Add new gosec gh yaml file

.github/workflows/gosec.yaml

@@ -0,0 +1,25 @@
+name: Gosec
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+          cache: false
+      - name: Run Gosec
+        uses: securego/gosec@master
+        with:
+          args: '-exclude=G104,G115,G304,G406,G507 -exclude-dir=builtin/gen ./...'

.github/workflows/lint-go.yaml

@@ -25,5 +25,3 @@ jobs:
           args: --timeout=30m --config=.golangci.yml
           only-new-issues: true
           skip-cache: true
-          skip-pkg-cache: true
-          skip-build-cache: true

.golangci.yml

@@ -6,7 +6,7 @@ run:
   tests: true
   # default is true. Enables skipping of directories:
   #   vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: true
+  exclude-dirs-use-default: true
 
 linters:
   disable-all: true

cache/rnd_cache.go

@@ -106,7 +106,7 @@ func (rc *RandCache) Pick() *Entry {
 	if len(rc.s) == 0 {
 		return nil
 	}
-	ent := rc.s[rand.Intn(len(rc.s))] // nolint:gosec
+	ent := rc.s[rand.Intn(len(rc.s))] // #nosec
 	cpy := ent.Entry
 	return &cpy
 }
@@ -141,6 +141,6 @@ func (rc *RandCache) randDrop() {
 	if len(rc.s) == 0 {
 		return
 	}
-	ent := rc.s[rand.Intn(len(rc.s))] // nolint:gosec
+	ent := rc.s[rand.Intn(len(rc.s))] // #nosec
 	rc.remove(ent.Key)
 }

cmd/thor/solo/solo.go

@@ -263,7 +263,7 @@ func (s *Solo) newTx(clauses []*tx.Clause, from genesis.DevAccount) (*tx.Transac
 
 	newTx := builder.BlockRef(tx.NewBlockRef(0)).
 		Expiration(math.MaxUint32).
-		Nonce(rand.Uint64()). // nolint:gosec
+		Nonce(rand.Uint64()). // #nosec
 		DependsOn(nil).
 		Gas(1_000_000).
 		Build()

comm/peer.go

@@ -84,7 +84,7 @@ func (p *Peer) UpdateHead(id thor.Bytes32, totalScore uint64) {
 // MarkTransaction marks a transaction to known.
 func (p *Peer) MarkTransaction(hash thor.Bytes32) {
 	// that's 10~100 block intervals
-	expiration := mclock.AbsTime(time.Second * time.Duration(thor.BlockInterval*uint64(rand.Intn(91)+10))) // nolint:gosec
+	expiration := mclock.AbsTime(time.Second * time.Duration(thor.BlockInterval*uint64(rand.Intn(91)+10))) // #nosec
 
 	deadline := mclock.Now() + expiration
 	p.knownTxs.Add(hash, deadline)

p2psrv/rpc/rpc.go

@@ -158,7 +158,7 @@ func (r *RPC) prepareCall(msgCode uint64, onResult func(*p2p.Msg) error) uint32
 	r.lock.Lock()
 	defer r.lock.Unlock()
 	for {
-		id := rand.Uint32() // nolint:gosec
+		id := rand.Uint32() // #nosec
 		if id == 0 {
 			// 0 id is taken by Notify
 			continue

test/datagen/numbers.go

@@ -10,9 +10,9 @@ import (
 )
 
 func RandInt() int {
-	return mathrand.Int() // nolint:gosec
+	return mathrand.Int() // #nosec
 }
 
 func RandIntN(n int) int {
-	return mathrand.Intn(n) // nolint:gosec
+	return mathrand.Intn(n) // #nosec
 }

txpool/tx_pool.go

@@ -181,7 +181,7 @@ func (p *TxPool) fetchBlocklistLoop() {
 
 	for {
 		// delay 1~2 min
-		delay := time.Second * time.Duration(rand.Int()%60+60) // nolint:gosec
+		delay := time.Second * time.Duration(rand.Int()%60+60) // #nosec
 		select {
 		case <-p.ctx.Done():
 			return