Created
September 4, 2024 01:16
-
-
Save okdas/7bf19ef71177bb9130d1cb0c5bd20a19 to your computer and use it in GitHub Desktop.
Revisions
-
okdas created this gist
Sep 4, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,1164 @@ errors: {} issues: - severity: 2 confidence: 1 cwe: id: "338" url: https://cwe.mitre.org/data/definitions/338.html ruleid: G404 what: Use of weak random number generator (math/rand instead of crypto/rand) file: /Users/dk/pocket/poktroll/pkg/crypto/rand/float.go code: "21: \t// Construct a pseudo-random number generator with the seed.\n22: \tpseudoRand := rand.New(rand.NewSource(seed))\n23: \n" line: "22" col: "16" - severity: 2 confidence: 2 cwe: id: "295" url: https://cwe.mitre.org/data/definitions/295.html ruleid: G402 what: TLS MinVersion too low. file: /Users/dk/pocket/poktroll/pkg/relayer/proxy/synchronous.go code: "345: \t\ttransport := &http.Transport{\n346: \t\t\tTLSClientConfig: &tls.Config{},\n347: \t\t}\n" line: "346" col: "22" - severity: 2 confidence: 2 cwe: id: "295" url: https://cwe.mitre.org/data/definitions/295.html ruleid: G402 what: TLS MinVersion too low. file: /Users/dk/pocket/poktroll/pkg/client/events/websocket/dialer.go code: "34: \tif strings.HasPrefix(urlString, wssPrefix) {\n35: \t\tdialer.TLSClientConfig = &tls.Config{}\n36: \t}\n" line: "35" col: "29" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/token_logic_modules.go code: "520: \tfor shareHolderAddress, shareAmount := range shareAmountMap {\n521: \t\tshareAmountCoin := cosmostypes.NewCoin(volatile.DenomuPOKT, math.NewInt(int64(shareAmount)))\n522: \t\tshareAmountCoins := cosmostypes.NewCoins(shareAmountCoin)\n" line: "521" col: "75" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/token_logic_modules.go code: "476: \tcomputeUnitsPerRelay := service.ComputeUnitsPerRelay\n477: \tupoktAmount := math.NewInt(int64(numRelays * computeUnitsPerRelay * computeUnitsToTokensMultiplier))\n478: \tif upoktAmount.IsNegative() {\n" line: "477" col: "29" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/token_logic_modules.go code: "356: \tcoinsToShareAmt := calculateGlobalMintAllocationFromSettlementAmount(newMintAmtFloat, MintAllocationSupplier)\n357: \tif err = k.distributeSupplierRewardsToShareHolders(ctx, supplier.OperatorAddress, service.Id, uint64(coinsToShareAmt)); err != nil {\n358: \t\treturn tokenomicstypes.ErrTokenomicsSupplierModuleMintFailed.Wrapf(\n" line: "357" col: "96" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "215: \t\t\tFilter: &prooftypes.QueryAllClaimsRequest_SessionEndHeight{\n216: \t\t\t\tSessionEndHeight: uint64(expiringSessionEndHeight),\n217: \t\t\t},\n" line: "216" col: "23" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "202: \texpiringSessionEndHeight := blockHeight -\n203: \t\tint64(claimWindowSizeBlocks+\n204: \t\t\tproofWindowSizeBlocks+1)\n205: \n" line: 203-204 col: "3" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/msg_server_update_param.go code: "30: \t\t}\n31: \t\tcomputeUnitsToTokensMultiplier := uint64(value.AsInt64)\n32: \n" line: "31" col: "37" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/supplier/keeper/msg_server_unstake_supplier.go code: "69: \t// off-chain actors that need to listen to session supplier's change mid-session, etc).\n70: \tsupplier.UnstakeSessionEndHeight = uint64(shared.GetSessionEndHeight(&sharedParams, currentHeight))\n71: \tk.SetSupplier(ctx, supplier)\n" line: "70" col: "37" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/supplier/keeper/msg_server_stake_supplier.go code: "192: \tfor _, serviceConfig := range msg.Services {\n193: \t\tServicesActivationHeightMap[serviceConfig.Service.Id] = uint64(nextSessionStartHeight)\n194: \t\t// If the service has already been staked for, keep its activation height.