From 06fa8106fa9984bbbc23e7f108ec82fc37b3d74b Mon Sep 17 00:00:00 2001 From: lumtis Date: Tue, 13 Feb 2024 15:33:32 +0100 Subject: [PATCH 1/3] fix: gosec error for randomness library --- x/emissions/client/tests/suite.go | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/x/emissions/client/tests/suite.go b/x/emissions/client/tests/suite.go index 2baea8a338..415a96dc86 100644 --- a/x/emissions/client/tests/suite.go +++ b/x/emissions/client/tests/suite.go @@ -78,17 +78,15 @@ func RandomBallotGenerator(numberOfBallots int, voterList []string) []*observerT ballotStatus := []observerTypes.BallotStatus{observerTypes.BallotStatus_BallotFinalized_FailureObservation, observerTypes.BallotStatus_BallotFinalized_SuccessObservation} min := 0 max := len(ballotStatus) - 1 - // #nosec G404 randomness is not a security issue here for i := 0; i < numberOfBallots; i++ { ballots[i] = &observerTypes.Ballot{ - Index: "", - BallotIdentifier: "TestBallot" + strconv.Itoa(i), - VoterList: voterList, - Votes: CreateRandomVoteList(len(voterList)), - ObservationType: observerTypes.ObservationType_InBoundTx, - BallotThreshold: sdk.MustNewDecFromStr("0.66"), - // #nosec G404 randomness used for testing - BallotStatus: ballotStatus[rand.Intn(max-min)+min], + Index: "", + BallotIdentifier: "TestBallot" + strconv.Itoa(i), + VoterList: voterList, + Votes: CreateRandomVoteList(len(voterList)), + ObservationType: observerTypes.ObservationType_InBoundTx, + BallotThreshold: sdk.MustNewDecFromStr("0.66"), + BallotStatus: ballotStatus[rand.Intn(max-min)+min], // #nosec G404 randomness used for testing BallotCreationHeight: 0, } } From b4f9dcd651fd8fe8591d9771914daa9c66190f53 Mon Sep 17 00:00:00 2001 From: lumtis Date: Tue, 13 Feb 2024 15:50:36 +0100 Subject: [PATCH 2/3] use crypto/rand --- x/emissions/client/tests/suite.go | 36 +++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/x/emissions/client/tests/suite.go b/x/emissions/client/tests/suite.go index 415a96dc86..c13294ddf7 100644 --- a/x/emissions/client/tests/suite.go +++ b/x/emissions/client/tests/suite.go @@ -1,8 +1,10 @@ package querytests import ( - "math/rand" + "crypto/rand" + "math/big" "strconv" + "testing" sdk "github.com/cosmos/cosmos-sdk/types" ethcfg "github.com/evmos/ethermint/cmd/config" @@ -52,7 +54,7 @@ func (s *CliTestSuite) SetupSuite() { "zeta1e9fyaulgntkrnqnl0es4nyxghp3petpn2ntu3t", } network.SetupZetaGenesisState(s.T(), s.cfg.GenesisState, s.cfg.Codec, observerList, false) - s.ballots = RandomBallotGenerator(20, observerList) + s.ballots = RandomBallotGenerator(s.T(), 20, observerList) network.AddObserverData(s.T(), 2, s.cfg.GenesisState, s.cfg.Codec, s.ballots) net, err := network.New(s.T(), app.NodeDir, s.cfg) @@ -63,30 +65,42 @@ func (s *CliTestSuite) SetupSuite() { } -func CreateRandomVoteList(numberOfVotes int) []observerTypes.VoteType { +func CreateRandomVoteList(t *testing.T, numberOfVotes int) []observerTypes.VoteType { voteOptions := []observerTypes.VoteType{observerTypes.VoteType_SuccessObservation, observerTypes.VoteType_FailureObservation, observerTypes.VoteType_NotYetVoted} - min := 0 - max := len(voteOptions) - 1 + minVoterOptions := 0 + maxBoterOptions := len(voteOptions) - 1 + + randomVoteOptions, err := rand.Int(rand.Reader, big.NewInt(int64(maxBoterOptions-minVoterOptions))) + if err != nil { + t.Fatal(err) + } + voteList := make([]observerTypes.VoteType, numberOfVotes) for i := 0; i < numberOfVotes; i++ { - voteList[i] = voteOptions[rand.Intn(max-min)+min] // #nosec G404 + voteList[i] = voteOptions[randomVoteOptions.Int64()] } return voteList } -func RandomBallotGenerator(numberOfBallots int, voterList []string) []*observerTypes.Ballot { +func RandomBallotGenerator(t *testing.T, numberOfBallots int, voterList []string) []*observerTypes.Ballot { ballots := make([]*observerTypes.Ballot, numberOfBallots) ballotStatus := []observerTypes.BallotStatus{observerTypes.BallotStatus_BallotFinalized_FailureObservation, observerTypes.BallotStatus_BallotFinalized_SuccessObservation} - min := 0 - max := len(ballotStatus) - 1 + minBallotStatus := 0 + maxBallotStatus := len(ballotStatus) - 1 + + randomBallotStatus, err := rand.Int(rand.Reader, big.NewInt(int64(maxBallotStatus-minBallotStatus))) + if err != nil { + t.Fatal(err) + } + for i := 0; i < numberOfBallots; i++ { ballots[i] = &observerTypes.Ballot{ Index: "", BallotIdentifier: "TestBallot" + strconv.Itoa(i), VoterList: voterList, - Votes: CreateRandomVoteList(len(voterList)), + Votes: CreateRandomVoteList(t, len(voterList)), ObservationType: observerTypes.ObservationType_InBoundTx, BallotThreshold: sdk.MustNewDecFromStr("0.66"), - BallotStatus: ballotStatus[rand.Intn(max-min)+min], // #nosec G404 randomness used for testing + BallotStatus: ballotStatus[randomBallotStatus.Int64()], BallotCreationHeight: 0, } } From 4c9ed63a7d7503bf5c876e81127d726ae347c1fb Mon Sep 17 00:00:00 2001 From: Charlie Chen Date: Tue, 13 Feb 2024 11:06:19 -0600 Subject: [PATCH 3/3] add changelog entry --- changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog.md b/changelog.md index 1ad986c8b5..e52668fc8b 100644 --- a/changelog.md +++ b/changelog.md @@ -28,6 +28,7 @@ ### Tests * [1584](https://github.com/zeta-chain/node/pull/1584) - allow to run E2E tests on any networks +* [1753](https://github.com/zeta-chain/node/pull/1753) - fix gosec errors on usage of rand package ### CI