Prepared by:
HALBORN
Last Updated 06/11/2024
Date of Engagement by: March 18th, 2024 - April 26th, 2024
100% of all REPORTED Findings have been addressed
All findings
7
Critical
0
High
0
Medium
4
Low
3
Informational
0
The Spacemesh team
engaged Halborn to conduct a security assessment on their P2P/API/RPC communication & network security, beginning on Halborn to conduct a security assessment on the forwarding module, beginning on 03/18/2024 and ending on 04/26/2024. The security assessment was scoped to the sections of code that pertain to the P2P/API/RPC communication & network security. Commit hashes and further details can be found in the Scope section of this report.
The team at Halborn was provided six weeks for the engagement and assigned one full-time security engineer to verify the security of the merge requests. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.
The purpose of this assessment is to:
- Ensure that the P2P/API/RPC Communication operates as intended.
- Identify potential security issues with the P2P/API/RPC Communication implementation.
In summary, Halborn identified some security risks that were mostly addressed by the Spacemesh team
.
Halborn performed a combination of manual and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the custom modules. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of structures and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the assessment :
- Research into architecture and purpose.
- Static Analysis of security for scoped repository, and imported functions. (e.g., staticcheck
, gosec
, unconvert
, codeql
, ineffassign
and semgrep
)
- Manual Assessment for discovering security vulnerabilities on codebase.
- Ensuring correctness of the codebase.
- Dynamic Analysis on files and modules related to the P2P/API/RPC Communication operations.
EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
---|---|---|
Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
---|---|---|
Confidentiality (C) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
---|---|---|
Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
Severity | Score Value Range |
---|---|
Critical | 9 - 10 |
High | 7 - 8.9 |
Medium | 4.5 - 6.9 |
Low | 2 - 4.4 |
Informational | 0 - 1.9 |
Critical
0
High
0
Medium
4
Low
3
Informational
0
Security analysis | Risk level | Remediation Date |
---|---|---|
Information Leakage from Exposing Pprof Endpoint | Medium | Solved - 04/19/2024 |
Slowloris Attack In HTTP Server Due To Missing ReadHeaderTimeout Configuration | Medium | Solved - 04/19/2024 |
Mitigating Eclipse Attacks in Discovery Module with Enhanced Peer Selection and Connection Policies | Medium | Future Release |
Random Peer Selection Mechanism in Discovery Module | Medium | Future Release |
Permissions Setting in EnsureIdentity Function | Low | Solved - 05/01/2024 |
Potential Command Injection Vulnerability in PostSupervisor Execution Path | Low | Solved - 05/01/2024 |
Running Docker Image as Root | Low | Acknowledged |
// Medium
In the provided code snippet, the pprof
HTTP server is being started on port 6060, exposing the profiling endpoints to any client that can connect to the server on that port. While profiling is a useful tool for debugging and performance analysis, exposing these endpoints to the public internet can potentially leak sensitive information about the application, such as memory usage, CPU profiles, and even source code paths.
func (app *App) startSynchronous(ctx context.Context) (err error) {
// notify anyone who might be listening that the app has finished starting.
// this can be used by, e.g., app tests.
defer close(app.started)
// Create a contextual logger for local usage (lower-level modules will create their own contextual loggers
// using context passed down to them)
logger := app.log.WithContext(ctx)
hostname, err := os.Hostname()
if err != nil {
return fmt.Errorf("error reading hostname: %w", err)
}
logger.With().Info("starting spacemesh",
log.String("data-dir", app.Config.DataDir()),
log.String("post-dir", app.Config.SMESHING.Opts.DataDir),
log.String("hostname", hostname),
)
if err := os.MkdirAll(app.Config.DataDir(), 0o700); err != nil {
return fmt.Errorf(
"data-dir %s not found or could not be created: %w",
app.Config.DataDir(),
err,
)
}
/* Setup monitoring */
app.errCh = make(chan error, 100)
if app.Config.PprofHTTPServer {
logger.Info("starting pprof server")
app.pprofService = &http.Server{Addr: ":6060"}
app.eg.Go(func() error {
if err := app.pprofService.ListenAndServe(); err != nil {
app.errCh <- fmt.Errorf("cannot start pprof http server: %w", err)
}
return nil
})
}
Run the pprof
HTTP server on a separate port on localhost (e.g., localhost:6060
), separate from the application's main HTTP server. This way, the profiling endpoints are only accessible from the same machine, reducing the attack surface.
SOLVED : The Spacemesh team solved the issue by implementing the suggested recommendation.
// Medium
The Node HTTP server, as implemented in the file http_server.go
, is currently vulnerable to a potential Slowloris attack. This vulnerability stems from the absence of the ReadHeaderTimeout
setting in the http.Server configuration. The Slowloris attack is a type of Denial of Service (DoS) attack where the attacker sends partial HTTP requests to the server, aiming to open many connections and keep them open as long as possible, thereby exhausting server resources. Without a ReadHeaderTimeout
, the server lacks a mechanism to time out and close these incomplete request connections, making it susceptible to such attacks.
// StartService starts the json api server and listens for status (started, stopped).
func (s *JSONHTTPServer) StartService(
ctx context.Context,
services ...ServiceAPI,
) error {
// At least one service must be enabled
if len(services) == 0 {
s.logger.Error("not starting grpc gateway service; at least one service must be enabled")
return errors.New("no services provided")
}
// register each individual, enabled service
mux := runtime.NewServeMux()
for _, svc := range services {
if err := svc.RegisterHandlerService(mux); err != nil {
return fmt.Errorf("registering service %s with grpc gateway failed: %w", svc, err)
}
}
s.logger.Info("starting grpc gateway server", zap.String("address", s.listener))
lis, err := net.Listen("tcp", s.listener)
if err != nil {
return fmt.Errorf("listening on %s: %w", s.listener, err)
}
s.BoundAddress = lis.Addr().String()
s.server = &http.Server{
Handler: mux,
}
s.eg.Go(func() error {
if err := s.server.Serve(lis); err != nil {
s.logger.Error("serving grpc server", zap.Error(err))
return nil
}
return nil
})
r
Consider implementing timeout on the HTTP server.
s := &http.Server{
Addr: tssAddr,
Handler: mux,
ReadHeaderTimeout: 5 * time.Second, // Set to a suitable value
}
SOLVED : The Spacemesh team solved the issue by implementing the suggested recommendation.
// Medium
The Discovery module, as currently implemented, lacks specific safeguards against Eclipse attacks, where an adversary could potentially monopolize a node's peer connections by controlling its view of the network. The system does not impose limits on connections from the same IP or subnet, allowing potential dominance by nodes controlled by an attacker.
func (d *Discovery) findPeersContinuously(ctx context.Context, ns string) <-chan peer.AddrInfo {
r := make(chan peer.AddrInfo)
d.eg.Go(func() error {
defer close(r)
var peerCh <-chan peer.AddrInfo
for {
if peerCh == nil {
var err error
peerCh, err = d.disc.FindPeers(ctx, ns)
if err != nil {
d.logger.Error("error finding relay peers", zap.Error(err))
select {
case <-ctx.Done():
return nil
case <-time.After(d.findPeersRetryDelay):
}
peerCh = nil
continue
}
}
select {
case <-ctx.Done():
return nil
case p, ok := <-peerCh:
if !ok {
peerCh = nil
select {
case <-ctx.Done():
return nil
case <-time.After(d.findPeersRetryDelay):
}
continue
}
select {
case r <- p:
case <-ctx.Done():
}
}
}
})
return r
}
Develop a throttling mechanism that limits the number of connections from the same IP address or subnet. For example, limit to two connections per /24 subnets, which would prevent a large number of malicious nodes on the same network from overwhelming the node.
