build: fix new gosec linter

Consensys · Aug 27, 2024 · fe7f39d · fe7f39d
1 parent c1a1c0b
commit fe7f39d
Show file tree

Hide file tree

Showing 11 changed files with 32 additions and 26 deletions.
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -32,7 +32,7 @@ jobs:
  - name: golangci-lint
  uses: golangci/golangci-lint-action@v3
  with:
- version: v1.54
+ version: v1.60
  args: -v --timeout=5m
  skip-pkg-cache: true
 

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -35,7 +35,7 @@ jobs:
  - name: golangci-lint
  uses: golangci/golangci-lint-action@v3
  with:
- version: v1.54
+ version: v1.60
  args: -v --timeout=5m
  skip-pkg-cache: true
 

diff --git a/ecc/bls12-377/fr/sis/sis_test.go b/ecc/bls12-377/fr/sis/sis_test.go
@@ -404,7 +404,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {
  }
  sum := r.Sum(nil)
  var rlen [4]byte
- binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))
+ binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here
  reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))
  var result fr.Vector
  _, err := result.ReadFrom(reader)

diff --git a/ecc/bn254/fr/sis/sis_test.go b/ecc/bn254/fr/sis/sis_test.go
@@ -368,7 +368,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {
  }
  sum := r.Sum(nil)
  var rlen [4]byte
- binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))
+ binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here
  reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))
  var result fr.Vector
  _, err := result.ReadFrom(reader)

diff --git a/ecc/bn254/fr/tensor-commitment/commitment.go b/ecc/bn254/fr/tensor-commitment/commitment.go
@@ -134,7 +134,7 @@ func NewTCParams(codeRate, NbColumns, NbRows int, makeHash func() hash.Hash) (*T
  res.Domains[1] = fft.NewDomain(uint64(codeRate * NbColumns))
 
  // size of the matrix
- res.NbColumns = int(res.Domains[0].Cardinality)
+ res.NbColumns = int(res.Domains[0].Cardinality) // #nosec G115 not overflow territory here
  res.NbRows = NbRows
 
  // rate
@@ -285,7 +285,8 @@ func (tc *TensorCommitment) Commit() (Digest, error) {
  // now we hash each columns of _p
  res := make([][]byte, tc.params.Domains[1].Cardinality)
 
- parallel.Execute(int(tc.params.Domains[1].Cardinality), func(start, stop int) {
+ cardinality := int(tc.params.Domains[1].Cardinality) // #nosec G115 not overflow territory here
+ parallel.Execute(cardinality, func(start, stop int) {
  hasher := tc.params.MakeHash()
  for i := start; i < stop; i++ {
  hasher.Reset()

diff --git a/ecc/stark-curve/hash_to_g1.go b/ecc/stark-curve/hash_to_g1.go
@@ -93,7 +93,8 @@ func MapToCurve1(u *fp.Element) G1Affine {
  signsNotEqual := g1Sgn0(u) ^ g1Sgn0(&y) // 34. e3 = sgn0(u) == sgn0(y)
 
  tv1.Neg(&y)
- y.Select(int(signsNotEqual), &y, &tv1) // 35. y = CMOV(-y, y, e3) # Select correct sign of y
+ // 35. y = CMOV(-y, y, e3) # Select correct sign of y
+ y.Select(int(signsNotEqual), &y, &tv1) // #nosec G115 not overflow territory here
  return G1Affine{x, y}
 }
 

diff --git a/ecc/stark-curve/marshal.go b/ecc/stark-curve/marshal.go
@@ -330,7 +330,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
  return
  case []fr.Element:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }
@@ -347,7 +347,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
  return nil
  case []fp.Element:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }
@@ -365,7 +365,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
 
  case []G1Affine:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }
@@ -420,7 +420,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
  return
  case []fr.Element:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }
@@ -437,7 +437,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
  return nil
  case []fp.Element:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }
@@ -455,7 +455,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
 
  case []G1Affine:
  // write slice length
- err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+ err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
  if err != nil {
  return
  }

diff --git a/field/generator/config/field_config.go b/field/generator/config/field_config.go
@@ -415,7 +415,7 @@ func (f *FieldConfig) WriteElement(element Element) string {
  var subElementNames string
  if length > 1 {
  builder.WriteString("\n")
- subElementNames = CoordNameForExtensionDegree(uint8(length))
+ subElementNames = CoordNameForExtensionDegree(uint8(length)) // #nosec G115 not overflow territory here
  }
  for i, e := range element {
  if length > 1 {

diff --git a/field/hash/hashutils.go b/field/hash/hashutils.go
@@ -18,7 +18,7 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
  if len(dst) > 255 {
  return nil, errors.New("invalid domain size (>255 bytes)")
  }
- sizeDomain := uint8(len(dst))
+ sizeDomain := uint8(len(dst)) // #nosec G115 not overflow territory here, checked above
 