\n" line: "193" col: "59" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/supplier/keeper/msg_server_stake_supplier.go code: "142: \tfor _, serviceConfig := range msg.Services {\n143: \t\tservicesActivationHeightsMap[serviceConfig.Service.Id] = uint64(nextSessionStartHeight)\n144: \t}\n" line: "143" col: "60" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/supplier.go code: "14: \n15: \treturn int64(supplier.UnstakeSessionEndHeight + supplierUnbondingPeriodSessions)\n16: }\n" line: "15" col: "9" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "101: \treturn GetProofWindowOpenHeight(sharedParams, queryHeight) +\n102: \t\tint64(sharedParams.GetProofWindowCloseOffsetBlocks())\n103: }\n" line: "102" col: "3" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "94: \treturn GetClaimWindowCloseHeight(sharedParams, queryHeight) +\n95: \t\tint64(sharedParams.GetProofWindowOpenOffsetBlocks())\n96: }\n" line: "95" col: "3" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "86: \tclaimWindowOpenHeight := GetClaimWindowOpenHeight(sharedParams, queryHeight)\n87: \tclaimWindowCloseOffsetBlocks := int64(sharedParams.GetClaimWindowCloseOffsetBlocks())\n88: \treturn claimWindowOpenHeight + claimWindowCloseOffsetBlocks\n" line: "87" col: "34" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "76: \tsessionEndHeight := GetSessionEndHeight(sharedParams, queryHeight)\n77: \tclaimWindowOpenOffsetBlocks := int64(sharedParams.GetClaimWindowOpenOffsetBlocks())\n78: \t// NB: An additional block (+1) is added to permit to relays arriving at the\n" line: "77" col: "33" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "63: \tsessionEndHeight := GetSessionEndHeight(sharedParams, queryHeight)\n64: \treturn sessionEndHeight + int64(sharedParams.GetGracePeriodEndOffsetBlocks())\n65: }\n" line: "64" col: "28" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "50: \n51: \tnumBlocksPerSession := int64(sharedParams.GetNumBlocksPerSession())\n52: \n" line: "51" col: "25" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "33: \n34: \tnumBlocksPerSession := int64(sharedParams.GetNumBlocksPerSession())\n35: \tsessionStartHeight := GetSessionStartHeight(sharedParams, queryHeight)\n" line: "34" col: "25" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/session.go code: "17: \n18: \tnumBlocksPerSession := int64(sharedParams.GetNumBlocksPerSession())\n19: \n" line: "18" col: "25" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "75: \n76: \t\tparams.ApplicationUnbondingPeriodSessions = uint64(value.AsInt64)\n77: \tdefault:\n" line: "76" col: "47" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "68: \n69: \t\tparams.SupplierUnbondingPeriodSessions = uint64(value.AsInt64)\n70: \tcase types.ParamApplicationUnbondingPeriodSessions:\n" line: "69" col: "44" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "61: \n62: \t\tparams.ProofWindowCloseOffsetBlocks = uint64(value.AsInt64)\n63: \tcase types.ParamSupplierUnbondingPeriodSessions:\n" line: "62" col: "41" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "54: \n55: \t\tparams.ProofWindowOpenOffsetBlocks = uint64(value.AsInt64)\n56: \tcase types.ParamProofWindowCloseOffsetBlocks:\n" line: "55" col: "40" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "47: \n48: \t\tparams.ClaimWindowCloseOffsetBlocks = uint64(value.AsInt64)\n49: \tcase types.ParamProofWindowOpenOffsetBlocks:\n" line: "48" col: "41" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "40: \n41: \t\tparams.ClaimWindowOpenOffsetBlocks = uint64(value.AsInt64)\n42: \tcase types.ParamClaimWindowCloseOffsetBlocks:\n" line: "41" col: "40" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "33: \n34: \t\tparams.GracePeriodEndOffsetBlocks = uint64(value.AsInt64)\n35: \tcase types.ParamClaimWindowOpenOffsetBlocks:\n" line: "34" col: "39" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/shared/keeper/msg_server_update_param.go code: "26: \n27: \t\tparams.NumBlocksPerSession = uint64(value.AsInt64)\n28: \tcase types.ParamGracePeriodEndOffsetBlocks:\n" line: "27" col: "32" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/session/keeper/session_hydrator.go code: "323: \tsessionStartBlockHeightBz := make([]byte, 8)\n324: \tbinary.LittleEndian.PutUint64(sessionStartBlockHeightBz, uint64(sessionStartBlockHeight))\n325: \treturn sessionStartBlockHeightBz\n" line: "324" col: "59" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/session/keeper/session_hydrator.go code: "231: \t// NB: There is specific reason why `BigEndian` was chosen over `LittleEndian` in this specific context.