PENDING: The Spacemesh team will address the issue in a future release. The issue was opened in https://github.com/spacemeshos/go-spacemesh/issues/5510.
// Medium
The current implementation of the Discovery module lacks a robust mechanism for random peer selection. Without effective randomization in peer selection, the network might become vulnerable to certain types of attacks, such as Eclipse attacks. If the peer selection process is predictable or insufficiently random, an attacker could exploit this by positioning their controlled nodes in a way that they are more likely to be chosen.
func (d *Discovery) findPeersContinuously(ctx context.Context, ns string) <-chan peer.AddrInfo {
r := make(chan peer.AddrInfo)
d.eg.Go(func() error {
defer close(r)
var peerCh <-chan peer.AddrInfo
for {
if peerCh == nil {
var err error
peerCh, err = d.disc.FindPeers(ctx, ns)
if err != nil {
d.logger.Error("error finding relay peers", zap.Error(err))
select {
case <-ctx.Done():
return nil
case <-time.After(d.findPeersRetryDelay):
}
peerCh = nil
continue
}
}
select {
case <-ctx.Done():
return nil
case p, ok := <-peerCh:
if !ok {
peerCh = nil
select {
case <-ctx.Done():
return nil
case <-time.After(d.findPeersRetryDelay):
}
continue
}
select {
case r <- p:
case <-ctx.Done():
}
}
}
})
return r
}
Enhance the peer selection algorithm to incorporate true randomness. This could involve integrating cryptographic randomness to select from the list of discovered peers, thereby ensuring that all peers have an equal chance of being chosen.
PENDING: The Spacemesh team will address the issue in a future release. The issue was opened in https://github.com/spacemeshos/go-spacemesh/issues/5510.
// Low
The EnsureIdentity function sets directory permissions to 0755 using os.MkdirAll. This setting allows the owner to read, write, and execute files, while others can only read and execute.If the directory's contents are sensitive (such as private keys), the read and execute permissions for 'group' and 'others' may expose sensitive information to unauthorized users.
// EnsureIdentity generates an identity key file in given directory.
func EnsureIdentity(dir string) (crypto.PrivKey, error) {
// TODO add crc check
if err := os.MkdirAll(dir, 0o755); err != nil {
return nil, fmt.Errorf("ensure that directory %s exist: %w", dir, err)
}
info, err := identityInfoFromDir(dir)
switch {
case errors.Is(err, fs.ErrNotExist):
key, err := genIdentity()
if err != nil {
return nil, err
}
id, err := peer.IDFromPrivateKey(key)
if err != nil {
panic("generated key is malformed")
}
raw, err := crypto.MarshalPrivateKey(key)
if err != nil {
panic("generated key can't be marshaled to bytes")
}
data, err := json.Marshal(identityInfo{
Key: raw,
ID: id,
})
if err != nil {
return nil, err
}
if err := os.WriteFile(filepath.Join(dir, keyFilename), data, 0o644); err != nil {
return nil, fmt.Errorf("write identity data: %w", err)
}
return key, nil
case err != nil:
return nil, fmt.Errorf("read key from disk: %w", err)
}
pk, err := crypto.UnmarshalPrivateKey(info.Key)
if err != nil {
return nil, fmt.Errorf("unmarshal privkey: %w", err)
}
return pk, nil
}
Consider setting directory permissions with sufficient privilege.
SOLVED: The Spacemesh team solved the issue by implementing the suggested recommendation.
// Low
In the PostSupervisor component of the system, there is a potential security vulnerability concerning how external commands are constructed and executed. Specifically, the function runCmd constructs command-line arguments dynamically based on configurations and user input, which may be susceptible to command injection if the input is not properly sanitized.
cmd := exec.CommandContext(
ctx,
cmdCfg.PostServiceCmd,
args...,
)
Where possible, use allow lists for allowed commands and strictly enforce what executable can be run in the context of the application.
SOLVED: The Spacemesh team solved the issue by sanitizing commands.
// Low
The provided Dockerfile is building a Docker image for the go-spacemesh project, which is a Go-based implementation of the Spacemesh protocol. However, the issue lies in the fact that the Docker image is running as the root user, which can pose potential security risks. Running containers as the root user is generally discouraged because it grants unrestricted access to the host system's resources, increasing the potential for security vulnerabilities. If the container is compromised or contains vulnerabilities, an attacker could potentially gain root access to the host system, leading to serious consequences.
# go-spacemesh needs at least ubuntu 22.04. newer versions of ubuntu might work as well, but are untested
FROM ubuntu:22.04 AS linux
ENV DEBIAN_FRONTEND noninteractive
ENV SHELL /bin/bash
ARG TZ=Etc/UTC
ENV TZ=${TZ}
USER root
RUN set -ex \
&& apt-get update --fix-missing \
&& apt-get install -qy --no-install-recommends \
ca-certificates \
tzdata \
locales \
procps \
net-tools \
file \
ocl-icd-libopencl1 clinfo \
# required for OpenCL CPU provider
# pocl-opencl-icd libpocl2 \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& locale-gen en_US.UTF-8 \
&& update-locale LANG=en_US.UTF-8 \
&& echo "$TZ" > /etc/timezone
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8
ENV LC_ALL en_US.UTF-8
FROM golang:1.22 as builder
ARG VERSION=""
ENV VERSION=${VERSION}
RUN set -ex \
&& apt-get update --fix-missing \
&& apt-get install -qy --no-install-recommends \
unzip sudo \
ocl-icd-opencl-dev
WORKDIR /src
COPY Makefile* .
RUN make get-libs
# We want to populate the module cache based on the go.{mod,sum} files.
COPY go.mod .
COPY go.sum .
RUN go mod download
# Here we copy the rest of the source code
COPY . .
# And compile the project
RUN --mount=type=cache,id=build,target=/root/.cache/go-build make build VERSION=${VERSION}
RUN --mount=type=cache,id=build,target=/root/.cache/go-build make gen-p2p-identity
RUN --mount=type=cache,id=build,target=/root/.cache/go-build make merge-nodes VERSION=${VERSION}
# In this last stage, we start from a fresh image, to reduce the image size and not ship the Go compiler in our production artifacts.
FROM linux AS spacemesh
# Finally we copy the statically compiled Go binary.
COPY --from=builder /src/build/go-spacemesh /bin/
COPY --from=builder /src/build/service /bin/
COPY --from=builder /src/build/libpost.so /bin/
COPY --from=builder /src/build/gen-p2p-identity /bin/
COPY --from=builder /src/build/merge-nodes /bin/
ENTRYPOINT ["/bin/go-spacemesh"]
EXPOSE 7513
# profiling port
EXPOSE 6060
# pubsub port
EXPOSE 56565
To mitigate this issue, it is recommended to follow the principle of least privilege and run the container as a non-root user. This can be achieved by creating a dedicated user within the Dockerfile and running the application as that user.
ACKNOWLEDGED: The Spacemesh team acknowledged this issue.
Halborn used automated testing techniques to enhance coverage of certain areas of the scoped component. Among the tools used were staticcheck, gosec, semgrep, unconvert, codeql and nancy. After Halborn verified all the code and scoped structures in the repository and was able to compile them correctly, these tools were leveraged on scoped structures. With these tools, Halborn can statically verify security related issues across the entire codebase.