  // Z_pad = I2OSP(0, r_in_bytes)
  // l_i_b_str = I2OSP(len_in_bytes, 2)
@@ -31,7 +31,9 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
  if _, err := h.Write(msg); err != nil {
  return nil, err
  }
- if _, err := h.Write([]byte{uint8(lenInBytes >> 8), uint8(lenInBytes), uint8(0)}); err != nil {
+ s := uint8(lenInBytes >> 8) // #nosec G115 not overflow territory here
+ b := uint8(lenInBytes) // #nosec G115 not overflow territory here
+ if _, err := h.Write([]byte{s, b, 0}); err != nil {
  return nil, err
  }
  if _, err := h.Write(dst); err != nil {
@@ -71,7 +73,8 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
  if _, err := h.Write(strxor); err != nil {
  return nil, err
  }
- if _, err := h.Write([]byte{uint8(i)}); err != nil {
+ bi := uint8(i) // #nosec G115 not overflow territory here
+ if _, err := h.Write([]byte{bi}); err != nil {
  return nil, err
  }
  if _, err := h.Write(dst); err != nil {

diff --git a/internal/generator/config/hash_to_curve.go b/internal/generator/config/hash_to_curve.go
@@ -77,7 +77,7 @@ func (parameters *HashSuiteSvdw) GetInfo(baseField *field.FieldConfig, g *Point,
 func (suite *HashSuiteSswu) GetInfo(baseField *field.FieldConfig, g *Point, name string) HashSuiteInfo {
 
  f := field.NewTower(baseField, g.CoordExtDegree, g.CoordExtRoot)
- fieldSizeMod256 := uint8(f.Size.Bits()[0])
+ fieldSizeMod256 := uint8(f.Size.Bits()[0]) // #nosec G115 false positive
 
  Z := toBigIntSlice(suite.Z)
  var c []field.Element

diff --git a/utils/unsafe/dump_slice.go b/utils/unsafe/dump_slice.go
@@ -15,7 +15,7 @@ import (
 // (e.g. 32 vs 64 bit, big endian vs little endian).
 func WriteSlice[S ~[]E, E any](w io.Writer, s S) error {
  var e E
- size := int(unsafe.Sizeof(e))
+ size := int(unsafe.Sizeof(e)) // #nosec G115 not overflow territory here
  if err := binary.Write(w, binary.LittleEndian, uint64(len(s))); err != nil {
  return err
  }
@@ -43,9 +43,10 @@ func ReadSlice[S ~[]E, E any](r io.Reader, maxElements ...int) (s S, read int, e
  length := binary.LittleEndian.Uint64(buf[:])
 
  var e E
- size := int(unsafe.Sizeof(e))
+ size := int(unsafe.Sizeof(e)) // #nosec G115 not overflow territory here
  limit := length
- if len(maxElements) == 1 && maxElements[0] > 0 && int(length) > maxElements[0] {
+ iLength := int(length) // #nosec G115 safe to ignore
+ if len(maxElements) == 1 && maxElements[0] > 0 && iLength > maxElements[0] {
  limit = uint64(maxElements[0])
  }
 
@@ -57,16 +58,16 @@ func ReadSlice[S ~[]E, E any](r io.Reader, maxElements ...int) (s S, read int, e
 
  // directly read the bytes from reader into the target memory area
  // (slice data)
- data := unsafe.Slice((*byte)(unsafe.Pointer(&toReturn[0])), size*int(limit))
+ data := unsafe.Slice((*byte)(unsafe.Pointer(&toReturn[0])), size*int(limit)) // #nosec G115 safe to ignore
  if _, err := io.ReadFull(r, data); err != nil {
  return nil, read, err
  }
 
- read += size * int(limit)
+ read += size * int(limit) // #nosec G115 safe to ignore
 
  // advance the reader if we had more elements than we wanted
  if length > limit {
- advance := int(length-limit) * size
+ advance := int(length-limit) * size // #nosec G115 not overflow territory here
  if _, err := io.CopyN(io.Discard, r, int64(advance)); err != nil {
  return nil, read, err
  }
@@ -82,7 +83,7 @@ const marker uint64 = 0xdeadbeef
 // This is used to ensure that the dump was written on the same architecture.
 func WriteMarker(w io.Writer) error {
  marker := marker
- _, err := w.Write(unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8))
+ _, err := w.Write(unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8)) // #nosec G115 unsafe, but we know it.
  return err
 }
 
@@ -94,7 +95,7 @@ func ReadMarker(r io.Reader) error {
  return err
  }
  marker := marker
- d := unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8)
+ d := unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8) // #nosec G115 unsafe, but we know it.
  if !bytes.Equal(d, buf[:]) {
  return errors.New("marker mismatch: dump was not written on the same architecture")
  }