\n232: \tseed := int64(binary.BigEndian.Uint64(sha3Hash(sessionIDBz)[:8]))\n233: \n" line: "232" col: "10" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/session/keeper/session_hydrator.go code: "180: \t\t// Exclude suppliers that are inactive (i.e. currently unbonding).\n181: \t\tif !s.IsActive(uint64(sh.sessionHeader.SessionEndBlockHeight), sh.sessionHeader.Service.Id) {\n182: \t\t\tcontinue\n" line: "181" col: "18" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/session/keeper/session_hydrator.go code: "105: \tsharedParams := k.sharedKeeper.GetParams(ctx)\n106: \tsh.session.NumBlocksPerSession = int64(sharedParams.NumBlocksPerSession)\n107: \tsh.session.SessionNumber = shared.GetSessionNumber(&sharedParams, sh.blockHeight)\n" line: "106" col: "35" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/proof/types/key_proof.go code: "34: \theightBz := make([]byte, 8)\n35: \tbinary.BigEndian.PutUint64(heightBz, uint64(sessionEndHeight))\n36: \n" line: "35" col: "39" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/proof/types/key_claim.go code: "34: \theightBz := make([]byte, 8)\n35: \tbinary.BigEndian.PutUint64(heightBz, uint64(sessionEndHeight))\n36: \n" line: "35" col: "39" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/proof/keeper/msg_server_update_param.go code: "54: \t\t}\n55: \t\tproofRequirementThreshold := uint64(value.AsInt64)\n56: \n" line: "55" col: "32" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/types/application.go code: "32: \n33: \treturn int64(application.UnstakeSessionEndHeight + applicationUnbondingPeriodSessions)\n34: }\n" line: "33" col: "9" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/types/application.go code: "21: func (s *Application) IsActive(queryHeight int64) bool {\n22: \treturn !s.IsUnbonding() || uint64(queryHeight) <= s.UnstakeSessionEndHeight\n23: }\n" line: "22" col: "29" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/keeper/prune_undelegations.go code: "60: \n61: \treturn int64(sharedParams.GetGracePeriodEndOffsetBlocks()) +\n62: \t\t(numBlocksPerSession * NumSessionsAppToGatewayUndelegationRetention)\n" line: "61" col: "9" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/keeper/prune_undelegations.go code: "58: func GetNumBlocksUndelegationRetention(sharedParams *sharedtypes.Params) int64 {\n59: \tnumBlocksPerSession := int64(sharedParams.GetNumBlocksPerSession())\n60: \n" line: "59" col: "25" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/keeper/prune_undelegations.go code: "28: \t}\n29: \tearliestUnprunedUndelegationHeight := uint64(currentHeight - numBlocksUndelegationRetention)\n30: \n" line: "29" col: "40" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/keeper/msg_server_unstake_application.go code: "50: \t// session. After that, the application will be considered inactive.\n51: \tfoundApp.UnstakeSessionEndHeight = uint64(shared.GetSessionEndHeight(&sharedParams, currentHeight))\n52: \tk.SetApplication(ctx, foundApp)\n" line: "51" col: "37" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/x/application/keeper/msg_server_undelegate_from_gateway.go code: "82: ) {\n83: \tsessionEndHeight := uint64(k.sharedKeeper.GetSessionEndHeight(ctx, currentBlockHeight))\n84: \tundelegatingGatewayListAtBlock := app.PendingUndelegations[sessionEndHeight]\n" line: "83" col: "22" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/pkg/crypto/rings/client.go code: "295: \t// Get the target session end height at which we want to get the active delegations.