chore: case-by-case ignore for gosec integer overflow (dymensionxyz#1226

)
dedyshkaPexto · Nov 22, 2024 · 5c2f6f8 · 5c2f6f8
1 parent cf2976a
commit 5c2f6f8
Show file tree

Hide file tree

Showing 27 changed files with 104 additions and 119 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -60,9 +60,6 @@ issues:
     - mempool
     - state/indexer
     - state/txindex
-  exclude-rules:
-    - text: "G115: integer overflow conversion"
-      linters: [ gosec ]
 
 
 linters-settings:

diff --git a/block/block.go b/block/block.go
@@ -209,7 +209,7 @@ func (m *Manager) isHeightAlreadyApplied(blockHeight uint64) (bool, error) {
 		return false, errorsmod.Wrap(err, "get app info")
 	}
 
-	isBlockAlreadyApplied := uint64(proxyAppInfo.LastBlockHeight) == blockHeight
+	isBlockAlreadyApplied := uint64(proxyAppInfo.LastBlockHeight) == blockHeight //nolint:gosec // LastBlockHeight is always positive
 
 	// TODO: add switch case to validate better the current app state
 

diff --git a/block/executor.go b/block/executor.go
@@ -144,8 +144,8 @@ func (e *Executor) CreateBlock(
 	state *types.State,
 	maxBlockDataSizeBytes uint64,
 ) *types.Block {
-	maxBlockDataSizeBytes = min(maxBlockDataSizeBytes, uint64(max(minBlockMaxBytes, state.ConsensusParams.Block.MaxBytes)))
-	mempoolTxs := e.mempool.ReapMaxBytesMaxGas(int64(maxBlockDataSizeBytes), state.ConsensusParams.Block.MaxGas)
+	maxBlockDataSizeBytes = min(maxBlockDataSizeBytes, uint64(max(minBlockMaxBytes, state.ConsensusParams.Block.MaxBytes))) //nolint:gosec // MaxBytes is always positive
+	mempoolTxs := e.mempool.ReapMaxBytesMaxGas(int64(maxBlockDataSizeBytes), state.ConsensusParams.Block.MaxGas)            //nolint:gosec // size is always positive and falls in int64
 
 	block := &types.Block{
 		Header: types.Header{
@@ -214,7 +214,7 @@ func (e *Executor) commit(state *types.State, block *types.Block, deliverTxs []*
 
 	maxBytes := state.ConsensusParams.Block.MaxBytes
 	maxGas := state.ConsensusParams.Block.MaxGas
-	err = e.mempool.Update(int64(block.Header.Height), fromDymintTxs(block.Data.Txs), deliverTxs)
+	err = e.mempool.Update(int64(block.Header.Height), fromDymintTxs(block.Data.Txs), deliverTxs) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return nil, 0, err
 	}
@@ -273,7 +273,7 @@ func (e *Executor) ExecuteBlock(block *types.Block) (*tmstate.ABCIResponses, err
 		}
 	}
 
-	abciResponses.EndBlock, err = e.proxyAppConsensusConn.EndBlockSync(abci.RequestEndBlock{Height: int64(block.Header.Height)})
+	abciResponses.EndBlock, err = e.proxyAppConsensusConn.EndBlockSync(abci.RequestEndBlock{Height: int64(block.Header.Height)}) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return nil, err
 	}
@@ -305,14 +305,14 @@ func (e *Executor) publishEvents(resp *tmstate.ABCIResponses, block *types.Block
 	for _, ev := range abciBlock.Evidence.Evidence {
 		err = multierr.Append(err, e.eventBus.PublishEventNewEvidence(tmtypes.EventDataNewEvidence{
 			Evidence: ev,
-			Height:   int64(block.Header.Height),
+			Height:   int64(block.Header.Height), //nolint:gosec // height is non-negative and falls in int64
 		}))
 	}
 	for i, dtx := range resp.DeliverTxs {
 		err = multierr.Append(err, e.eventBus.PublishEventTx(tmtypes.EventDataTx{
 			TxResult: abci.TxResult{
-				Height: int64(block.Header.Height),
-				Index:  uint32(i),
+				Height: int64(block.Header.Height), //nolint:gosec // block height is within int64 range
+				Index:  uint32(i),                  //nolint:gosec // num of deliver txs is less than 2^32
 				Tx:     abciBlock.Data.Txs[i],
 				Result: *dtx,
 			},

