Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: medium shiftleft scan findings #127

Closed
tomtau opened this issue Sep 29, 2020 · 4 comments
Closed

Problem: medium shiftleft scan findings #127

tomtau opened this issue Sep 29, 2020 · 4 comments
Assignees
@leejw51crypto
Labels
security

Comments

@tomtau
Copy link
Contributor

tomtau commented Sep 29, 2020

some can be fixed, others may be suppressed in app.go (initRootCmd) and gentx.go (writeSignedGenTx):

  1. "Expect file permissions to be 0600 or less." (https://cwe.mitre.org/data/definitions/276.html)
  2. "Deferring unsafe method "Close" on type "*os.File"." (https://cwe.mitre.org/data/definitions/703.html)
  3. "Potential file inclusion via variable." (https://cwe.mitre.org/data/definitions/22.html)
@tomtau tomtau changed the title Problem: medium scanleft scan findings Problem: medium shiftleft scan findings Sep 29, 2020
@leejw51crypto leejw51crypto self-assigned this Oct 14, 2020
@leejw51crypto
Copy link
Contributor

started

@leejw51crypto
Copy link
Contributor

leejw51crypto commented Oct 19, 2020
edited
Loading

i'll modify initRootCmd, writeSignedGenTx
according to the above guide

@tomtau
Copy link
Contributor Author

tomtau commented Oct 19, 2020

@leejw51crypto if you want to check the shiftleft scan, you can with:

 docker run --rm -e "WORKSPACE=${PWD}" -v $PWD:/app shiftleft/sast-scan scan --build

leejw51crypto added a commit that referenced this issue Oct 19, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix #127)
b012448
@leejw51crypto
Copy link
Contributor

leejw51crypto commented Oct 19, 2020
edited
Loading

fixed 1,2
writing path validating function for 3

leejw51crypto added a commit that referenced this issue Oct 20, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix #127)
79fdc4d
leejw51crypto added a commit that referenced this issue Oct 21, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix #127)
4cf2327 
add security

fix close

add path checking

remove redundant code
leejw51crypto added a commit that referenced this issue Oct 21, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix #127)
fa55197 
add security

fix close

add path checking

remove redundant code

remove comments
leejw51crypto pushed a commit to leejw51crypto/chain-main that referenced this issue Oct 21, 2020
@leejw51
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
00a576b
leejw51crypto pushed a commit to leejw51crypto/chain-main that referenced this issue Oct 21, 2020
@leejw51
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
8ab281c
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 21, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
0032bbc
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 21, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
51de149 
fix lint issue
@leejw51crypto leejw51crypto mentioned this issue Oct 22, 2020
Merged
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 22, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
02e11f6 
fix lint issue

use closure for file.close

fix manual file validity check
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 22, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
2cd75e8 
fix lint issue

use closure for file.close

fix manual file validity check

display error in closing file
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 22, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
f3e377b 
fix lint issue

use closure for file.close

fix manual file validity check

display error in closing file

fix lint issue
leejw51crypto added a commit to leejw51crypto/chain-main that referenced this issue Oct 22, 2020
@leejw51crypto
Problem: medium shiftleft scan findings (fix crypto-org-chain#127)
31544ac 
fix lint issue

use closure for file.close

fix manual file validity check

display error in closing file

fix lint issue

tidy up
@tomtau tomtau closed this as completed in 4784eac Oct 22, 2020
allthatjazzleo pushed a commit to allthatjazzleo/chain-main that referenced this issue Oct 22, 2020
@leejw51crypto @allthatjazzleo
Problem: medium shiftleft scan findings (fix crypto-org-chain#127) (c…
29a467f 
…rypto-org-chain#199)

Solution: change filemode to 600, cleanup filepath, defer file.close with error logging
damoncro pushed a commit to damoncro/chain-main that referenced this issue Oct 25, 2021
@yihuang
Problem: sendToCosmos's recipient parameter type is confusing (crypto…
793e340 
…-org-chain#127)

* Problem: sendToCosmos's recipient parameter type is confusing

Closes: crypto-org-chain#126

Solution:
- add `sendToCronos`, where the type of recipient parameter is address

* fix contract

* make sendToCosmos private
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leejw51crypto leejw51crypto

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomtau @leejw51crypto