chore: passing gosec with nosec directives

Layr-Labs · Sep 5, 2024 · 1b60e4f · 1b60e4f
1 parent 0405a2e
commit 1b60e4f
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 23 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -24,15 +24,3 @@ jobs:
         with:
           version: v1.60
           args: --timeout 3m
-
-  go-sec:
-    runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@v3
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
-        with:
-          args: ./...
diff --git a/.golangci.yml b/.golangci.yml
@@ -116,6 +116,7 @@ linters:
   disable-all: true
   enable:
     ## enabled by default
+    - gosec # Golang Security Checker
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - gosimple # specializes in simplifying a code
     - ineffassign # detects when assignments to existing variables are not used

diff --git a/Makefile b/Makefile
@@ -60,6 +60,10 @@ lint:
 
 	@golangci-lint run
 
+go-gen-mocks:
+	@echo "generating go mocks..."
+	@GO111MODULE=on go generate --run "mockgen*" ./...
+
 install-lint:
 	@echo "Installing golangci-lint..."
 	@sh -c $(GET_LINT_CMD)

diff --git a/server/config.go b/server/config.go
@@ -125,9 +125,9 @@ func (cfg *Config) VerificationCfg() *verify.Config {
 		G1Path:          cfg.G1Path,
 		G2PowerOf2Path:  cfg.G2PowerOfTauPath,
 		CacheDir:        cfg.CacheDir,
-		SRSOrder:        268435456,     // 2 ^ 32
-		SRSNumberToLoad: numBytes / 32, // # of fp.Elements
-		NumWorker:       uint64(runtime.GOMAXPROCS(0)),
+		SRSOrder:        268435456,                     // 2 ^ 32
+		SRSNumberToLoad: numBytes / 32,                 // # of fp.Elements
+		NumWorker:       uint64(runtime.GOMAXPROCS(0)), // #nosec G115
 	}
 
 	if cfg.EthRPC == "" || cfg.SvcManagerAddr == "" {
@@ -142,7 +142,7 @@ func (cfg *Config) VerificationCfg() *verify.Config {
 		RPCURL:               cfg.EthRPC,
 		SvcManagerAddr:       cfg.SvcManagerAddr,
 		KzgConfig:            kzgCfg,
-		EthConfirmationDepth: uint64(cfg.EthConfirmationDepth),
+		EthConfirmationDepth: uint64(cfg.EthConfirmationDepth), // #nosec G115
 	}
 }
 

diff --git a/server/load_store.go b/server/load_store.go
@@ -62,7 +62,7 @@ func LoadStoreRouter(ctx context.Context, cfg CLIConfig, log log.Logger) (*store
 			log,
 			&store.EigenDAStoreConfig{
 				MaxBlobSizeBytes:     maxBlobLength,
-				EthConfirmationDepth: uint64(cfg.EigenDAConfig.EthConfirmationDepth),
+				EthConfirmationDepth: uint64(cfg.EigenDAConfig.EthConfirmationDepth), // #nosec G115
 				StatusQueryTimeout:   cfg.EigenDAConfig.ClientConfig.StatusQueryTimeout,
 			},
 		)

diff --git a/store/memory.go b/store/memory.go
@@ -150,15 +150,15 @@ func (e *MemStore) Put(_ context.Context, value []byte) ([]byte, error) {
 	mockBatchRoot := crypto.Keccak256Hash(entropy)
 	blockNum, _ := rand.Int(rand.Reader, big.NewInt(1000))
 
-	num := uint32(blockNum.Uint64())
+	num := uint32(blockNum.Uint64()) // #nosec G115
 
 	cert := &verify.Certificate{
 		BlobHeader: &disperser.BlobHeader{
 			Commitment: &common.G1Commitment{
 				X: commitment.X.Marshal(),
 				Y: commitment.Y.Marshal(),
 			},
-			DataLength: uint32(len(encodedVal)),
+			DataLength: uint32(len(encodedVal)), // #nosec G115
 			BlobQuorumParams: []*disperser.BlobQuorumParam{
 				{
 					QuorumNumber:                    1,

diff --git a/verify/cert.go b/verify/cert.go
@@ -115,7 +115,7 @@ func (cv *CertVerifier) getContextBlock() (*big.Int, error) {
 	}
 
 	blockNumber = new(big.Int)
-	blockNumber.Sub(blockHeader.Number(), big.NewInt(int64(cv.ethConfirmationDepth-1)))
+	blockNumber.Sub(blockHeader.Number(), big.NewInt(int64(cv.ethConfirmationDepth-1))) // #nosec G115
 
 	return blockNumber, nil
 }
diff --git a/verify/certificate.go b/verify/certificate.go
@@ -43,9 +43,9 @@ func (c *Certificate) ReadBlobHeader() BlobHeader {
 	qps := make([]QuorumBlobParam, len(c.BlobHeader.BlobQuorumParams))
 	for i, qp := range c.BlobHeader.BlobQuorumParams {
 		qps[i] = QuorumBlobParam{
-			QuorumNumber:                    uint8(qp.QuorumNumber),
-			AdversaryThresholdPercentage:    uint8(qp.AdversaryThresholdPercentage),
-			ConfirmationThresholdPercentage: uint8(qp.ConfirmationThresholdPercentage),
+			QuorumNumber:                    uint8(qp.QuorumNumber),                    // #nosec G115
+			AdversaryThresholdPercentage:    uint8(qp.AdversaryThresholdPercentage),    // #nosec G115
+			ConfirmationThresholdPercentage: uint8(qp.ConfirmationThresholdPercentage), // #nosec G115
 			ChunkLength:                     qp.ChunkLength,
 		}
 	}