Gosec
[/spacemesh/go-spacemesh/txs/conservative_state.go:110] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
109: // randomly select transactions from the predicted block.
> 110: rng := rand.New(rand.NewSource(time.Now().UnixNano()))
111: return ShuffleWithNonceOrder(logger, rng, numTXs, predictedBlock, byAddrAndNonce)
[/spacemesh/go-spacemesh/tortoise/sim/generator.go:87] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
86: g := &Generator{
> 87: rng: rand.New(rand.NewSource(0)),
88: conf: defaults(),
[/spacemesh/go-spacemesh/tortoise/sim/generator.go:20] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
19: return func(g *Generator) {
> 20: g.rng = rand.New(rand.NewSource(seed))
21: }
[/spacemesh/go-spacemesh/systest/testcontext/context.go:146] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
145: func rngName() string {
> 146: rng := rand.New(rand.NewSource(time.Now().UnixNano()))
147: const choices = "qwertyuiopasdfghjklzxcvbnm"
[/spacemesh/go-spacemesh/syncer/atxsync/atxsync.go:67] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
66: return ctx.Err()
> 67: case <-time.After(retryInterval + time.Duration(rand.Int63n(int64(retryInterval)))):
68: }
[/spacemesh/go-spacemesh/p2p/book/book.go:137] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
136: queue: list.New(),
> 137: rng: rand.New(rand.NewSource(time.Now().Unix())),
138: shareable: []*addressInfo{},
[/spacemesh/go-spacemesh/p2p/book/book.go:128] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
127: return func(b *Book) {
> 128: b.rng = rand.New(rand.NewSource(seed))
129: }
[/spacemesh/go-spacemesh/fetch/fetch.go:607] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
606: func (f *Fetch) organizeRequests(requests []RequestMessage) map[p2p.Peer][][]RequestMessage {
> 607: rng := rand.New(rand.NewSource(time.Now().UnixNano()))
608: peer2requests := make(map[p2p.Peer][]RequestMessage)
[/spacemesh/go-spacemesh/fetch/fetch.go:167] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
166: func randomPeer(peers []p2p.Peer) p2p.Peer {
> 167: return peers[rand.Intn(len(peers))]
168: }
[/spacemesh/go-spacemesh/common/fixture/transaction_results.go:32] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
31: func (g *TransactionResultGenerator) WithSeed(seed int64) *TransactionResultGenerator {
> 32: g.rng = rand.New(rand.NewSource(seed))
33: return g
[/spacemesh/go-spacemesh/common/fixture/rewards.go:32] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
31: func (g *RewardsGenerator) WithSeed(seed int64) *RewardsGenerator {
> 32: g.rng = rand.New(rand.NewSource(seed))
33: return g
[/spacemesh/go-spacemesh/common/fixture/atxs.go:33] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
32: func (g *AtxsGenerator) WithSeed(seed int64) *AtxsGenerator {
> 33: g.rng = rand.New(rand.NewSource(seed))
34: return g
[/spacemesh/go-spacemesh/blocks/utils.go:181] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
180: mt.SeedFromSlice(toUint64Slice(blockSeed))
> 181: rng := rand.New(mt)
182: ordered := txs.ShuffleWithNonceOrder(logger, rng, len(candidates), candidates, byAddrAndNonce)
[/spacemesh/go-spacemesh/activation/nipost.go:592] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
591: func randomDurationInRange(min, max time.Duration) time.Duration {
> 592: return min + time.Duration(rand.Int63n(int64(max-min+1)))
593: }
[/spacemesh/go-spacemesh/api/grpcserver/grpc.go:106-110] - G402 (CWE-295): TLS MinVersion too low. (Confidence: HIGH, Severity: HIGH)
105:
> 106: tlsConfig := &tls.Config{
> 107: Certificates: []tls.Certificate{serverCert},
> 108: ClientAuth: tls.RequireAndVerifyClientCert,
> 109: ClientCAs: certPool,
> 110: }
111:
[/spacemesh/go-spacemesh/cmd/node/main.go:7] - G108 (CWE-200): Profiling endpoint is automatically exposed on /debug/pprof (Confidence: HIGH, Severity: HIGH)
6: "fmt"
> 7: _ "net/http/pprof"
8: "os"
[/spacemesh/go-spacemesh/node/mapstructureutil/bigrat.go:20] - G113 (CWE-190): Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) (Confidence: LOW, Severity: HIGH)
19: case reflect.String:
> 20: v, ok := new(big.Rat).SetString(data.(string))
21: if !ok {
[/spacemesh/go-spacemesh/metrics/server.go:17] - G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
16: go func() {
> 17: err := http.ListenAndServe(fmt.Sprintf(":%v", metricsPort), nil)
18: log.With().Warning("Metrics server stopped: %v", log.Err(err))
[/spacemesh/go-spacemesh/activation/post_supervisor.go:265-269] - G204 (CWE-78): Subprocess launched with a potential tainted input or cmd arguments (Confidence: HIGH, Severity: MEDIUM)
264:
> 265: cmd := exec.CommandContext(
> 266: ctx,
> 267: cmdCfg.PostServiceCmd,
> 268: args...,
> 269: )
270: pipe, err := cmd.StderrPipe()
[/spacemesh/go-spacemesh/tortoise/tracer.go:80] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
79: func RunTrace(path string, breakpoint func(), opts ...Opt) error {
> 80: f, err := os.Open(path)
81: if err != nil {
[/spacemesh/go-spacemesh/sql/localsql/nipost_state.go:56] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
55: func read(path string) ([]byte, error) {
> 56: file, err := os.Open(path)
57: if err != nil {
[/spacemesh/go-spacemesh/sql/localsql/nipost_state.go:26] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
25: tmpName := fmt.Sprintf("%s.tmp", path)
> 26: tmp, err := os.Create(tmpName)
27: if err != nil {
[/spacemesh/go-spacemesh/signing/signer.go:79] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
78: // read hex data from file
> 79: data, err := os.ReadFile(path)
80: if err != nil {
[/spacemesh/go-spacemesh/p2p/persist.go:76] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
75: func loadPeers(dir string) ([]peer.AddrInfo, error) {
> 76: f, err := os.Open(filepath.Join(dir, connectedFile))
77: if err != nil {
[/spacemesh/go-spacemesh/p2p/identity.go:32] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
31: path := filepath.Join(dir, keyFilename)
> 32: data, err := os.ReadFile(path)
33: if err != nil {
[/spacemesh/go-spacemesh/node/node_identities.go:71] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
70:
> 71: dst, err := os.Create(newKey)
72: if err != nil {
[/spacemesh/go-spacemesh/node/node_identities.go:56] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
55:
> 56: src, err := os.Open(oldKey)
57: switch {
[/spacemesh/go-spacemesh/config/genesis.go:75] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
74: func (g *GenesisConfig) WriteToFile(filename string) error {
> 75: f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0o644)