\n296: \ttargetSessionEndHeight := uint64(shared.GetSessionEndHeight(sharedParams, blockHeight))\n297: \n" line: "296" col: "28" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/pkg/crypto/rand/samples.go code: "32: \n33: \treturn int64(math.Ceil(n))\n34: }\n" line: "33" col: "9" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/pkg/client/tx/client.go code: "244: \ttxBuilder.SetGasLimit(690000042)\n245: \ttxBuilder.SetTimeoutHeight(uint64(timeoutHeight))\n246: \n" line: "245" col: "29" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/pkg/appgateserver/synchronous.go code: "78: \tserviceResponse.CopyToHTTPHeader(writer.Header())\n79: \twriter.WriteHeader(int(serviceResponse.StatusCode))\n80: \n" line: "79" col: "21" - severity: 2 confidence: 1 cwe: id: "" url: "" ruleid: G701 what: Potential integer overflow by integer type conversion file: /Users/dk/pocket/poktroll/pkg/appgateserver/error_reply.go code: "30: \terrorResponse.CopyToHTTPHeader(writer.Header())\n31: \twriter.WriteHeader(int(errorResponse.StatusCode))\n32: \n" line: "31" col: "21" - severity: 1 confidence: 2 cwe: id: "78" url: https://cwe.mitre.org/data/definitions/78.html ruleid: G204 what: Subprocess launched with function call as argument or cmd arguments file: /Users/dk/pocket/poktroll/tools/scripts/goimports/main.go code: "49: \tif len(filesToProcess) > 0 {\n50: \t\tcmd := exec.Command(\"goimports\", append(defaultArgs, filesToProcess...)...)\n51: \t\tif err := cmd.Run(); err != nil {\n" line: "50" col: "10" - severity: 1 confidence: 2 cwe: id: "22" url: https://cwe.mitre.org/data/definitions/22.html ruleid: G304 what: Potential file inclusion via variable file: /Users/dk/pocket/poktroll/tools/scripts/protocheck/cmd/unstable.go code: "371: \t// Open the file for reading\n372: \tfile, err := os.Open(filePath)\n373: \tif err != nil {\n" line: "372" col: "15" - severity: 1 confidence: 2 cwe: id: "22" url: https://cwe.mitre.org/data/definitions/22.html ruleid: G304 what: Potential file inclusion via variable file: /Users/dk/pocket/poktroll/tools/scripts/goimports/filters/filters.go code: "65: func containsEmptyImportScaffold(goSrcPath string) (isEmptyImport bool, _ error) {\n66: \tfile, err := os.Open(goSrcPath)\n67: \tif err != nil {\n" line: "66" col: "15" - severity: 1 confidence: 2 cwe: id: "22" url: https://cwe.mitre.org/data/definitions/22.html ruleid: G304 what: Potential file inclusion via variable file: /Users/dk/pocket/poktroll/tools/scripts/generate_docs_params.go code: "111: \n112: \t\tprotoFile, err := os.Open(filePath)\n113: \t\tif err != nil {\n" line: "112" col: "21" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "148: \t\tif err = ctx.EventManager().EmitTypedEvent(&prooftypes.EventProofUpdated{\n149: \t\t\tClaim: &claim,\n150: \t\t\tProof: nil,\n" line: "149" col: "21" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "137: \t\tclaimSettledEvent := types.EventClaimSettled{\n138: \t\t\tClaim: \ &claim,\n139: \t\t\tNumRelays: numClaimRelays,\n" line: "138" col: "22" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "131: \t\t// Manage the mint & burn accounting for the claim.\n132: \t\tif err = k.ProcessTokenLogicModules(ctx, &claim); err != nil {\n133: \t\t\tlogger.Error(fmt.Sprintf(\"error processing token logic modules for claim %q: %v\", claim.SessionHeader.SessionId, err))\n" line: "132" col: "44" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "100: \t\t\t\tclaimExpiredEvent := types.EventClaimExpired{\n101: \t\t\t\t\tClaim: \ &claim,\n102: \t\t\t\t\tNumComputeUnits: numClaimComputeUnits,\n" line: "101" col: "24" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "69: \t\t// claim required an on-chain proof\n70: \t\tproofRequirement, err = k.proofRequirementForClaim(ctx, &claim)\n71: \t\tif err != nil {\n" line: "70" col: "59" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/supplier/keeper/unbond_suppliers.go code: "33: \n34: \t\tunbondingHeight := shared.GetSupplierUnbondingHeight(&sharedParams, &supplier)\n35: \n" line: "34" col: "71" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/application/keeper/unbond_applications.go code: "33: \n34: \t\tunbondingHeight := types.GetApplicationUnbondingHeight(&sharedParams, &application)\n35: \n" line: "34" col: "73" - severity: 1 confidence: 1 cwe: id: "118" url: https://cwe.mitre.org/data/definitions/118.html ruleid: G601 what: Implicit memory aliasing in for loop. file: /Users/dk/pocket/poktroll/x/application/keeper/auto_undelegate.go code: "40: \t\t\t\t// proofs to get the application's ring signatures.