diff --git a/.avalanche-golangci.yml b/.avalanche-golangci.yml index 2d0b812652..7f9d9b31c0 100644 --- a/.avalanche-golangci.yml +++ b/.avalanche-golangci.yml @@ -61,7 +61,7 @@ linters: - goconst - gocritic - goprintffuncname - # - gosec + - gosec - govet - importas - ineffassign diff --git a/cmd/simulator/metrics/metrics.go b/cmd/simulator/metrics/metrics.go index 84b3f50373..055f264a99 100644 --- a/cmd/simulator/metrics/metrics.go +++ b/cmd/simulator/metrics/metrics.go @@ -14,6 +14,8 @@ import ( "github.com/ava-labs/libevm/log" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" + + "github.com/ava-labs/coreth/rpc" ) type Metrics struct { @@ -66,7 +68,8 @@ func (m *Metrics) Serve(ctx context.Context, metricsPort string, metricsEndpoint ctx, cancel := context.WithCancel(ctx) // Create a prometheus server to expose individual tx metrics server := &http.Server{ - Addr: ":" + metricsPort, + Addr: ":" + metricsPort, + ReadHeaderTimeout: rpc.DefaultHTTPTimeouts.ReadHeaderTimeout, } // Start up go routine to listen for SIGINT notifications to gracefully shut down server diff --git a/core/blockchain_ext_test.go b/core/blockchain_ext_test.go index 566f85274a..f8cb92be02 100644 --- a/core/blockchain_ext_test.go +++ b/core/blockchain_ext_test.go @@ -1651,7 +1651,7 @@ func ReexecCorruptedStateTest(t *testing.T, create ReexecTestFunc) { require.NoError(t, blockchain.Accept(chain[0])) // Simulate a crash by updating the acceptor tip - blockchain.writeBlockAcceptedIndices(chain[1]) + require.NoError(t, blockchain.writeBlockAcceptedIndices(chain[1])) blockchain.Stop() // Restart blockchain with existing state diff --git a/core/extstate/database_test.go b/core/extstate/database_test.go index a753530d6e..6010d2860b 100644 --- a/core/extstate/database_test.go +++ b/core/extstate/database_test.go @@ -311,7 +311,7 @@ func (fs *fuzzState) deleteStorage(accountIndex int, storageIndexInput uint64) { func FuzzTree(f *testing.F) { f.Fuzz(func(t *testing.T, randSeed int64, byteSteps []byte) { fuzzState := newFuzzState(t) - rand := rand.New(rand.NewSource(randSeed)) + rand := rand.New(rand.NewSource(randSeed)) //nolint:gosec // this isn't a good fuzz test, but it is reproducible. for range 10 { fuzzState.createAccount() diff --git a/network/peer_tracker.go b/network/peer_tracker.go index 789d22ef52..3d277331ed 100644 --- a/network/peer_tracker.go +++ b/network/peer_tracker.go @@ -5,7 +5,6 @@ package network import ( "math" - "math/rand" "time" "github.com/ava-labs/avalanchego/ids" @@ -14,6 +13,8 @@ import ( "github.com/ava-labs/libevm/log" "github.com/ava-labs/libevm/metrics" + "github.com/ava-labs/coreth/utils/rand" + safemath "github.com/ava-labs/avalanchego/utils/math" ) @@ -76,7 +77,7 @@ func (p *peerTracker) shouldTrackNewPeer() bool { return false } newPeerProbability := math.Exp(-float64(numResponsivePeers) * newPeerConnectFactor) - return rand.Float64() < newPeerProbability + return rand.SecureFloat64() < newPeerProbability } // getResponsivePeer returns a random [ids.NodeID] of a peer that has responded @@ -115,7 +116,7 @@ func (p *peerTracker) GetAnyPeer(minVersion *version.Application) (ids.NodeID, b random bool averager safemath.Averager ) - if rand.Float64() < randomPeerProbability { + if rand.SecureFloat64() < randomPeerProbability { random = true nodeID, averager, ok = p.getResponsivePeer() } else { diff --git a/plugin/evm/atomic/atomictest/tx.go b/plugin/evm/atomic/atomictest/tx.go index e37d35d2a4..74b1643d7f 100644 --- a/plugin/evm/atomic/atomictest/tx.go +++ b/plugin/evm/atomic/atomictest/tx.go @@ -150,7 +150,7 @@ func GenerateTestExportTx() *atomic.Tx { } func NewTestTx() *atomic.Tx { - txType := rand.Intn(2) + txType := rand.Intn(2) //nolint:gosec switch txType { case 0: return GenerateTestImportTx() diff --git a/plugin/evm/atomic/sync/syncer_test.go b/plugin/evm/atomic/sync/syncer_test.go index 34bed1bb49..136f95c5a9 100644 --- a/plugin/evm/atomic/sync/syncer_test.go +++ b/plugin/evm/atomic/sync/syncer_test.go @@ -68,7 +68,7 @@ func TestSyncerScenarios(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec targetHeight := 10 * uint64(testCommitInterval) serverTrieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) root, _, _ := statesynctest.GenerateTrie(t, r, serverTrieDB, int(targetHeight), state.TrieKeyLength) @@ -104,7 +104,7 @@ func TestSyncerResumeScenarios(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec targetHeight := 10 * uint64(testCommitInterval) serverTrieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) numTrieKeys := int(targetHeight) - 1 // no atomic ops for genesis @@ -148,7 +148,7 @@ func TestSyncerResumeNewRootCheckpointScenarios(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec targetHeight1 := 10 * uint64(testCommitInterval) serverTrieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) numTrieKeys1 := int(targetHeight1) - 1 // no atomic ops for genesis @@ -222,7 +222,7 @@ func TestSyncerContextCancellation(t *testing.T) { // It returns the context, mock client, atomic backend, client DB, and root hash for testing. func setupParallelizationTest(t *testing.T, targetHeight uint64) (context.Context, *syncclient.TestClient, *state.AtomicBackend, *versiondb.Database, common.Hash) { // Create a simple test trie with some data. - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverTrieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) root, _, _ := statesynctest.GenerateTrie(t, r, serverTrieDB, int(targetHeight), state.TrieKeyLength) diff --git a/plugin/evm/customtypes/header_ext_test.go b/plugin/evm/customtypes/header_ext_test.go index 8791ec4a4a..9aab221637 100644 --- a/plugin/evm/customtypes/header_ext_test.go +++ b/plugin/evm/customtypes/header_ext_test.go @@ -147,7 +147,7 @@ func allFieldsSet[T interface { if fieldValue.Kind() == reflect.Ptr { require.Falsef(t, fieldValue.IsNil(), "field %q is nil", field.Name) } - fieldValue = reflect.NewAt(fieldValue.Type(), unsafe.Pointer(fieldValue.UnsafeAddr())).Elem() //nolint:gosec + fieldValue = reflect.NewAt(fieldValue.Type(), unsafe.Pointer(fieldValue.UnsafeAddr())).Elem() } switch f := fieldValue.Interface().