76: if err != nil {
[/spacemesh/go-spacemesh/config/genesis.go:65] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
64: func (g *GenesisConfig) LoadFromFile(filename string) error {
> 65: f, err := os.Open(filename)
66: if err != nil {
[/spacemesh/go-spacemesh/cmd/bootstrapper/bootstrapper.go:140] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
139: func upload(ctx context.Context, filename, gsBucket, gsPath string) error {
> 140: r, err := os.Open(filename)
141: if err != nil {
[/spacemesh/go-spacemesh/api/grpcserver/admin_service.go:91] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
90: }
> 91: f, err := os.Open(fname)
92: if err != nil {
[/spacemesh/go-spacemesh/node/node.go:1932] - G112 (CWE-400): Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (Confidence: LOW, Severity: MEDIUM)
1931: logger.Info("starting pprof server")
> 1932: app.pprofService = &http.Server{Addr: ":6060"}
1933: app.eg.Go(func() error {
[/spacemesh/go-spacemesh/cmd/bootstrapper/server.go:78] - G112 (CWE-400): Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (Confidence: LOW, Severity: MEDIUM)
77: s := &Server{
> 78: Server: &http.Server{Addr: fmt.Sprintf(":%d", port)},
79: logger: log.NewNop(),
[/spacemesh/go-spacemesh/api/grpcserver/http_server.go:82-84] - G112 (CWE-400): Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (Confidence: LOW, Severity: MEDIUM)
81: s.BoundAddress = lis.Addr().String()
> 82: s.server = &http.Server{
> 83: Handler: mux,
> 84: }
85: s.eg.Go(func() error {
[/spacemesh/go-spacemesh/txs/cache.go:738] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
737: RawTxCount.WithLabelValues(updated).Inc()
> 738: if err := transactions.Add(db, &tx, time.Now()); err != nil {
739: return err
[/spacemesh/go-spacemesh/hare3/protocol.go:624] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
623: for _, stat := range s.notify {
> 624: encoder.AppendObject(&stat)
625: }
[/spacemesh/go-spacemesh/hare3/protocol.go:618] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
617: for _, stat := range s.commit {
> 618: encoder.AppendObject(&stat)
619: }
[/spacemesh/go-spacemesh/hare3/protocol.go:612] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
611: for _, stat := range s.propose {
> 612: encoder.AppendObject(&stat)
613: }
[/spacemesh/go-spacemesh/hare3/protocol.go:606] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
605: for _, stat := range s.preround {
> 606: encoder.AppendObject(&stat)
607: }
[/spacemesh/go-spacemesh/hare3/protocol.go:585] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
584: for _, tally := range n.tallies {
> 585: encoder.AppendObject(&tally)
586: }
[/spacemesh/go-spacemesh/hare3/protocol.go:569] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
568: for _, tally := range s.tallies {
> 569: encoder.AppendObject(&tally)
570: }
[/spacemesh/go-spacemesh/hare3/protocol.go:517] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
516: for _, tally := range s.tallies {
> 517: enc.AppendObject(&tally)
518: }
[/spacemesh/go-spacemesh/genvm/vm.go:231] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
230: for _, reward := range rewardsResult {
> 231: if err := rewards.Add(tx, &reward); err != nil {
232: return nil, nil, fmt.Errorf("%w: %w", core.ErrInternal, err)
[/spacemesh/go-spacemesh/common/types/ballot.go:196] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
195: for _, vote := range v.Against {
> 196: encoder.AppendObject(&vote)
197: }
[/spacemesh/go-spacemesh/common/types/ballot.go:190] - G601 (CWE-118): Implicit memory aliasing in for loop. (Confidence: MEDIUM, Severity: MEDIUM)
189: for _, vote := range v.Support {
> 190: encoder.AppendObject(&vote)
191: }
[/spacemesh/go-spacemesh/config/genesis.go:75] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
74: func (g *GenesisConfig) WriteToFile(filename string) error {
> 75: f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0o644)
76: if err != nil {
[/spacemesh/go-spacemesh/p2p/identity.go:53] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
52: // TODO add crc check
> 53: if err := os.MkdirAll(dir, 0o755); err != nil {
54: return nil, fmt.Errorf("ensure that directory %s exist: %w", dir, err)
[/spacemesh/go-spacemesh/p2p/identity.go:84] - G306 (CWE-276): Expect WriteFile permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
83: }
> 84: if err := os.WriteFile(filepath.Join(dir, keyFilename), data, 0o644); err != nil {
85: return nil, fmt.Errorf("write identity data: %w", err)
[/spacemesh/go-spacemesh/txs/nano_tx.go:42] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
41: hash.Write(blockSeed)
> 42: hash.Write(n.ID.Bytes())
43: return hash.Sum(nil)
[/spacemesh/go-spacemesh/txs/nano_tx.go:41] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
40: hash := hash.New()
> 41: hash.Write(blockSeed)
42: hash.Write(n.ID.Bytes())
[/spacemesh/go-spacemesh/tortoise/util.go:97-105] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
96: for i := range blocks {
> 97: encoder.AppendObject(zapcore.ObjectMarshalerFunc(func(encoder zapcore.ObjectEncoder) error {
> 98: encoder.AddString("decision", blocks[i].validity.String())
> 99: encoder.AddString("hare", blocks[i].hare.String())
> 100: encoder.AddString("id", blocks[i].id.String())
> 101: encoder.AddString("weight", blocks[i].margin.String())
> 102: encoder.AddUint64("height", blocks[i].height)
> 103: encoder.AddBool("data", blocks[i].data)
> 104: return nil
> 105: }))
106: }
[/spacemesh/go-spacemesh/tortoise/sim/layer.go:142] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
141: txid := types.TransactionID{}
> 142: g.rng.Read(txid[:])
143: txIDs = append(txIDs, txid)
[/spacemesh/go-spacemesh/tortoise/sim/layer.go:132] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
131: beacon := types.Beacon{}
> 132: g.rng.Read(beacon[:])
133: for _, state := range g.states {
[/spacemesh/go-spacemesh/tortoise/model/hare.go:24] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
23: id := types.BlockID{}
> 24: h.rng.Read(id[:])
25: block := types.NewExistingBlock(
[/spacemesh/go-spacemesh/tortoise/model/core.go:186] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
185: case MessageCoinflip:
> 186: layers.SetWeakCoin(c.cdb, ev.LayerID, ev.Coinflip)
187: }
[/spacemesh/go-spacemesh/tortoise/model/core.go:184] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
183: case MessageBeacon:
> 184: beacons.Add(c.cdb, ev.EpochID+1, ev.Beacon)
185: case MessageCoinflip:
[/spacemesh/go-spacemesh/tortoise/model/core.go:177] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