\n41: \t\t\t\tk.recordPendingUndelegation(ctx, &application, unstakedGateway, currentHeight)\n42: \t\t\t}\n" line: "41" col: "38" - severity: 1 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G307 what: Deferring unsafe method "Close" on type "*os.File" file: /Users/dk/pocket/poktroll/tools/scripts/protocheck/cmd/unstable.go code: "405: \t}\n406: \tdefer file.Close()\n407: \n" line: "406" col: "2" - severity: 1 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G307 what: Deferring unsafe method "Close" on type "*os.File" file: /Users/dk/pocket/poktroll/tools/scripts/protocheck/cmd/unstable.go code: "375: \t}\n376: \tdefer file.Close()\n377: \n" line: "376" col: "2" - severity: 1 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G307 what: Deferring unsafe method "Close" on type "*os.File" file: /Users/dk/pocket/poktroll/tools/scripts/goimports/filters/filters.go code: "69: \t}\n70: \tdefer file.Close()\n71: \n" line: "70" col: "2" - severity: 1 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G307 what: Deferring unsafe method "Close" on type "*os.File" file: /Users/dk/pocket/poktroll/tools/scripts/generate_docs_params.go code: "116: \t\t}\n117: \t\tdefer protoFile.Close()\n118: \n" line: "117" col: "3" - severity: 1 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G307 what: Deferring unsafe method "Close" on type "*os.File" file: /Users/dk/pocket/poktroll/tools/scripts/generate_docs_params.go code: "66: \t}\n67: \tdefer file.Close()\n68: \n" line: "67" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import reflect file: /Users/dk/pocket/poktroll/x/application/types/gomock_reflect_4133141878/prog.go code: "9: \t\"path\"\n10: \t\"reflect\"\n11: \n" line: "10" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/tokenomics/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/supplier/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/shared/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/session/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/session/keeper/session_hydrator.go code: "9: \t\"fmt\"\n10: \t\"math/rand\"\n11: \n" line: "10" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/service/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/proof/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/gateway/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/x/application/module/simulation.go code: "3: import (\n4: \t\"math/rand\"\n5: \n" line: "4" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/pkg/crypto/rand/integer.go code: "5: \t\"encoding/binary\"\n6: \t\"math/rand\"\n7: \n" line: "6" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import math/rand file: /Users/dk/pocket/poktroll/pkg/crypto/rand/float.go code: "5: \t\"encoding/binary\"\n6: \t\"math/rand\"\n7: \n" line: "6" col: "2" - severity: 1 confidence: 2 cwe: id: "" url: "" ruleid: G702 what: Blocklisted import crypto/rand file: /Users/dk/pocket/poktroll/pkg/client/events/query_client.go code: "4: \t\"context\"\n5: \t\"crypto/rand\"\n6: \t\"encoding/base64\"\n" line: "5" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/tokenomics/keeper/settle_pending_claims.go code: "195: \t// NB: This error can be safely ignored as on-chain SharedQueryClient implementation cannot return an error.