencies/action.yml
  • .github/workflows/publish-release.yml
  • .github/workflows/sast-linters.yml
  • cmd/zetae2e/stress.go
  • cmd/zetatool/filterdeposit/btc.go
  • cmd/zetatool/filterdeposit/evm.go
  • contrib/rpctest/main.go
  • e2e/e2etests/test_update_bytecode_zrc20.go
  • e2e/runner/accounting.go
  • go.mod
  • pkg/coin/coin.go
  • pkg/proofs/proof.go
  • rpc/backend/chain_info.go
  • rpc/backend/tx_info.go
  • rpc/backend/utils.go
  • rpc/namespaces/ethereum/eth/api.go
  • rpc/types/block.go
  • rpc/types/utils.go
  • scripts/gosec.sh
  • x/crosschain/client/querytests/cctx.go
  • x/crosschain/client/querytests/inbound_hash.go
  • x/crosschain/client/querytests/inbound_tracker.go
  • x/crosschain/client/querytests/outbound_tracker.go
  • x/crosschain/keeper/cctx_orchestrator_validate_outbound.go
  • x/crosschain/keeper/cctx_utils.go
  • x/crosschain/keeper/evm_deposit.go
  • x/crosschain/keeper/grpc_query_cctx.go
  • x/crosschain/keeper/grpc_query_cctx_rate_limit_test.go
  • x/crosschain/keeper/grpc_query_zeta_conversion_rate.go
  • x/crosschain/keeper/grpc_query_zeta_conversion_rate_test.go
  • x/crosschain/keeper/msg_server_vote_outbound_tx.go
  • x/crosschain/migrations/v2/migrate.go
  • x/fungible/client/cli/tx_deploy_fungible_coin_zrc_4.go
  • x/fungible/keeper/gas_coin_and_pool.go
  • x/fungible/keeper/msg_server_deploy_fungible_coin_zrc20.go
Additional context used
Path-based instructions (18)
x/crosschain/client/cli/cli_whitelist_erc20.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

pkg/chains/conversion.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/client/cli/query_cctx.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/keeper/msg_server_vote_gas_price.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/keeper/cctx.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/client/querytests/gas_price.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/client/querytests/last_block_height.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

pkg/proofs/ethereum/proof.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/migrations/v5/migrate.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/keeper/msg_server_vote_inbound_tx.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/keeper/msg_server_whitelist_erc20.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

rpc/backend/account_info.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

e2e/runner/evm.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

pkg/mempool/custom_proposal_handler.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

rpc/types/events.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/crosschain/keeper/grpc_query_cctx_rate_limit.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

rpc/backend/blocks.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

x/fungible/keeper/evm.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

Additional comments not posted (52)
x/crosschain/client/cli/cli_whitelist_erc20.go (1)

53-53: Verify range checks for decimals

The comment #nosec G115 always in range indicates that the value is always in range. Ensure that the decimals value is properly validated before this point.

Verification successful

The range check for decimals is properly implemented.

The code ensures that the decimals value is parsed and then validated to be less than 128, which confirms that the value is within the expected range.

  • decimals, err := strconv.ParseUint(args[4], 10, 32)
  • if decimals > 128 { return fmt.Errorf("decimals must be less than 128") }
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the range check for `decimals` in the `CmdWhitelistERC20` function

# Test: Check for the validation logic for `decimals`. Expect: Validation logic exists.
rg --type go --context 5 -e 'decimals.*ParseUint' -e 'decimals.*<'

Length of output: 819

x/crosschain/keeper/msg_server_vote_gas_price.go (1)

66-66: Verify positive checks for median index

The comment #nosec G115 always positive indicates that the value is always positive. Ensure that the median index value is properly validated before this point.

Dockerfile-localnet (3)

2-2: Update Go version to 1.22.5

The base image has been updated from golang:1.20.14-bookworm to golang:1.22.5-bookworm. Ensure compatibility with all dependencies and the overall build process.

25-25: Update Go version to 1.22.5

The base image for cosmovisor-build has been updated from golang:1.20.14-bookworm to golang:1.22.5-bookworm. Ensure compatibility with all dependencies and the overall build process.

