search

cosmos / interchain-security

Interchain Security is an open sourced IBC application which allows cosmos blockchains to lease their proof-of-stake security to one another.
https://cosmos.github.io/interchain-security/
Other
156 stars 126 forks source link

Make `gosec` pass #223

Closed danwt closed 2 years ago

danwt commented 2 years ago

The linter gosec fails

https://github.com/cosmos/interchain-security/runs/7282519806?check_suite_focus=true#step%3A4%3A516=

we need to make it pass. A big part of this is making sure all errors are handled. For v0.1 we can just check each error!=nil and panic or bubble up the error.

See the readme instructions for how to run linters locally

https://github.com/cosmos/interchain-security/blob/657aaea0a6ed97f3a04d906186d353c56bef8d5e/README.md?plain=1#L69-L97

https://github.com/securego/gosec

For linter problems in /integration-tests, we can disable the checks.

shaspitz commented 2 years ago

Makes sense 👍

On disabling these checks for integration tests - Is there a config file seen by the cloud builds to disable certain folders from linting? Achieving the same thing as this. Alternatively I can annotate each vulnerability instance that should be ignored, which seems like the better practice solution

danwt commented 2 years ago

Great question @smarshall-spitzbart, feel free to choose which way. If using the directory exclude approach you would probably have to edit this file

https://github.com/cosmos/interchain-security/blob/main/.github/workflows/gosec.yml