diff --git a/block/initchain.go b/block/initchain.go
@@ -10,7 +10,7 @@ import (
 
 func (m *Manager) RunInitChain(ctx context.Context) error {
 	// Get the proposer at the initial height. If we're at genesis the height will be 0.
-	proposer, err := m.SLClient.GetProposerAtHeight(int64(m.State.Height()) + 1)
+	proposer, err := m.SLClient.GetProposerAtHeight(int64(m.State.Height()) + 1) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return fmt.Errorf("get proposer at height: %w", err)
 	}

diff --git a/block/manager.go b/block/manager.go
@@ -308,7 +308,7 @@ func (m *Manager) updateFromLastSettlementState() error {
 	if errors.Is(err, gerrc.ErrNotFound) {
 		// The SL hasn't got any batches for this chain yet.
 		m.logger.Info("No batches for chain found in SL.")
-		m.LastSettlementHeight.Store(uint64(m.Genesis.InitialHeight - 1))
+		m.LastSettlementHeight.Store(uint64(m.Genesis.InitialHeight - 1)) //nolint:gosec // height is non-negative and falls in int64
 		m.LastBlockTimeInSettlement.Store(m.Genesis.GenesisTime.UTC().UnixNano())
 		return nil
 	}

diff --git a/block/produce.go b/block/produce.go
@@ -274,7 +274,7 @@ func (m *Manager) createTMSignature(block *types.Block, proposerAddress []byte,
 	headerHash := block.Header.Hash()
 	vote := tmtypes.Vote{
 		Type:      cmtproto.PrecommitType,
-		Height:    int64(block.Header.Height),
+		Height:    int64(block.Header.Height), //nolint:gosec // height is non-negative and falls in int64
 		Round:     0,
 		Timestamp: voteTimestamp,
 		BlockID: tmtypes.BlockID{Hash: headerHash[:], PartSetHeader: tmtypes.PartSetHeader{

diff --git a/block/pruning.go b/block/pruning.go
@@ -28,6 +28,7 @@ func (m *Manager) Prune(retainHeight uint64) {
 	logResult(err, "dymint store", retainHeight, pruned)
 }
 
+//nolint:gosec // height is non-negative and falls in int64
 func (m *Manager) PruningLoop(ctx context.Context) error {
 	for {
 		select {

diff --git a/block/sequencers.go b/block/sequencers.go
@@ -177,7 +177,7 @@ func (m *Manager) UpdateSequencerSetFromSL() error {
 
 // UpdateProposerFromSL queries the hub and updates the local dymint state proposer at the current height
 func (m *Manager) UpdateProposerFromSL() error {
-	SLProposer, err := m.SLClient.GetProposerAtHeight(int64(m.State.NextHeight()))
+	SLProposer, err := m.SLClient.GetProposerAtHeight(int64(m.State.NextHeight())) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return fmt.Errorf("get proposer at height: %w", err)
 	}

diff --git a/block/state.go b/block/state.go
@@ -59,7 +59,7 @@ func NewStateFromGenesis(genDoc *tmtypes.GenesisDoc) (*types.State, error) {
 	s := types.State{
 		Version:         InitStateVersion,
 		ChainID:         genDoc.ChainID,
-		InitialHeight:   uint64(genDoc.InitialHeight),
+		InitialHeight:   uint64(genDoc.InitialHeight), //nolint:gosec // height is non-negative and falls in int64
 		ConsensusParams: *genDoc.ConsensusParams,
 	}
 	s.SetHeight(0)
@@ -80,7 +80,7 @@ func (m *Manager) UpdateStateFromApp(blockHeaderHash [32]byte) error {
 		return errorsmod.Wrap(err, "get app info")
 	}
 
-	appHeight := uint64(proxyAppInfo.LastBlockHeight)
+	appHeight := uint64(proxyAppInfo.LastBlockHeight) //nolint:gosec // height is non-negative and falls in int64
 	resp, err := m.Store.LoadBlockResponses(appHeight)
 	if err != nil {
 		return errorsmod.Wrap(err, "load block responses")

diff --git a/block/submit.go b/block/submit.go
@@ -67,7 +67,7 @@ func SubmitLoopInner(
 			case <-ctx.Done():
 				return nil
 			case n := <-bytesProduced:
-				pendingBytes.Add(uint64(n))
+				pendingBytes.Add(uint64(n)) //nolint:gosec // bytes size is always positive
 				logger.Debug("Added bytes produced to bytes pending submission counter.", "bytes added", n, "pending", pendingBytes.Load())
 			}
 
@@ -129,7 +129,7 @@ func SubmitLoopInner(
 					return err
 				}
 				ticker.Reset(maxBatchSubmitTime)
-				pending = uint64(unsubmittedBlocksBytes())
+				pending = uint64(unsubmittedBlocksBytes())                                                                                 //nolint:gosec // bytes size is always positive
 				logger.Info("Submitted a batch to both sub-layers.", "n bytes consumed from pending", nConsumed, "pending after", pending) // TODO: debug level
 			}
 			trigger.Nudge()
@@ -147,7 +147,7 @@ func (m *Manager) CreateAndSubmitBatchGetSizeBlocksCommits(maxSize uint64) (uint
 	if b == nil {
 		return 0, err
 	}
-	return uint64(b.SizeBlockAndCommitBytes()), err
+	return uint64(b.SizeBlockAndCommitBytes()), err //nolint:gosec // size is always positive and falls in uint64
 }
 
 // CreateAndSubmitBatch creates and submits a batch to the DA and SL.
@@ -212,7 +212,7 @@ func (m *Manager) CreateBatch(maxBatchSize uint64, startHeight uint64, endHeight
 		batch.DRSVersion = append(batch.DRSVersion, drsVersion)
 
 		totalSize := batch.SizeBytes()
-		if maxBatchSize < uint64(totalSize) {
+		if maxBatchSize < uint64(totalSize) { //nolint:gosec // size is always positive and falls in uint64
 
 			// Remove the last block and commit from the batch
 			batch.Blocks = batch.Blocks[:len(batch.Blocks)-1]

diff --git a/config/flags.go b/config/flags.go
@@ -58,7 +58,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 	cmd.Flags().String(FlagP2PListenAddress, def.P2PConfig.ListenAddress, "P2P listen address")
 	cmd.Flags().String(FlagP2PBootstrapNodes, def.P2PConfig.BootstrapNodes, "P2P bootstrap nodes")
 	cmd.Flags().Duration(FlagP2PBootstrapRetryTime, def.P2PConfig.BootstrapRetryTime, "P2P bootstrap time")
-	cmd.Flags().Uint64(FlagP2PGossipCacheSize, uint64(def.P2PConfig.GossipSubCacheSize), "P2P Gossiped blocks cache size")
+	cmd.Flags().Uint64(FlagP2PGossipCacheSize, uint64(def.P2PConfig.GossipSubCacheSize), "P2P Gossiped blocks cache size") //nolint:gosec // GossipSubCacheSize should be always positive
 }
 
 func BindDymintFlags(cmd *cobra.Command, v *viper.Viper) error {

diff --git a/da/avail/avail.go b/da/avail/avail.go
@@ -18,10 +18,11 @@ import (
 	"github.com/centrifuge/go-substrate-rpc-client/v4/rpc/state"
 	"github.com/centrifuge/go-substrate-rpc-client/v4/signature"
 	availtypes "github.com/centrifuge/go-substrate-rpc-client/v4/types"
+	"github.com/tendermint/tendermint/libs/pubsub"
+
 	"github.com/dymensionxyz/dymint/da"
 	"github.com/dymensionxyz/dymint/store"
 	pb "github.com/dymensionxyz/dymint/types/pb/dymint"
-	"github.com/tendermint/tendermint/libs/pubsub"
 )
 
 const (
@@ -363,7 +364,7 @@ func (c *DataAvailabilityLayerClient) broadcastTx(tx []byte) (uint64, error) {
 		SpecVersion:        rv.SpecVersion,
 		Tip:                availtypes.NewUCompactFromUInt(c.config.Tip),
 		TransactionVersion: rv.TransactionVersion,
-		AppID:              availtypes.NewUCompactFromUInt(uint64(c.config.AppID)),
+		AppID:              availtypes.NewUCompactFromUInt(uint64(c.config.AppID)), //nolint:gosec // AppID should be always positive
 	}
 
 	// Sign the transaction using Alice's default account

diff --git a/da/celestia/celestia.go b/da/celestia/celestia.go
@@ -278,7 +278,7 @@ func (c *DataAvailabilityLayerClient) RetrieveBatches(daMetaData *da.DASubmitMet
 
 					return nil
 				},
-				retry.Attempts(uint(*c.config.RetryAttempts)),
+				retry.Attempts(uint(*c.config.RetryAttempts)), //nolint:gosec // RetryAttempts should be always positive
 				retry.DelayType(retry.FixedDelay),
 				retry.Delay(c.config.RetryDelay),
 			)
@@ -361,17 +361,22 @@ func (c *DataAvailabilityLayerClient) CheckBatchAvailability(daMetaData *da.DASu
 			c.logger.Debug("Context cancelled")
 			return da.ResultCheckBatch{}
 		default:
-			err := retry.Do(func() error {
-				result := c.checkBatchAvailability(daMetaData)
-				availabilityResult = result
+			err := retry.Do(
+				func() error {
+					result := c.checkBatchAvailability(daMetaData)
+					availabilityResult = result
 
-				if result.Code != da.StatusSuccess {
-					c.logger.Error("Blob submitted not found in DA. Retrying availability check.")
-					return da.ErrBlobNotFound
-				}
+					if result.Code != da.StatusSuccess {
+						c.logger.Error("Blob submitted not found in DA. Retrying availability check.")
+						return da.ErrBlobNotFound
+					}
 
-				return nil
-			}, retry.Attempts(uint(*c.config.RetryAttempts)), retry.DelayType(retry.FixedDelay), retry.Delay(c.config.RetryDelay))
+					return nil
+				},
+				retry.Attempts(uint(*c.config.RetryAttempts)), //nolint:gosec // RetryAttempts should be always positive
+				retry.DelayType(retry.FixedDelay),
+				retry.Delay(c.config.RetryDelay),
+			)
 			if err != nil {
 				c.logger.Error("CheckAvailability process failed.", "error", err)
 			}
@@ -496,11 +501,6 @@ func (c *DataAvailabilityLayerClient) submit(daBlob da.Blob) (uint64, da.Commitm
 		return 0, nil, fmt.Errorf("zero commitments: %w: %w", gerrc.ErrNotFound, gerrc.ErrInternal)
 	}
 
-	blobSizes := make([]uint32, len(blobs))
-	for i, blob := range blobs {
-		blobSizes[i] = uint32(len(blob.Data))
-	}
-
 	ctx, cancel := context.WithTimeout(c.ctx, c.config.Timeout)
 	defer cancel()
 

diff --git a/da/celestia/types/types.go b/da/celestia/types/types.go
@@ -75,23 +75,3 @@ const (
 	// Default maximum bytes per blob allowed
 	DefaultMaxBytes = DefaultGovMaxSquareSize * DefaultGovMaxSquareSize * ContinuationSparseShareContentSize
 )
-
-// SparseSharesNeeded returns the number of shares needed to store a sequence of
-// length sequenceLen.
-func SparseSharesNeeded(sequenceLen uint32) (sharesNeeded int) {
-	if sequenceLen == 0 {
-		return 0
-	}
-
-	if sequenceLen < FirstSparseShareContentSize {
-		return 1
-	}
-
-	bytesAvailable := FirstSparseShareContentSize
-	sharesNeeded++
-	for uint32(bytesAvailable) < sequenceLen {
-		bytesAvailable += ContinuationSparseShareContentSize
-		sharesNeeded++
-	}
-	return sharesNeeded
-}
diff --git a/da/da.go b/da/da.go
@@ -9,16 +9,18 @@ import (
 	"cosmossdk.io/math"
 	"github.com/celestiaorg/celestia-openrpc/types/blob"
 	"github.com/cometbft/cometbft/crypto/merkle"
+	"github.com/tendermint/tendermint/libs/pubsub"
+
 	"github.com/dymensionxyz/dymint/store"
 	"github.com/dymensionxyz/dymint/types"
-	"github.com/tendermint/tendermint/libs/pubsub"
 )
 
 // StatusCode is a type for DA layer return status.
 // TODO: define an enum of different non-happy-path cases
 // that might need to be handled by Dymint independent of
-// the underlying DA chain.
-type StatusCode uint64
+// the underlying DA chain. Use int32 to match the protobuf
+// enum representation.
+type StatusCode int32
 
 // Commitment should contain serialized cryptographic commitment to Blob value.
 type Commitment = []byte

diff --git a/indexers/blockindexer/kv/kv.go b/indexers/blockindexer/kv/kv.go
@@ -19,9 +19,10 @@ import (
 	indexer "github.com/dymensionxyz/dymint/indexers/blockindexer"
 	"github.com/dymensionxyz/dymint/store"
 
+	tmtypes "github.com/tendermint/tendermint/types"
+
 	"github.com/dymensionxyz/dymint/types/pb/dymint"
 	dmtypes "github.com/dymensionxyz/dymint/types/pb/dymint"
-	tmtypes "github.com/tendermint/tendermint/types"
 )
 
 var _ indexer.BlockIndexer = (*BlockerIndexer)(nil)
@@ -545,7 +546,7 @@ func (idx *BlockerIndexer) pruneBlocks(from, to uint64, logger log.Logger) (uint
 		return nil
 	}
 
-	for h := int64(from); h < int64(to); h++ {
+	for h := int64(from); h < int64(to); h++ { //nolint:gosec // heights (from and to) are always positive and fall in int64
 
 		// flush every 1000 blocks to avoid batches becoming too large
 		if toFlush > 1000 {
@@ -591,7 +592,7 @@ func (idx *BlockerIndexer) pruneBlocks(from, to uint64, logger log.Logger) (uint
 
 	}
 
-	err := flush(batch, int64(to))
+	err := flush(batch, int64(to)) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return 0, err
 	}

diff --git a/indexers/txindex/kv/kv.go b/indexers/txindex/kv/kv.go
@@ -592,11 +592,11 @@ func (txi *TxIndex) pruneTxsAndEvents(from, to uint64, logger log.Logger) (uint6
 		return nil
 	}
 
-	for h := from; h < to; h++ {
+	for h := int64(from); h < int64(to); h++ { //nolint:gosec // heights (from and to) are always positive and fall in int64
 
 		// flush every 1000 txs to avoid batches becoming too large
 		if toFlush > 1000 {
-			err := flush(batch, int64(h))
+			err := flush(batch, h)
 			if err != nil {
 				return 0, err
 			}
@@ -615,7 +615,7 @@ func (txi *TxIndex) pruneTxsAndEvents(from, to uint64, logger log.Logger) (uint6
 		}
 
 		// then all txs indexed are iterated by height
-		it := txi.store.PrefixIterator(prefixForHeight(int64(h)))
+		it := txi.store.PrefixIterator(prefixForHeight(h))
 
 		// and deleted all indexed (by hash and by keyheight)
 		for ; it.Valid(); it.Next() {
@@ -635,17 +635,17 @@ func (txi *TxIndex) pruneTxsAndEvents(from, to uint64, logger log.Logger) (uint6
 
 	}
 
-	err := flush(batch, int64(to))
+	err := flush(batch, int64(to)) //nolint:gosec // height is non-negative and falls in int64
 	if err != nil {
 		return 0, err
 	}
 
 	return pruned, nil
 }
 
-func (txi *TxIndex) pruneEvents(height uint64, batch store.KVBatch) (uint64, error) {
+func (txi *TxIndex) pruneEvents(height int64, batch store.KVBatch) (uint64, error) {
 	pruned := uint64(0)
-	eventKey, err := eventHeightKey(int64(height))
+	eventKey, err := eventHeightKey(height)
 	if err != nil {
 		return pruned, err
 	}