176: }
> 177: atxs.Add(c.cdb, vAtx)
178: malicious, err := c.cdb.IsMalicious(vAtx.SmesherID)
[/spacemesh/go-spacemesh/tortoise/model/core.go:171] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
170: case MessageBallot:
> 171: ballots.Add(c.cdb, ev.Ballot)
172: case MessageAtx:
[/spacemesh/go-spacemesh/tortoise/model/core.go:169] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
168: }
> 169: blocks.Add(c.cdb, ev.Block)
170: case MessageBallot:
[/spacemesh/go-spacemesh/tortoise/model/core.go:167] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
166: if errors.Is(err, sql.ErrNotFound) || len(ids) == 0 {
> 167: certificates.SetHareOutput(c.cdb, ev.Block.LayerIndex, ev.Block.ID())
168: }
[/spacemesh/go-spacemesh/tortoise/model/core.go:135] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
134: if ev.LayerID.After(types.GetEffectiveGenesis()) {
> 135: tortoise.RecoverLayer(context.Background(), c.tortoise, c.cdb.Executor, c.atxdata, ev.LayerID, c.tortoise.OnBallot)
136: c.tortoise.TallyVotes(context.Background(), ev.LayerID)
[/spacemesh/go-spacemesh/tortoise/model/core.go:127] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
126: ballot.SmesherID = c.signer.NodeID()
> 127: ballot.Initialize()
128: if c.refBallot == nil {
[/spacemesh/go-spacemesh/tortoise/model/core.go:117] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
116: c.rng.Read(beacon[:])
> 117: beacons.Set(c.cdb, ev.LayerID.GetEpoch(), beacon)
118: }
[/spacemesh/go-spacemesh/tortoise/model/core.go:116] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
115: beacon = types.Beacon{}
> 116: c.rng.Read(beacon[:])
117: beacons.Set(c.cdb, ev.LayerID.GetEpoch(), beacon)
[/spacemesh/go-spacemesh/tortoise/model/beacon.go:27] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
26: beacon := types.Beacon{}
> 27: b.rng.Read(beacon[:])
28: m.Send(MessageBeacon{
[/spacemesh/go-spacemesh/timesync/peersync/sync.go:176] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
175: s.cancel()
> 176: s.Wait()
177: }
[/spacemesh/go-spacemesh/timesync/clock.go:50] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
49: for _, opt := range opts {
> 50: opt(cfg)
51: }
[/spacemesh/go-spacemesh/systest/validation/consensus.go:92] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
91: }
> 92: eg.Wait()
93: return cv.Complete(iter)
[/spacemesh/go-spacemesh/systest/cluster/nodes.go:649] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
648: }
> 649: deployNodeSvc(ctx, nodeId)
650: clients <- &NodeClient{
[/spacemesh/go-spacemesh/systest/cluster/nodes.go:219] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
218: if n.privConn != nil && n.privConn == conn {
> 219: n.privConn.Close()
220: n.privConn = nil
[/spacemesh/go-spacemesh/systest/cluster/nodes.go:189] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
188: if n.pubConn != nil && n.pubConn == conn {
> 189: n.pubConn.Close()
190: n.pubConn = nil
[/spacemesh/go-spacemesh/systest/cluster/cluster.go:723] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
722: }
> 723: eg.Wait()
724: }
[/spacemesh/go-spacemesh/syncer/syncer.go:603] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
602: func (s *Syncer) waitBackgroundSync() {
> 603: s.backgroundSync.eg.Wait()
604: }
[/spacemesh/go-spacemesh/syncer/syncer.go:466] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
465: s.backgroundSync.cancel()
> 466: s.backgroundSync.eg.Wait()
467: s.backgroundSync.epoch.Store(0)
[/spacemesh/go-spacemesh/sql/database.go:242] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
241: tx.Commit()
> 242: tx.Release()
243:
[/spacemesh/go-spacemesh/sql/database.go:241] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
240: }
> 241: tx.Commit()
242: tx.Release()
[/spacemesh/go-spacemesh/sql/database.go:231] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
230:
> 231: tx.Release()
232: err = errors.Join(err, db.Close())
[/spacemesh/go-spacemesh/sql/activesets/activesets.go:68] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
67: rst = make([]byte, rd.Len())
> 68: rd.Read(rst)
69: return true
[/spacemesh/go-spacemesh/p2p/upgrade.go:404] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
403: fh.natTypeSub.Close()
> 404: fh.eg.Wait()
405: if err := fh.Host.Close(); err != nil {
[/spacemesh/go-spacemesh/p2p/upgrade.go:403] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
402: fh.reachSub.Close()
> 403: fh.natTypeSub.Close()
404: fh.eg.Wait()
[/spacemesh/go-spacemesh/p2p/upgrade.go:402] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
401: fh.discovery.Stop()
> 402: fh.reachSub.Close()
403: fh.natTypeSub.Close()
[/spacemesh/go-spacemesh/p2p/upgrade.go:378] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
377: }
> 378: fh.discovery.Start()
379: if fh.ping != nil {
[/spacemesh/go-spacemesh/p2p/server/server.go:260] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
259: )
> 260: stream.Conn().Close()
261: return false
[/spacemesh/go-spacemesh/p2p/server/server.go:220] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
219: if s.decayingTag != nil {
> 220: s.decayingTag.Bump(req.stream.Conn().RemotePeer(), s.decayingTagSpec.Inc)
221: }
[/spacemesh/go-spacemesh/p2p/server/server.go:215] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
214: if err := limit.Wait(ctx); err != nil {
> 215: eg.Wait()
216: return nil
[/spacemesh/go-spacemesh/p2p/server/server.go:208] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
207: case <-ctx.Done():
> 208: eg.Wait()
209: return nil
[/spacemesh/go-spacemesh/p2p/server/server.go:199] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
198: }
> 199: stream.Close()
200: }
[/spacemesh/go-spacemesh/p2p/pubsub/wrapper.go:37-57] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
36: handler = DropPeerOnValidationReject(handler, ps.host, ps.logger)
> 37: ps.pubsub.RegisterTopicValidator(
> 38: topic,
> 39: func(ctx context.Context, pid peer.ID, msg *pubsub.Message) pubsub.ValidationResult {
> 40: start := time.Now()
> 41: err := handler(log.WithNewRequestID(ctx), pid, msg.Data)
> 42: metrics.ProcessedMessagesDuration.WithLabelValues(topic, castResult(err)).
> 43: Observe(float64(time.Since(start)))
> 44: if err != nil {
> 45: ps.logger.With().Debug("topic validation failed",
> 46: log.String("topic", topic), log.Err(err))
> 47: }
> 48: switch {
> 49: case errors.Is(err, ErrValidationReject):
> 50: return pubsub.ValidationReject
> 51: case err != nil:
> 52: return pubsub.ValidationIgnore
> 53: default:
> 54: return pubsub.ValidationAccept
> 55: }
> 56: },
> 57: opts...)
