Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ZetaClient gosec #2180

Closed
Tracked by #1611
lumtis opened this issue May 14, 2024 · 1 comment
Closed
Tracked by #1611

Fix ZetaClient gosec #2180

lumtis opened this issue May 14, 2024 · 1 comment
Labels
code-quality Code quality improvement zetaclient Issues related to ZetaClient

Comments

@lumtis
Copy link
Member

lumtis commented May 14, 2024

Three gosec entries reported recently:

[/github/workspace/zetaclient/evm/evm_client.go:809] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    808: 		if _, err := os.Stat(dbPath); os.IsNotExist(err) {
  > 809: 			err := os.MkdirAll(dbPath, os.ModePerm)
    810: 			if err != nil {



[/github/workspace/zetaclient/config/config.go:20] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    19: 	folderPath := filepath.Join(path, folder)
  > 20: 	err := os.MkdirAll(folderPath, os.ModePerm)
    21: 	if err != nil {



[/github/workspace/zetaclient/bitcoin/bitcoin_client.go:1660] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    1659: 	if _, err := os.Stat(dbpath); os.IsNotExist(err) {
  > 1660: 		err := os.MkdirAll(dbpath, os.ModePerm)
    1661: 		if err != nil {
@lumtis lumtis added the zetaclient Issues related to ZetaClient label May 14, 2024
@lumtis lumtis mentioned this issue May 14, 2024
Closed
@lumtis lumtis added the code-quality Code quality improvement label May 14, 2024
@skosito
Copy link
Contributor

skosito commented May 14, 2024

Caused by using @master as version, which got updated today to v2.20 https://github.com/securego/gosec/releases/tag/v2.20.0 and caught this issue securego/gosec@6fbd381.

Currently hardcoded it back to v2.19 which was used before, and this fixes build, but let's use this issue to update this, because there are some useful bug fixes, including this one.

@lumtis lumtis linked a pull request May 15, 2024 that will close this issue
test: add tx priority checks to e2e tests #2184
Merged
6 tasks
@skosito skosito mentioned this issue May 15, 2024
Merged
6 tasks
@lumtis lumtis removed a link to a pull request May 15, 2024
test: add tx priority checks to e2e tests #2184
Merged
6 tasks
@lumtis lumtis closed this as completed Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code-quality Code quality improvement zetaclient Issues related to ZetaClient
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lumtis @skosito