28-28: Update Go version to 1.22.5

The base image for base-runtime has been updated from golang:1.20.14-bookworm to golang:1.22.5-bookworm. Ensure compatibility with all dependencies and the overall build process.

x/crosschain/keeper/cctx.go (1)

29-29: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

x/crosschain/client/querytests/gas_price.go (4)

83-83: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

98-98: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

111-111: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

118-118: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

x/crosschain/client/querytests/last_block_height.go (4)

83-83: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

98-98: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

111-111: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

118-118: Update security annotation

The security annotation has been updated from #nosec G701 to #nosec G115. Ensure the new annotation accurately reflects the security guidelines and the code's behavior.

pkg/proofs/ethereum/proof.go (4)

109-109: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the range.

136-136: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the range.

160-160: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the iterator range.

171-171: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the iterator range.

x/crosschain/migrations/v5/migrate.go (2)

65-65: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the nonce range.

67-67: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the nonce range.

x/crosschain/keeper/msg_server_vote_inbound_tx.go (1)

125-125: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the finalized height.

x/crosschain/keeper/msg_server_whitelist_erc20.go (2)

79-79: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the decimals range.

179-179: LGTM! Security annotation updated correctly.

The updated annotation correctly reflects the validation of the gas limit range.

rpc/backend/account_info.go (2)

85-85: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

215-215: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

e2e/runner/evm.go (1)

186-186: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

pkg/mempool/custom_proposal_handler.go (4)

76-76: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

92-92: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

151-151: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

221-221: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

rpc/types/events.go (7)

174-174: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

231-231: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

252-252: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

280-280: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

282-282: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

302-302: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

304-304: Update security annotation to reflect new guidelines.

The security annotation is updated from #nosec G701 to #nosec G115 to reflect the new guidelines for range checking.

Makefile (1)

142-143: LGTM! Updated linting target.

The linting target has been correctly updated from lint-cosmos-gosec to lint-gosec.

x/crosschain/keeper/grpc_query_cctx_rate_limit.go (8)

54-54: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

60-60: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

72-72: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

100-100: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

262-262: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

268-268: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

294-294: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

374-374: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

rpc/backend/blocks.go (5)

200-200: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

497-497: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

499-499: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

505-505: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

559-559: LGTM! Security annotation updated.

The security annotation has been correctly updated from #nosec G701 to #nosec G115.

x/fungible/keeper/evm.go (1)

133-133: Security annotation update approved.

The #nosec G115 annotation indicates that the value is always in range. This update is correctly applied.

fbac
fbac reviewed Jul 12, 2024
View reviewed changes
swift1337
swift1337 approved these changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@swift1337 swift1337 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

morde08
morde08 approved these changes Jul 12, 2024
View reviewed changes
Copy link
Collaborator

@morde08 morde08 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

gartnera added 6 commits July 12, 2024 10:14
@gartnera
use go-tss with go-libp2p fork
26bdcf7 
Use go 1.22

more go 1.22 upgrades

upgrade gosec

use upstream int overflow rule

Use zeta-chain-gosec
@gartnera
exclude-generated
2a1b71b
@gartnera
more G115
17e88d0
@gartnera
exclude testutil
6461cee
@gartnera
nosec updates
1c1eb47
@gartnera
G115 false positives
e158209
@gartnera gartnera enabled auto-merge July 12, 2024 18:20
@gartnera gartnera added this pull request to the merge queue Jul 12, 2024
Merged via the queue into develop with commit a076710 Jul 12, 2024
@gartnera gartnera deleted the go122 branch July 12, 2024 18:45
@gartnera gartnera mentioned this pull request Jul 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@morde08 morde08 morde08 approved these changes

@brewmaster012 brewmaster012 Awaiting requested review from brewmaster012

@kingpinXD kingpinXD Awaiting requested review from kingpinXD

@lumtis lumtis Awaiting requested review from lumtis

@ws4charlie ws4charlie Awaiting requested review from ws4charlie

@skosito skosito Awaiting requested review from skosito

+2 more reviewers

@fbac fbac fbac left review comments

@swift1337 swift1337 swift1337 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

breaking:cli ci Changes to CI pipeline or github actions nosec UPGRADE_LIGHT_TESTS Run make start-upgrade-test-light

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gartnera @morde08 @fbac @swift1337