\n196: \tsharedParams, _ := k.sharedQuerier.GetParams(ctx)\n197: \tclaimWindowSizeBlocks := sharedParams.GetClaimWindowOpenOffsetBlocks() + sharedParams.GetClaimWindowCloseOffsetBlocks()\n" line: "196" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_proof.go code: "119: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n120: \tsessionEndHeight, _ := cmd.Flags().GetUint64(FlagSessionEndHeight)\n121: \n" line: "120" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_proof.go code: "118: \tsessionId, _ := cmd.Flags().GetString(FlagSessionId)\n119: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n120: \tsessionEndHeight, _ := cmd.Flags().GetUint64(FlagSessionEndHeight)\n" line: "119" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_proof.go code: "117: func updateProofsFilter(cmd *cobra.Command, req *types.QueryAllProofsRequest) error {\n118: \tsessionId, _ := cmd.Flags().GetString(FlagSessionId)\n119: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n" line: "118" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_claim.go code: "122: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n123: \tsessionEndHeight, _ := cmd.Flags().GetUint64(FlagSessionEndHeight)\n124: \n" line: "123" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_claim.go code: "121: \tsessionId, _ := cmd.Flags().GetString(FlagSessionId)\n122: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n123: \tsessionEndHeight, _ := cmd.Flags().GetUint64(FlagSessionEndHeight)\n" line: "122" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/x/proof/module/query_claim.go code: "120: func updateClaimsFilter(cmd *cobra.Command, req *types.QueryAllClaimsRequest) error {\n121: \tsessionId, _ := cmd.Flags().GetString(FlagSessionId)\n122: \tsupplierOperatorAddr, _ := cmd.Flags().GetString(FlagSupplierOperatorAddress)\n" line: "121" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/pkg/relayer/relayminer.go code: "131: \t\trel.logger.Info().Str(\"endpoint\", addr).Msg(\"stopping a pprof endpoint\")\n132: \t\t_ = server.Shutdown(ctx)\n133: \t}()\n" line: "132" col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/pkg/relayer/proxy/synchronous.go code: "80: \t\t<-ctx.Done()\n81: \t\t_ = sync.server.Shutdown(ctx)\n82: \t}()\n" line: "81" col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/pkg/client/events/query_client.go code: "61: \tebc.eventsBytes.UnsubscribeAll()\n62: \t_ = ebc.conn.Close()\n63: }\n" line: "62" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/pkg/appgateserver/server.go code: "310: \t\tapp.logger.Info().Str(\"endpoint\", addr).Msg(\"stopping a pprof endpoint\")\n311: \t\t_ = server.Shutdown(ctx)\n312: \t}()\n" line: "311" col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/pkg/appgateserver/server.go code: "138: \t\t<-ctx.Done()\n139: \t\t_ = app.server.Shutdown(ctx)\n140: \t}()\n" line: "139" col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/docs/docs.go code: "31: \treturn func(w http.ResponseWriter, req *http.Request) {\n32: \t\t_ = t.Execute(w, struct {\n33: \t\t\tTitle string\n34: \t\t\tURL string\n35: \t\t}{\n36: \t\t\ttitle,\n37: \t\t\tapiFile,\n38: \t\t})\n39: \t}\n" line: 32-38 col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/docs/docs.go code: "28: func handler(title string) http.HandlerFunc {\n29: \tt, _ := httptemplate.ParseFS(template, indexFile)\n30: \n" line: "29" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/cmd/poktrolld/cmd/root.go code: "180: \t// Read the config again to overwrite the default values with the values from the config file\n181: \tclientCtx, _ = config.ReadFromClientConfig(clientCtx)\n182: \n" line: "181" col: "2" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/app/export.go code: "103: \n104: \t\t_, _ = app.Keepers.DistrKeeper.WithdrawDelegationRewards(ctx, delAddr, valAddr)\n105: \t}\n" line: "104" col: "3" - severity: 0 confidence: 2 cwe: id: "" url: "" ruleid: G703 what: Returned error is not propagated up the stack. file: /Users/dk/pocket/poktroll/app/export.go code: "82: \t\t}\n83: \t\t_, _ = app.Keepers.DistrKeeper.WithdrawValidatorCommission(ctx, valBz)\n84: \t\treturn false\n" line: "83" col: "3" - severity: 0 confidence: 2 cwe: id: "703" url: https://cwe.mitre.org/data/definitions/703.html ruleid: G104 what: Errors unhandled. file: /Users/dk/pocket/poktroll/pkg/relayer/proxy/synchronous.go code: "107: \trelayRequest, err := sync.newRelayRequest(request)\n108: \trequest.Body.Close()\n109: \tif err != nil {\n" line: "108" col: "2" stats: numfiles: 572 numlines: 163442 numnosec: 0 numfound: 96