58: topich, err := ps.pubsub.Join(topic)
[/spacemesh/go-spacemesh/p2p/pubsub/pubsub.go:208] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
207: }
> 208: hasher.Write(msg.Data)
209: return string(hasher.Sum(nil))
[/spacemesh/go-spacemesh/p2p/pubsub/pubsub.go:206] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
205: if msg.Topic != nil {
> 206: hasher.Write([]byte(*msg.Topic))
207: }
[/spacemesh/go-spacemesh/p2p/ping.go:80] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
79: p.cancel = nil
> 80: p.eg.Wait()
81: }
[/spacemesh/go-spacemesh/p2p/persist.go:71] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
70: }
> 71: tmp.Close()
72: return atomic.ReplaceFile(tmp.Name(), filepath.Join(dir, connectedFile))
[/spacemesh/go-spacemesh/p2p/persist.go:68] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
67: if _, err = tmp.WriteAt(crc, 0); err != nil {
> 68: tmp.Close()
69: return err
[/spacemesh/go-spacemesh/p2p/persist.go:62] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
61: if err := codec.Encode(info); err != nil {
> 62: tmp.Close()
63: return err
[/spacemesh/go-spacemesh/p2p/persist.go:55] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
54: if _, err := tmp.Write(crc); err != nil {
> 55: tmp.Close()
56: return err
[/spacemesh/go-spacemesh/p2p/host.go:444] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
443: }
> 444: cfg.Apply(libp2p.ResourceManager(mgr))
445: return nil
[/spacemesh/go-spacemesh/p2p/handshake/handshake.go:238] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
237: defer s.Close()
> 238: s.SetDeadline(time.Now().Add(l.timeout))
239:
[/spacemesh/go-spacemesh/p2p/handshake/handshake.go:159] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
158: defer s.Close()
> 159: s.SetDeadline(time.Now().Add(tr.timeout))
160:
[/spacemesh/go-spacemesh/p2p/dhtdiscovery/discovery.go:311] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
310: }
> 311: eg.Wait()
312: }
[/spacemesh/go-spacemesh/p2p/dhtdiscovery/discovery.go:269] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
268: d.cancel = nil
> 269: d.eg.Wait()
270: if !d.disableDht {
[/spacemesh/go-spacemesh/p2p/book/book.go:432] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
431: checksum.Write(scanner.Bytes())
> 432: checksum.Write([]byte{'\n'})
433: known[addr.ID] = addr
[/spacemesh/go-spacemesh/p2p/book/book.go:431] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
430: }
> 431: checksum.Write(scanner.Bytes())
432: checksum.Write([]byte{'\n'})
[/spacemesh/go-spacemesh/node/test_network.go:85] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
84: // Wait for nodes to shutdown
> 85: g.Wait()
86:
[/spacemesh/go-spacemesh/node/node.go:1654] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1653: if app.postVerifier != nil {
> 1654: app.postVerifier.Close()
1655: }
[/spacemesh/go-spacemesh/node/node.go:1650] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1649: if app.atxBuilder != nil {
> 1650: app.atxBuilder.StopSmeshing(false)
1651: }
[/spacemesh/go-spacemesh/node/node.go:1638] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1637: app.log.Info("stopping updater")
> 1638: app.updater.Close()
1639: }
[/spacemesh/go-spacemesh/node/node.go:1633] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1632: app.log.Info("stopping tls grpc service")
> 1633: app.grpcTLSServer.Close() // err is always nil
1634: }
[/spacemesh/go-spacemesh/node/node.go:1629] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1628: app.log.Info("stopping local grpc service")
> 1629: app.grpcPostServer.Close() // err is always nil
1630: }
[/spacemesh/go-spacemesh/node/node.go:1625] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1624: app.log.Info("stopping private grpc service")
> 1625: app.grpcPrivateServer.Close() // err is always nil
1626: }
[/spacemesh/go-spacemesh/node/node.go:1621] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1620: app.log.Info("stopping public grpc service")
> 1621: app.grpcPublicServer.Close() // err is always nil
1622: }
[/spacemesh/go-spacemesh/node/node.go:1298] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
1297: }
> 1298: activesets.Add(app.db, id, activeSet)
1299:
[/spacemesh/go-spacemesh/node/node.go:553] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
552: app.stopServices(ctx)
> 553: app.eg.Wait()
554: app.log.Info("app cleanup completed")
[/spacemesh/go-spacemesh/miner/proposal_builder.go:138-144] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
137: for _, lyr := range keys {
> 138: encoder.AppendObject(
> 139: log.ObjectMarshallerFunc(func(encoder log.ObjectEncoder) error {
> 140: encoder.AddUint32("layer", lyr.Uint32())
> 141: encoder.AddInt("slots", len(s.eligibilities.proofs[lyr]))
> 142: return nil
> 143: }),
> 144: )
145: }
[/spacemesh/go-spacemesh/miner/proposal_builder.go:131-148] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
130: encoder.AddInt("eligible", len(s.eligibilities.proofs))
> 131: encoder.AddArray(
> 132: "eligible by layer",
> 133: log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 134: // Sort the layer map to log the layer data in order
> 135: keys := maps.Keys(s.eligibilities.proofs)
> 136: slices.Sort(keys)
> 137: for _, lyr := range keys {
> 138: encoder.AppendObject(
> 139: log.ObjectMarshallerFunc(func(encoder log.ObjectEncoder) error {
> 140: encoder.AddUint32("layer", lyr.Uint32())
> 141: encoder.AddInt("slots", len(s.eligibilities.proofs[lyr]))
> 142: return nil
> 143: }),
> 144: )
> 145: }
> 146: return nil
> 147: }),
> 148: )
149: }
[/spacemesh/go-spacemesh/mesh/mesh.go:305] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
304: for i := range results {
> 305: encoder.AppendObject(&results[i])
306: }
[/spacemesh/go-spacemesh/hash/hash.go:19] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
18: for _, chunk := range chunks {
> 19: hh.Write(chunk)
20: }
[/spacemesh/go-spacemesh/hare3/types.go:158-163] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
157: if m.Value.Proposals != nil {
> 158: encoder.AddArray("full", zapcore.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 159: for _, id := range m.Value.Proposals {
> 160: encoder.AppendString(types.Hash20(id).ShortString())
> 161: }
> 162: return nil
> 163: }))
164: } else if m.Value.Reference != nil {
[/spacemesh/go-spacemesh/hare3/protocol.go:624] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
623: for _, stat := range s.notify {
> 624: encoder.AppendObject(&stat)
625: }
[/spacemesh/go-spacemesh/hare3/protocol.go:622-627] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
621: }))
> 622: encoder.AddArray("notify", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 623: for _, stat := range s.notify {
> 624: encoder.AppendObject(&stat)
> 625: }
> 626: return nil
> 627: }))
628: return nil
[/spacemesh/go-spacemesh/hare3/protocol.go:618] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
617: for _, stat := range s.commit {
> 618: encoder.AppendObject(&stat)
619: }
[/spacemesh/go-spacemesh/hare3/protocol.go:616-621] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
615: }))
> 616: encoder.AddArray("commit", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 617: for _, stat := range s.commit {
> 618: encoder.AppendObject(&stat)
> 619: }
> 620: return nil
> 621: }))
622: encoder.AddArray("notify", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
[/spacemesh/go-spacemesh/hare3/protocol.go:612] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
611: for _, stat := range s.propose {
> 612: encoder.AppendObject(&stat)
613: }
[/spacemesh/go-spacemesh/hare3/protocol.go:610-615] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
609: }))
> 610: encoder.AddArray("propose", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 611: for _, stat := range s.propose {
> 612: encoder.AppendObject(&stat)
> 613: }
> 614: return nil
> 615: }))
616: encoder.AddArray("commit", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
[/spacemesh/go-spacemesh/hare3/protocol.go:606] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
605: for _, stat := range s.preround {
> 606: encoder.AppendObject(&stat)
607: }
[/spacemesh/go-spacemesh/hare3/protocol.go:604-609] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