(type) { diff --git a/plugin/evm/message/block_request_test.go b/plugin/evm/message/block_request_test.go index 31b2fcd2bd..85fe3db154 100644 --- a/plugin/evm/message/block_request_test.go +++ b/plugin/evm/message/block_request_test.go @@ -40,20 +40,17 @@ func TestMarshalBlockRequest(t *testing.T) { func TestMarshalBlockResponse(t *testing.T) { // create some random bytes // set seed to ensure deterministic random behaviour - rand := rand.New(rand.NewSource(1)) + rand := rand.New(rand.NewSource(1)) //nolint:gosec blocksBytes := make([][]byte, 32) for i := range blocksBytes { blocksBytes[i] = make([]byte, rand.Intn(32)+32) // min 32 length, max 64 _, err := rand.Read(blocksBytes[i]) require.NoError(t, err) } - blockResponse := BlockResponse{ Blocks: blocksBytes, } - base64BlockResponse := "AAAAAAAgAAAAIU8WP18PmmIdcpVmx00QA3xNe7sEB9HixkmBhVrYaB0NhgAAADnR6ZTSxCKs0gigByk5SH9pmeudGKRHhARdh/PGfPInRumVr1olNnlRuqL/bNRxxIPxX7kLrbN8WCEAAAA6tmgLTnyLdjobHUnUlVyEhiFjJSU/7HON16nii/khEZwWDwcCRIYVu9oIMT9qjrZo0gv1BZh1kh5migAAACtb3yx/xIRo0tbFL1BU4tCDa/hMcXTLdHY2TMPb2Wiw9xcu2FeUuzWLDDtSAAAAO12heG+f69ehnQ97usvgJVqlt9RL7ED4TIkrm//UNimwIjvupfT3Q5H0RdFa/UKUBAN09pJLmMv4cT+NAAAAMpYtJOLK/Mrjph+1hrFDI6a8j5598dkpMz/5k5M76m9bOvbeA3Q2bEcZ5DobBn2JvH8BAAAAOfHxekxyFaO1OeseWEnGB327VyL1cXoomiZvl2R5gZmOvqicC0s3OXARXoLtb0ElyPpzEeTX3vqSLQAAACc2zU8kq/ffhmuqVgODZ61hRd4e6PSosJk+vfiIOgrYvpw5eLBIg+UAAAAkahVqnexqQOmh0AfwM8KCMGG90Oqln45NpkMBBSINCyloi3NLAAAAKI6gENd8luqAp6Zl9gb2pjt/Pf0lZ8GJeeTWDyZobZvy+ybJAf81TN4AAAA8FgfuKbpk+Eq0PKDG5rkcH9O+iZBDQXnTr0SRo2kBLbktGE/DnRc0/1cWQolTu2hl/PkrDDoXyQKL6ZFOAAAAMwl50YMDVvKlTD3qsqS0R11jr76PtWmHx39YGFJvGBS+gjNQ6rE5NfMdhEhFF+kkrveK4QAAADhRwAdVkgww7CmjcDk0v1CijaECl13tp351hXnqPf5BNqv3UrO4Jx0D6USzyds2a3UEX479adIq5QAAADpBGUfLVbzqQGsy1hCL1oWE9X43yqxuM/6qMmOjmUNwJLqcmxRniidPAakQrilfbvv+X1q/RMzeJjtWAAAAKAZjPn05Bp8BojnENlhUw69/a0HWMfkrmo0S9BJXMl//My91drBiBVYAAAAqMEo+Pq6QGlJyDahcoeSzjq8/RMbG74Ni8vVPwA4J1vwlZAhUwV38rKqKAAAAOyzszlo6lLTTOKUUPmNAjYcksM8/rhej95vhBy+2PDXWBCxBYPOO6eKp8/tP+wAZtFTVIrX/oXYEGT+4AAAAMpZnz1PD9SDIibeb9QTPtXx2ASMtWJuszqnW4mPiXCd0HT9sYsu7FdmvvL9/faQasECOAAAALzk4vxd0rOdwmk8JHpqD/erg7FXrIzqbU5TLPHhWtUbTE8ijtMHA4FRH9Lo3DrNtAAAAPLz97PUi4qbx7Qr+wfjiD6q+32sWLnF9OnSKWGd6DFY0j4khomaxHQ8zTGL+UrpTrxl3nLKUi2Vw/6C3cwAAADqWPBMK15dRJSEPDvHDFAkPB8eab1ccJG8+msC3QT7xEL1YsAznO/9wb3/0tvRAkKMnEfMgjk5LictRAAAAJ2XOZAA98kaJKNWiO5ynQPgMk4LZxgNK0pYMeWUD4c4iFyX1DK8fvwAAADtcR6U9v459yvyeE4ZHpLRO1LzpZO1H90qllEaM7TI8t28NP6xHbJ+wP8kij7roj9WAZjoEVLaDEiB/CgAAADc7WExi1QJ84VpPClglDY+1Dnfyv08BUuXUlDWAf51Ll75vt3lwRmpWJv4zQIz56I4seXQIoy0pAAAAKkFrryBqmDIJgsharXA4SFnAWksTodWy9b/vWm7ZLaSCyqlWjltv6dip3QAAAC7Z6wkne1AJRMvoAKCxUn6mRymoYdL2SXoyNcN/QZJ3nsHZazscVCT84LcnsDByAAAAI+ZAq8lEj93rIZHZRcBHZ6+Eev0O212IV7eZrLGOSv+r4wN/AAAAL/7MQW5zTTc8Xr68nNzFlbzOPHvT2N+T+rfhJd3rr+ZaMb1dQeLSzpwrF4kvD+oZAAAAMTGikNy/poQG6HcHP/CINOGXpANKpIr6P4W4picIyuu6yIC1uJuT2lOBAWRAIQTmSLYAAAA1ImobDzE6id38RUxfj3KsibOLGfU3hMGem+rAPIdaJ9sCneN643pCMYgTSHaFkpNZyoxeuU4AAAA9FS3Br0LquOKSXG2u5N5e+fnc8I38vQK4CAk5hYWSig995QvhptwdV2joU3mI/dzlYum5SMkYu6PpM+XEAAAAAC3Nrne6HSWbGIpLIchvvCPXKLRTR+raZQryTFbQgAqGkTMgiKgFvVXERuJesHU=" - blockResponseBytes, err := Codec.Marshal(Version, blockResponse) require.NoError(t, err) require.Equal(t, base64BlockResponse, base64.StdEncoding.EncodeToString(blockResponseBytes)) diff --git a/plugin/evm/message/code_request_test.go b/plugin/evm/message/code_request_test.go index 96988da58d..9361cfd452 100644 --- a/plugin/evm/message/code_request_test.go +++ b/plugin/evm/message/code_request_test.go @@ -34,9 +34,8 @@ func TestMarshalCodeRequest(t *testing.T) { // TestMarshalCodeResponse requires that the structure or serialization logic hasn't changed, primarily to // ensure compatibility with the network. func TestMarshalCodeResponse(t *testing.T) { - // generate some random code data - // set random seed for deterministic random - rand := rand.New(rand.NewSource(1)) + rand := rand.New(rand.NewSource(1)) //nolint:gosec + codeData := make([]byte, 50) _, err := rand.Read(codeData) require.NoError(t, err) @@ -46,7 +45,6 @@ func TestMarshalCodeResponse(t *testing.T) { } base64CodeResponse := "AAAAAAABAAAAMlL9/AchgmVPFj9fD5piHXKVZsdNEAN8TXu7BAfR4sZJgYVa2GgdDYbR6R4AFnk5y2aU" - codeResponseBytes, err := Codec.Marshal(Version, codeResponse) require.NoError(t, err) require.Equal(t, base64CodeResponse, base64.StdEncoding.EncodeToString(codeResponseBytes)) diff --git a/plugin/evm/message/leafs_request_test.go b/plugin/evm/message/leafs_request_test.go index 4e9898aaae..19bb50089d 100644 --- a/plugin/evm/message/leafs_request_test.go +++ b/plugin/evm/message/leafs_request_test.go @@ -15,9 +15,7 @@ import ( // TestMarshalLeafsRequest requires that the structure or serialization logic hasn't changed, primarily to // ensure compatibility with the network. func TestMarshalLeafsRequest(t *testing.T) { - // generate some random code data - // set random seed for deterministic random - rand := rand.New(rand.NewSource(1)) + rand := rand.New(rand.NewSource(1)) //nolint:gosec startBytes := make([]byte, common.HashLength) endBytes := make([]byte, common.HashLength) @@ -55,9 +53,7 @@ func TestMarshalLeafsRequest(t *testing.T) { // TestMarshalLeafsResponse requires that the structure or serialization logic hasn't changed, primarily to // ensure compatibility with the network. func TestMarshalLeafsResponse(t *testing.T) { - // generate some random code data - // set random seed for deterministic random - rand := rand.New(rand.NewSource(1)) + rand := rand.New(rand.NewSource(1)) //nolint:gosec keysBytes := make([][]byte, 16) valsBytes := make([][]byte, 16) diff --git a/plugin/evm/vmtest/test_syncervm.go b/plugin/evm/vmtest/test_syncervm.go index be7703d039..da7f4558f8 100644 --- a/plugin/evm/vmtest/test_syncervm.go +++ b/plugin/evm/vmtest/test_syncervm.go @@ -119,7 +119,7 @@ func StateSyncToggleEnabledToDisabledTest(t *testing.T, testSetup *SyncTestSetup require := require.New(t) reqCount := 0 test := SyncTestParams{ - SyncableInterval: 256, + SyncableInterval: vmsync.BlocksToFetch, StateSyncMinBlocks: 50, // must be less than [syncableInterval] to perform sync SyncMode: block.StateSyncStatic, responseIntercept: func(syncerVM extension.InnerVM, nodeID ids.NodeID, requestID uint32, response []byte) { @@ -127,8 +127,8 @@ func StateSyncToggleEnabledToDisabledTest(t *testing.T, testSetup *SyncTestSetup defer lock.Unlock() reqCount++ - // Fail all requests after number 50 to interrupt the sync - if reqCount > 50 { + // Fail all requests after number 5 to interrupt the sync + if reqCount > 5 { if err := syncerVM.AppRequestFailed(context.Background(), nodeID, requestID, commonEng.ErrTimeout); err != nil { panic(err) } @@ -251,7 +251,7 @@ func VMShutdownWhileSyncingTest(t *testing.T, testSetup *SyncTestSetup) { ) reqCount := 0 test := SyncTestParams{ - SyncableInterval: 256, + SyncableInterval: vmsync.BlocksToFetch, StateSyncMinBlocks: 50, // must be less than [syncableInterval] to perform sync SyncMode: block.StateSyncStatic, responseIntercept: func(syncerVM extension.InnerVM, nodeID ids.NodeID, requestID uint32, response []byte) { @@ -259,11 +259,11 @@ func VMShutdownWhileSyncingTest(t *testing.T, testSetup *SyncTestSetup) { defer lock.Unlock() reqCount++ - // Shutdown the VM after 50 requests to interrupt the sync - if reqCount == 50 { + // Shutdown the VM after 5 requests to interrupt the sync + if reqCount == 5 { // Note this verifies the VM shutdown does not time out while syncing. require.NoError(t, testSyncVMSetup.syncerVM.shutdownOnceSyncerVM.Shutdown(context.Background())) - } else if reqCount < 50 { + } else if reqCount < 5 { require.NoError(t, syncerVM.AppResponse(context.Background(), nodeID, requestID, response)) } }, @@ -312,7 +312,7 @@ func initSyncServerAndClientVMs(t *testing.T, test SyncTestParams, numBlocks int generateAndAcceptBlocks(t, serverVM, numBlocks, testSetup.GenFn, nil, cb) // make some accounts - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec root, accounts := statesynctest.FillAccountsWithOverlappingStorage(t, r, serverVM.Ethereum().BlockChain().TrieDB(), types.EmptyRootHash, 1000, 16) // patch serverVM's lastAcceptedBlock to have the new root diff --git a/sync/client/client_test.go b/sync/client/client_test.go index 68ea23a68b..387f44d0c5 100644 --- a/sync/client/client_test.go +++ b/sync/client/client_test.go @@ -367,7 +367,7 @@ func buildGetter(blocks []*types.Block) handlers.BlockProvider { func TestGetLeafs(t *testing.T) { const leafsLimit = 1024 - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec trieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) largeTrieRoot, largeTrieKeys, _ := statesynctest.GenerateTrie(t, r, trieDB, 100_000, common.HashLength) @@ -677,7 +677,7 @@ func TestGetLeafs(t *testing.T) { } func TestGetLeafsRetries(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec trieDB := triedb.NewDatabase(rawdb.NewMemoryDatabase(), nil) root, _, _ := statesynctest.GenerateTrie(t, r, trieDB, 100_000, common.HashLength) diff --git a/sync/handlers/leafs_request_test.go b/sync/handlers/leafs_request_test.go index a2d3b3840e..3a1a2a20b7 100644 --- a/sync/handlers/leafs_request_test.go +++ b/sync/handlers/leafs_request_test.go @@ -26,7 +26,7 @@ import ( ) func TestLeafsRequestHandler_OnLeafsRequest(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec testHandlerStats := &statstest.TestHandlerStats{} memdb := rawdb.NewMemoryDatabase() trieDB := triedb.NewDatabase(memdb, nil) @@ -35,7 +35,7 @@ func TestLeafsRequestHandler_OnLeafsRequest(t *testing.T) { tr, err := trie.New(trie.TrieID(corruptedTrieRoot), trieDB) require.NoError(t, err) // Corrupt [corruptedTrieRoot] - statesynctest.CorruptTrie(t, memdb, tr, 5) + statesynctest.CorruptTrie(t, memdb, tr, 2) largeTrieRoot, largeTrieKeys, _ := statesynctest.GenerateTrie(t, r, trieDB, 10_000, common.HashLength) smallTrieRoot, _, _ := statesynctest.GenerateTrie(t, r, trieDB, 500, common.HashLength) diff --git a/sync/statesync/sync_test.go b/sync/statesync/sync_test.go index 5ed603344a..3a921b0025 100644 --- a/sync/statesync/sync_test.go +++ b/sync/statesync/sync_test.go @@ -50,7 +50,7 @@ func testSync(t *testing.T, test syncTest) { if test.ctx != nil { ctx = test.ctx } - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec clientDB, serverDB, serverTrieDB, root := test.prepareForTest(t, r) leafsRequestHandler := handlers.NewLeafsRequestHandler(serverTrieDB, message.StateTrieKeyLength, nil, message.Codec, handlerstats.NewNoopHandlerStats()) codeRequestHandler := handlers.NewCodeRequestHandler(serverDB, message.Codec, handlerstats.NewNoopHandlerStats()) @@ -198,7 +198,7 @@ func TestSimpleSyncCases(t *testing.T) { } func TestCancelSync(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) // Create trie with 2000 accounts (more than one leaf request) @@ -241,7 +241,7 @@ func (i *interruptLeafsIntercept) getLeafsIntercept(request message.LeafsRequest } func TestResumeSyncAccountsTrieInterrupted(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) root, _ := statesynctest.FillAccountsWithOverlappingStorage(t, r, serverTrieDB, common.Hash{}, 2000, 3) @@ -268,7 +268,7 @@ func TestResumeSyncAccountsTrieInterrupted(t *testing.T) { } func TestResumeSyncLargeStorageTrieInterrupted(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) @@ -301,7 +301,7 @@ func TestResumeSyncLargeStorageTrieInterrupted(t *testing.T) { } func TestResumeSyncToNewRootAfterLargeStorageTrieInterrupted(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) @@ -343,7 +343,7 @@ func TestResumeSyncToNewRootAfterLargeStorageTrieInterrupted(t *testing.T) { } func TestResumeSyncLargeStorageTrieWithConsecutiveDuplicatesInterrupted(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) @@ -376,7 +376,7 @@ func TestResumeSyncLargeStorageTrieWithConsecutiveDuplicatesInterrupted(t *testi } func TestResumeSyncLargeStorageTrieWithSpreadOutDuplicatesInterrupted(t *testing.T) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) @@ -477,7 +477,7 @@ func TestResyncNewRootAfterDeletes(t *testing.T) { } func testSyncerSyncsToNewRoot(t *testing.T, deleteBetweenSyncs func(*testing.T, common.Hash, ethdb.Database)) { - r := rand.New(rand.NewSource(1)) + r := rand.New(rand.NewSource(1)) //nolint:gosec clientDB := rawdb.NewMemoryDatabase() serverDB := rawdb.NewMemoryDatabase() serverTrieDB := triedb.NewDatabase(serverDB, nil) diff --git a/utils/rand/rand.go b/utils/rand/rand.go new file mode 100644 index 0000000000..75f8de1484 --- /dev/null +++ b/utils/rand/rand.go @@ -0,0 +1,20 @@ +// Copyright (C) 2019-2025, Ava Labs, Inc. All rights reserved. +// See the file LICENSE for licensing terms. + +package rand + +import ( + "crypto/rand" + "encoding/binary" + "math" +) + +func SecureFloat64() float64 { + var b [8]byte + if _, err := rand.Read(b[:]); err != nil { + panic("crypto/rand failed: " + err.Error()) + } + bits := binary.BigEndian.Uint64(b[:]) + bits = (bits >> 12) | (1023 << 52) // 52-bit mantissa, exponent=1023 -> [1,2) + return math.Float64frombits(bits) - 1.0 +}