603: encoder.AddUint16("threshold", s.threshold)
> 604: encoder.AddArray("preround", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 605: for _, stat := range s.preround {
> 606: encoder.AppendObject(&stat)
> 607: }
> 608: return nil
> 609: }))
610: encoder.AddArray("propose", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
[/spacemesh/go-spacemesh/hare3/protocol.go:585] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
584: for _, tally := range n.tallies {
> 585: encoder.AppendObject(&tally)
586: }
[/spacemesh/go-spacemesh/hare3/protocol.go:583-588] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
582: encoder.AddUint16("grade", uint16(n.grade))
> 583: encoder.AddArray("tallies", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 584: for _, tally := range n.tallies {
> 585: encoder.AppendObject(&tally)
> 586: }
> 587: return nil
> 588: }))
589: return nil
[/spacemesh/go-spacemesh/hare3/protocol.go:569] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
568: for _, tally := range s.tallies {
> 569: encoder.AppendObject(&tally)
570: }
[/spacemesh/go-spacemesh/hare3/protocol.go:567-572] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
566: encoder.AddUint16("grade", uint16(s.grade))
> 567: encoder.AddArray("tallies", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 568: for _, tally := range s.tallies {
> 569: encoder.AppendObject(&tally)
> 570: }
> 571: return nil
> 572: }))
573: return nil
[/spacemesh/go-spacemesh/hare3/protocol.go:551-556] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
550: encoder.AddUint16("grade", uint16(s.grade))
> 551: encoder.AddArray("proposals", zapcore.ArrayMarshalerFunc(func(encoder zapcore.ArrayEncoder) error {
> 552: for _, id := range s.proposals {
> 553: encoder.AppendString(id.String())
> 554: }
> 555: return nil
> 556: }))
557: return nil
[/spacemesh/go-spacemesh/hare3/protocol.go:517] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
516: for _, tally := range s.tallies {
> 517: enc.AppendObject(&tally)
518: }
[/spacemesh/go-spacemesh/hare3/protocol.go:515-520] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
514: encoder.AddUint16("grade", uint16(s.grade))
> 515: encoder.AddArray("tallies", zapcore.ArrayMarshalerFunc(func(enc zapcore.ArrayEncoder) error {
> 516: for _, tally := range s.tallies {
> 517: enc.AppendObject(&tally)
> 518: }
> 519: return nil
> 520: }))
521: return nil
[/spacemesh/go-spacemesh/hare3/protocol.go:87] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
86: if o.message != nil {
> 87: encoder.AddObject("msg", o.message)
88: }
[/spacemesh/go-spacemesh/hare3/protocol.go:79-84] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
78: if o.result != nil {
> 79: encoder.AddArray("result", zapcore.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 80: for _, id := range o.result {
> 81: encoder.AppendString(types.Hash20(id).ShortString())
> 82: }
> 83: return nil
> 84: }))
85: }
[/spacemesh/go-spacemesh/hare3/protocol.go:58] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
57: if i.Message != nil {
> 58: i.Message.MarshalLogObject(encoder)
59: }
[/spacemesh/go-spacemesh/hare3/hare.go:603] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
602: h.cancel()
> 603: h.eg.Wait()
604: close(h.results)
[/spacemesh/go-spacemesh/genvm/vm.go:244] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
243: }
> 244: account.EncodeScale(encoder)
245: return true
[/spacemesh/go-spacemesh/genvm/core/hash.go:22] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
21: template.EncodeScale(encoder)
> 22: args.EncodeScale(encoder)
23: hash := hasher.Sum(nil)
[/spacemesh/go-spacemesh/genvm/core/hash.go:21] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
20: encoder := scale.NewEncoder(hasher)
> 21: template.EncodeScale(encoder)
22: args.EncodeScale(encoder)
[/spacemesh/go-spacemesh/fetch/mesh_data.go:119] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
118:
> 119: eg.Wait()
120: if !bfailure.Empty() {
[/spacemesh/go-spacemesh/config/genesis.go:38] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
37: hh.Write([]byte(strconv.FormatInt(parsed.Unix(), 10)))
> 38: hh.Write([]byte(g.ExtraData))
39: return types.BytesToHash(hh.Sum(nil))
[/spacemesh/go-spacemesh/config/genesis.go:37] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
36: }
> 37: hh.Write([]byte(strconv.FormatInt(parsed.Unix(), 10)))
38: hh.Write([]byte(g.ExtraData))
[/spacemesh/go-spacemesh/common/util/json.go:98] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
97: }
> 98: hex.Decode(out, raw)
99: return nil
[/spacemesh/go-spacemesh/common/types/transaction_result.go:54-59] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
53: encoder.AddUint32("layer", h.Layer.Uint32())
> 54: encoder.AddArray("addresses", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 55: for i := range h.Addresses {
> 56: encoder.AppendString((&h.Addresses[i]).String())
> 57: }
> 58: return nil
> 59: }))
60: return nil
[/spacemesh/go-spacemesh/common/types/tortoise_data.go:29] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
28: if b.EpochData != nil {
> 29: encoder.AddObject("epochdata", b.EpochData)
30: } else if b.Ref != nil {
[/spacemesh/go-spacemesh/common/types/tortoise_data.go:26] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
25: encoder.AddString("atxid", b.AtxID.String())
> 26: encoder.AddObject("opinion", &b.Opinion)
27: encoder.AddUint32("elig", b.Eligibilities)
[/spacemesh/go-spacemesh/common/types/result/result.go:60] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
59: func (b *Block) MarshalLogObject(encoder log.ObjectEncoder) error {
> 60: b.Header.MarshalLogObject(encoder)
61: encoder.AddBool("valid", b.Valid)
[/spacemesh/go-spacemesh/common/types/result/result.go:43] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
42: for i := range l.Blocks {
> 43: aencoder.AppendObject(&l.Blocks[i])
44: }
[/spacemesh/go-spacemesh/common/types/result/result.go:41-46] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
40: encoder.AddBool("verified", l.Verified)
> 41: encoder.AddArray("blocks", log.ArrayMarshalerFunc(func(aencoder log.ArrayEncoder) error {
> 42: for i := range l.Blocks {
> 43: aencoder.AppendObject(&l.Blocks[i])
> 44: }
> 45: return nil
> 46: }))
47: return nil
[/spacemesh/go-spacemesh/common/types/proposal.go:141] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
140: encoder.AddString("mesh_hash", p.MeshHash.ShortString())
> 141: p.Ballot.MarshalLogObject(encoder)
142: return nil
[/spacemesh/go-spacemesh/common/types/poet.go:109] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
108: }
> 109: encoder.AddObject("PoetProof", &p.PoetProof)
110: encoder.AddString("PoetServiceID", hex.EncodeToString(p.PoetServiceID))
[/spacemesh/go-spacemesh/common/types/poet.go:83-88] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
82: }))
> 83: encoder.AddArray("MerkleProof.ProofNodes", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 84: for _, v := range p.ProofNodes {
> 85: encoder.AppendString(hex.EncodeToString(v))
> 86: }
> 87: return nil
> 88: }))
89:
[/spacemesh/go-spacemesh/common/types/poet.go:77-82] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
76: encoder.AddString("MerkleProof.Root", hex.EncodeToString(p.Root))
> 77: encoder.AddArray("MerkleProof.ProvenLeaves", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 78: for _, v := range p.ProvenLeaves {
> 79: encoder.AppendString(hex.EncodeToString(v))
> 80: }
> 81: return nil
> 82: }))
83: encoder.AddArray("MerkleProof.ProofNodes", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
[/spacemesh/go-spacemesh/common/types/malfeasance.go:360] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
359: if ok {
> 360: p.Atx.Initialize()
361: b.WriteString(
[/spacemesh/go-spacemesh/common/types/malfeasance.go:199] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
198: encoder.AddObject("first", &hp.Messages[0].InnerMsg)
> 199: encoder.AddObject("second", &hp.Messages[1].InnerMsg)
200: return nil
[/spacemesh/go-spacemesh/common/types/malfeasance.go:198] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
197: func (hp *HareProof) MarshalLogObject(encoder log.ObjectEncoder) error {
> 198: encoder.AddObject("first", &hp.Messages[0].InnerMsg)
199: encoder.AddObject("second", &hp.Messages[1].InnerMsg)
[/spacemesh/go-spacemesh/common/types/malfeasance.go:189] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
188: encoder.AddObject("first", &bp.Messages[0].InnerMsg)
> 189: encoder.AddObject("second", &bp.Messages[1].InnerMsg)
190: return nil
[/spacemesh/go-spacemesh/common/types/malfeasance.go:188] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
187: func (bp *BallotProof) MarshalLogObject(encoder log.ObjectEncoder) error {
> 188: encoder.AddObject("first", &bp.Messages[0].InnerMsg)
189: encoder.AddObject("second", &bp.Messages[1].InnerMsg)
[/spacemesh/go-spacemesh/common/types/malfeasance.go:179] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
178: encoder.AddObject("first", &ap.Messages[0].InnerMsg)
> 179: encoder.AddObject("second", &ap.Messages[1].InnerMsg)
180: return nil
[/spacemesh/go-spacemesh/common/types/malfeasance.go:178] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
177: func (ap *AtxProof) MarshalLogObject(encoder log.ObjectEncoder) error {
> 178: encoder.AddObject("first", &ap.Messages[0].InnerMsg)
179: encoder.AddObject("second", &ap.Messages[1].InnerMsg)
[/spacemesh/go-spacemesh/common/types/malfeasance.go:168] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
167: if mg.Eligibility != nil {
> 168: encoder.AddObject("hare eligibility", mg.Eligibility)
169: }
[/spacemesh/go-spacemesh/common/types/malfeasance.go:166] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
165: func (mg *MalfeasanceGossip) MarshalLogObject(encoder log.ObjectEncoder) error {
> 166: encoder.AddObject("proof", &mg.MalfeasanceProof)
167: if mg.Eligibility != nil {
[/spacemesh/go-spacemesh/common/types/malfeasance.go:72] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
71: if ok {
> 72: p.Atx.Initialize()
73: encoder.AddString("atx_id", p.Atx.ID().String())
[/spacemesh/go-spacemesh/common/types/malfeasance.go:66] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
65: } else {
> 66: encoder.AddObject("msgs", p)
67: }
[/spacemesh/go-spacemesh/common/types/malfeasance.go:58] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
57: } else {
> 58: encoder.AddObject("msgs", p)
59: }
[/spacemesh/go-spacemesh/common/types/malfeasance.go:50] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
49: } else {
> 50: encoder.AddObject("msgs", p)
51: }
[/spacemesh/go-spacemesh/common/types/hashes.go:137] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
136: for _, id := range sortedView {
> 137: hash.Write(id.Bytes()) // this never returns an error: https://golang.org/pkg/hash/#Hash
138: }
[/spacemesh/go-spacemesh/common/types/hashes.go:135] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
134: hash := hash.New()
> 135: hash.Write(additionalBytes)
136: for _, id := range sortedView {
[/spacemesh/go-spacemesh/common/types/hashes.go:124] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
123: for _, id := range sortedView {
> 124: hasher.Write(id.Bytes()) // this never returns an error: https://golang.org/pkg/hash/#Hash
125: }
[/spacemesh/go-spacemesh/common/types/hashes.go:122] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
121: hasher := hash.New()
> 122: hasher.Write(additionalBytes)
123: for _, id := range sortedView {
[/spacemesh/go-spacemesh/common/types/ballot.go:326] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
325: encoder.AddString("beacon", beacon.ShortString())
> 326: encoder.AddObject("votes", &b.Votes)
327: return nil
[/spacemesh/go-spacemesh/common/types/ballot.go:200-205] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
199: }))
> 200: encoder.AddArray("abstain", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 201: for _, lid := range v.Abstain {
> 202: encoder.AppendString(lid.String())
> 203: }
> 204: return nil
> 205: }))
206: return nil
[/spacemesh/go-spacemesh/common/types/ballot.go:196] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
195: for _, vote := range v.Against {
> 196: encoder.AppendObject(&vote)
197: }
[/spacemesh/go-spacemesh/common/types/ballot.go:194-199] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
193: }))
> 194: encoder.AddArray("against", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 195: for _, vote := range v.Against {
> 196: encoder.AppendObject(&vote)
> 197: }
> 198: return nil
> 199: }))
200: encoder.AddArray("abstain", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
[/spacemesh/go-spacemesh/common/types/ballot.go:190] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
189: for _, vote := range v.Support {
> 190: encoder.AppendObject(&vote)
191: }
[/spacemesh/go-spacemesh/common/types/ballot.go:188-193] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
187: encoder.AddString("base", v.Base.String())
> 188: encoder.AddArray("support", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
> 189: for _, vote := range v.Support {
> 190: encoder.AppendObject(&vote)
> 191: }
> 192: return nil
> 193: }))
194: encoder.AddArray("against", log.ArrayMarshalerFunc(func(encoder log.ArrayEncoder) error {
[/spacemesh/go-spacemesh/common/types/activation.go:124] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
123: }
> 124: encoder.AddObject("InitialPost", c.InitialPost)
125: return nil
[/spacemesh/go-spacemesh/common/fixture/transaction_results.go:70] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
69: tx.Raw = make([]byte, 10)
> 70: g.rng.Read(tx.Raw)
71: tx.Block = g.Blocks[g.rng.Intn(len(g.Blocks))]
[/spacemesh/go-spacemesh/common/fixture/transaction_results.go:68] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
67: var tx types.TransactionWithResult
> 68: g.rng.Read(tx.ID[:])
69: tx.Raw = make([]byte, 10)
[/spacemesh/go-spacemesh/common/fixture/rewards.go:65] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
64: var reward types.Reward
> 65: g.rng.Read(reward.SmesherID[:])
66:
[/spacemesh/go-spacemesh/common/fixture/atxs.go:116] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
115: var atxId types.ATXID
> 116: g.rng.Read(atxId[:])
117: atx.SetID(atxId)
[/spacemesh/go-spacemesh/common/fixture/atxs.go:88] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
87: var nodeId types.NodeID
> 88: g.rng.Read(nodeId[:])
89:
[/spacemesh/go-spacemesh/common/fixture/atxs.go:86] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
85: var posAtxId types.ATXID
> 86: g.rng.Read(posAtxId[:])
87: var nodeId types.NodeID
[/spacemesh/go-spacemesh/common/fixture/atxs.go:84] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
83: var prevAtxId types.ATXID
> 84: g.rng.Read(prevAtxId[:])
85: var posAtxId types.ATXID
[/spacemesh/go-spacemesh/beacon/weakcoin/weak_coin.go:236] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
235: }
> 236: eg.Wait()
237: }
[/spacemesh/go-spacemesh/beacon/proposal_list.go:29] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
28: // an error is never returned: https://golang.org/pkg/hash/#Hash
> 29: hasher.Write(proposal[:])
30: }
[/spacemesh/go-spacemesh/beacon/beacon.go:630] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
629: for _, p := range active {
> 630: enc.AppendObject(p)
631: }
[/spacemesh/go-spacemesh/api/grpcserver/smesher_service.go:86] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
85: if err != nil {
> 86: status.Error(codes.InvalidArgument, err.Error())
87: }
[/spacemesh/go-spacemesh/activation/post_verifier.go:293] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
292:
> 293: v.verifier.Close()
294: v.log.Info("stopped post verifier")
[/spacemesh/go-spacemesh/activation/post_verifier.go:291] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
290: close(v.stop)
> 291: v.eg.Wait()
292:
[/spacemesh/go-spacemesh/activation/post_supervisor.go:299] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
298: }
> 299: eg.Wait()
300: ps.logger.Fatal("post service exited", zap.Error(err))
[/spacemesh/go-spacemesh/activation/post_supervisor.go:279] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
278: if err := cmd.Start(); err != nil {
> 279: pipe.Close()
280: ps.logger.Error("start post service", zap.Error(err))
[/spacemesh/go-spacemesh/activation/nipost.go:421] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
420: }
> 421: g.Wait()
422: close(errChan)
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed