#334 fix gosec error

2ed4f5c1 · pengjun · vipwzw · 53997dae · 2ed4f5c1 · 2ed4f5c1
Commit 2ed4f5c1 authored Jan 30, 2019 by pengjun Committed by vipwzw Feb 11, 2019
9 changed files
--- a/plugin/dapp/cert/authority/tools/cryptogen/cryptogen.go
+++ b/plugin/dapp/cert/authority/tools/cryptogen/cryptogen.go
@@ -74,7 +74,12 @@ func generateUsers(baseDir string, orgName string) {
 	fmt.Printf("generateUsers\n")
 	fmt.Println(baseDir)

-	os.RemoveAll(baseDir)
+	err := os.RemoveAll(baseDir)
+	if err != nil {
+		fmt.Println("Clean directory %s error", baseDir)
+		os.Exit(1)
+	}
+
 	caDir := filepath.Join(baseDir, "cacerts")

 	signType := types.GetSignType("cert", cfg.SignType)

--- a/plugin/dapp/cert/authority/tools/cryptogen/factory/csp/fileks.go
+++ b/plugin/dapp/cert/authority/tools/cryptogen/factory/csp/fileks.go
@@ -154,12 +154,11 @@ func (ks *fileBasedKeyStore) storePublicKey(alias string, publicKey interface{})
 func (ks *fileBasedKeyStore) createKeyStoreIfNotExists() error {
 	ksPath := ks.path
 	missing, _ := auth.DirMissingOrEmpty(ksPath)
-
 	if missing {
 		err := ks.createKeyStore()
 		if err != nil {
 			logger.Error("Failed creating KeyStore At [%s]: [%s]", ksPath, err.Error())
-			return nil
+			return err
 		}
 	}

@@ -169,9 +168,8 @@ func (ks *fileBasedKeyStore) createKeyStoreIfNotExists() error {
 func (ks *fileBasedKeyStore) createKeyStore() error {
 	ksPath := ks.path

-	os.MkdirAll(ksPath, 0755)
-
-	return nil
+	err := os.MkdirAll(ksPath, 0750)
+	return err
 }

 func (ks *fileBasedKeyStore) openKeyStore() error {

--- a/plugin/dapp/cert/authority/tools/cryptogen/generator/impl/generatorimpl.go
+++ b/plugin/dapp/cert/authority/tools/cryptogen/generator/impl/generatorimpl.go
@@ -52,7 +52,7 @@ func NewCA(baseDir, name string, signType int) (generator.CAGenerator, error) {
 }

 func newEcdsaCA(baseDir, name string) (*EcdsaCA, error) {
-	err := os.MkdirAll(baseDir, 0755)
+	err := os.MkdirAll(baseDir, 0750)
 	if err != nil {
 		return nil, err
 	}
@@ -168,8 +168,7 @@ func x509Template() x509.Certificate {

 }

-func genCertificateECDSA(baseDir, name string, template, parent *x509.Certificate,
-	priv interface{}) (*x509.Certificate, error) {
+func genCertificateECDSA(baseDir, name string, template, parent *x509.Certificate, priv interface{}) (*x509.Certificate, error) {
 	certBytes, err := x509.CreateCertificate(rand.Reader, template, parent, template.PublicKey, priv)
 	if err != nil {
 		return nil, err
@@ -180,9 +179,9 @@ func genCertificateECDSA(baseDir, name string, template, parent *x509.Certificat
 	if err != nil {
 		return nil, err
 	}
+	defer certFile.Close()

 	err = pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes})
-	certFile.Close()
 	if err != nil {
 		return nil, err
 	}
@@ -291,7 +290,10 @@ func genCertificateGMSM2(baseDir, name string, template, parent *sm2.Certificate

 	fileName := filepath.Join(baseDir, name+"-cert.pem")

-	utils.CreateCertificateToPem(fileName, template, parent, key)
+	err = utils.CreateCertificateToPem(fileName, template, parent, key)
+	if err != nil {
+		return nil, err
+	}

 	x509Cert, err := sm2.ReadCertificateFromMem(certBytes)
 	if err != nil {
@@ -310,7 +312,7 @@ func createFolderStructure(rootDir string, local bool) error {
 	}

 	for _, folder := range folders {
-		err := os.MkdirAll(folder, 0755)
+		err := os.MkdirAll(folder, 0750)
 		if err != nil {
 			return err
 		}

--- a/plugin/dapp/cert/authority/tools/cryptogen/generator/utils/certutils.go
+++ b/plugin/dapp/cert/authority/tools/cryptogen/generator/utils/certutils.go
@@ -27,10 +27,9 @@ func CreateCertificateToMem(template, parent *sm2.Certificate, key csp.Key) (cer
 }

 // CreateCertificateToPem 证书转pem
-func CreateCertificateToPem(FileName string, template, parent *sm2.Certificate, key csp.Key) (bool, error) {
+func CreateCertificateToPem(FileName string, template, parent *sm2.Certificate, key csp.Key) error {
 	pk := key.(*csp.SM2PrivateKey).PrivKey

-	var result bool
 	var err error
 	pub, _ := template.PublicKey.(*sm2.PublicKey)
 	var puk sm2.PublicKey
@@ -38,12 +37,12 @@ func CreateCertificateToPem(FileName string, template, parent *sm2.Certificate, 
 	puk.Curve = sm2.P256Sm2()
 	puk.X = pub.X
 	puk.Y = pub.Y
-	result, err = sm2.CreateCertificateToPem(FileName, template, parent, &puk, pk)
+	_, err = sm2.CreateCertificateToPem(FileName, template, parent, &puk, pk)
 	if err != nil {
-		return false, err
+		return err
 	}

-	return result, err
+	return nil
 }

 // ParseX509CertificateToSm2 解析x509格式为sm2格式证书

--- a/plugin/dapp/cert/authority/utils/io.go
+++ b/plugin/dapp/cert/authority/utils/io.go
@@ -14,7 +14,7 @@ import (

 // DirMissingOrEmpty 路径是否为空
 func DirMissingOrEmpty(path string) (bool, error) {
-	dirExists, err := DirExists(path)
+	dirExists, err := dirExists(path)
 	if err != nil {
 		return false, err
 	}
@@ -22,7 +22,7 @@ func DirMissingOrEmpty(path string) (bool, error) {
 		return true, nil
 	}

-	dirEmpty, err := DirEmpty(path)
+	dirEmpty, err := dirEmpty(path)
 	if err != nil {
 		return false, err
 	}
@@ -33,7 +33,7 @@ func DirMissingOrEmpty(path string) (bool, error) {
 }

 // DirExists 目录是否存在
-func DirExists(path string) (bool, error) {
+func dirExists(path string) (bool, error) {
 	_, err := os.Stat(path)
 	if err == nil {
 		return true, nil
@@ -45,7 +45,7 @@ func DirExists(path string) (bool, error) {
 }

 // DirEmpty 目录是否为空
-func DirEmpty(path string) (bool, error) {
+func dirEmpty(path string) (bool, error) {
 	f, err := os.Open(path)
 	if err != nil {
 		return false, err
@@ -83,8 +83,3 @@ func ReadPemFile(file string) ([]byte, error) {

 	return bytes, nil
 }
-
-// DeleteFile 删除文件
-func DeleteFile(file string) error {
-	return os.Remove(file)
-}
--- a/plugin/dapp/cert/executor/cert.go
+++ b/plugin/dapp/cert/executor/cert.go
@@ -27,7 +27,10 @@ func Init(name string, sub []byte) {
 	if sub != nil {
 		types.MustDecode(sub, &cfg)
 	}
-	authority.Author.Init(&cfg)
+	err := authority.Author.Init(&cfg)
+	if err != nil {
+		clog.Error("error to initialize authority", err)
+	}
 	drivers.Register(driverName, newCert, types.GetDappFork(driverName, "Enable"))
 }

@@ -69,18 +72,27 @@ func (c *Cert) CheckTx(tx *types.Transaction, index int) error {

 	// 重启
 	if authority.Author.HistoryCertCache.CurHeight == -1 {
-		c.loadHistoryByPrefix()
+		err := c.loadHistoryByPrefix()
+		if err != nil {
+			return err
+		}
 	}

 	// 当前区块<上次证书变更区块，cert回滚
 	if c.GetHeight() <= authority.Author.HistoryCertCache.CurHeight {
-		c.loadHistoryByPrefix()
+		err := c.loadHistoryByPrefix()
+		if err != nil {
+			return err
+		}
 	}

 	// 当前区块>上次变更下一区块，下一区块不为-1，即非最新证书变更记录，用于cert回滚时判断是否到了下一变更记录
 	nxtHeight := authority.Author.HistoryCertCache.NxtHeight
 	if nxtHeight != -1 && c.GetHeight() > nxtHeight {
-		c.loadHistoryByHeight()
+		err := c.loadHistoryByHeight()
+		if err != nil {
+			return err
+		}
 	}

 	// auth校验
@@ -111,7 +123,10 @@ func (c *Cert) loadHistoryByPrefix() error {
 	// 寻找当前高度使用的证书区间
 	var historyData types.HistoryCertStore
 	for _, v := range result.Values {
-		types.Decode(v, &historyData)
+		err := types.Decode(v, &historyData)
+		if err != nil {
+			return err
+		}
 		if historyData.CurHeigth < c.GetHeight() && (historyData.NxtHeight >= c.GetHeight() || historyData.NxtHeight == -1) {
 			return authority.Author.ReloadCert(&historyData)
 		}
@@ -132,7 +147,10 @@ func (c *Cert) loadHistoryByHeight() error {
 	}
 	var historyData types.HistoryCertStore
 	for _, v := range result.Values {
-		types.Decode(v, &historyData)
+		err := types.Decode(v, &historyData)
+		if err != nil {
+			return err
+		}
 		if historyData.CurHeigth < c.GetHeight() && historyData.NxtHeight >= c.GetHeight() {
 			return authority.Author.ReloadCert(&historyData)
 		}

--- a/plugin/dapp/cert/executor/exec_local.go
+++ b/plugin/dapp/cert/executor/exec_local.go
@@ -65,7 +65,11 @@ func (c *Cert) ExecLocal_Update(payload *ct.CertUpdate, tx *types.Transaction, r

 	// 证书更新
 	historityCertdata = &types.HistoryCertStore{}
-	authority.Author.ReloadCertByHeght(c.GetHeight())
+	err := authority.Author.ReloadCertByHeght(c.GetHeight())
+	if err != nil {
+		return nil, err
+	}
+
 	authority.Author.HistoryCertCache.ToHistoryCertStore(historityCertdata)
 	setKey := calcCertHeightKey(c.GetHeight())
 	set.KV = append(set.KV, &types.KeyValue{

--- a/plugin/dapp/pokerbull/commands/game.go
+++ b/plugin/dapp/pokerbull/commands/game.go
@@ -204,9 +204,7 @@ func pokerbullQuery(cmd *cobra.Command, args []string) {
 	gameID, _ := cmd.Flags().GetString("gameID")
 	address, _ := cmd.Flags().GetString("address")
 	statusStr, _ := cmd.Flags().GetString("status")
-	status, _ := strconv.ParseInt(statusStr, 10, 32)
 	indexstr, _ := cmd.Flags().GetString("index")
-	index, _ := strconv.ParseInt(indexstr, 10, 64)
 	gameIDs, _ := cmd.Flags().GetString("gameIDs")
 	round, _ := cmd.Flags().GetString("round")

@@ -215,13 +213,21 @@ func pokerbullQuery(cmd *cobra.Command, args []string) {
 	req := &pkt.QueryPBGameInfo{
 		GameId: gameID,
 		Addr:   address,
-		Status: int32(status),
-		Index:  index,
 	}
-	params.Payload = types.MustPBToJSON(req)
+	if indexstr != "" {
+		index, err := strconv.ParseInt(indexstr, 10, 64)
+		if err != nil {
+			fmt.Println(err)
+			cmd.Help()
+			return
+		}
+		req.Index = index
+	}
+
 	if gameID != "" {
 		if round == "" {
 			params.FuncName = pkt.FuncNameQueryGameByID
+			params.Payload = types.MustPBToJSON(req)
 			var res pkt.ReplyPBGame
 			ctx := jsonrpc.NewRPCCtx(rpcLaddr, "Chain33.Query", params, &res)
 			ctx.Run()
@@ -243,11 +249,20 @@ func pokerbullQuery(cmd *cobra.Command, args []string) {
 		}
 	} else if address != "" {
 		params.FuncName = pkt.FuncNameQueryGameByAddr
+		params.Payload = types.MustPBToJSON(req)
 		var res pkt.PBGameRecords
 		ctx := jsonrpc.NewRPCCtx(rpcLaddr, "Chain33.Query", params, &res)
 		ctx.Run()
 	} else if statusStr != "" {
+		status, err := strconv.ParseInt(statusStr, 10, 32)
+		if err != nil {
+			fmt.Println(err)
+			cmd.Help()
+			return
+		}
+		req.Status = int32(status)
 		params.FuncName = pkt.FuncNameQueryGameByStatus
+		params.Payload = types.MustPBToJSON(req)
 		var res pkt.PBGameRecords
 		ctx := jsonrpc.NewRPCCtx(rpcLaddr, "Chain33.Query", params, &res)
 		ctx.Run()

--- a/plugin/dapp/pokerbull/executor/pokerbulldb.go
+++ b/plugin/dapp/pokerbull/executor/pokerbulldb.go
@@ -163,11 +163,14 @@ func queryGameListByStatusAndPlayer(db dbm.Lister, stat int32, player int32, val
 	return gameIds, nil
 }

-func (action *Action) saveGame(game *pkt.PokerBull) (kvset []*types.KeyValue) {
+func (action *Action) saveGame(game *pkt.PokerBull) (kvset []*types.KeyValue, err error) {
 	value := types.Encode(game)
-	action.db.Set(Key(game.GetGameId()), value)
+	err = action.db.Set(Key(game.GetGameId()), value)
+	if err != nil {
+		return nil,err
+	}
 	kvset = append(kvset, &types.KeyValue{Key: Key(game.GameId), Value: value})
-	return kvset
+	return kvset, nil
 }

 func (action *Action) getIndex(game *pkt.PokerBull) int64 {
@@ -588,6 +591,13 @@ func (action *Action) GameStart(start *pkt.PBGameStart) (*types.Receipt, error) 
 	var kv []*types.KeyValue

 	logger.Info(fmt.Sprintf("Pokerbull game match for %s", action.fromaddr))
+	// 参数校验
+	if start.PlayerNum <= 0 || start.Value < 0 {
+		logger.Error("GameStart", "addr", action.fromaddr, "execaddr", action.execaddr,
+			"err", fmt.Sprintf("Invalid parameter"))
+		return nil, types.ErrInvalidParam
+	}
+
 	if start.PlayerNum > pkt.MaxPlayerNum {
 		logger.Error("GameStart", "addr", action.fromaddr, "execaddr", action.execaddr,
 			"err", fmt.Sprintf("The maximum player number is %d", pkt.MaxPlayerNum))
@@ -670,7 +680,12 @@ func (action *Action) GameStart(start *pkt.PBGameStart) (*types.Receipt, error) 
 	}
 	receiptLog := action.GetReceiptLog(game)
 	logs = append(logs, receiptLog)
-	kv = append(kv, action.saveGame(game)...)
+	gamekv,err := action.saveGame(game)
+	if err != nil {
+		logger.Error("GameStart", "addr", action.fromaddr, "execaddr", action.execaddr, "err", "save game to db failed")
+		return nil, err
+	}
+	kv = append(kv, gamekv...)

 	return &types.Receipt{Ty: types.ExecOk, KV: kv, Logs: logs}, nil
 }
@@ -777,32 +792,38 @@ func (action *Action) GameContinue(pbcontinue *pkt.PBGameContinue) (*types.Recei

 	receiptLog := action.GetReceiptLog(game)
 	logs = append(logs, receiptLog)
-	kv = append(kv, action.saveGame(game)...)
+	gamekv,err := action.saveGame(game)
+	if err != nil {
+		logger.Error("GameContinue", "GameID", pbcontinue.GetGameId(), "addr", action.fromaddr, "execaddr",
+			action.execaddr, "err", "save game to db failed")
+		return nil, err
+	}
+	kv = append(kv, gamekv...)

 	return &types.Receipt{Ty: types.ExecOk, KV: kv, Logs: logs}, nil
 }

 // GameQuit 退出游戏
-func (action *Action) GameQuit(pbend *pkt.PBGameQuit) (*types.Receipt, error) {
+func (action *Action) GameQuit(pbquit *pkt.PBGameQuit) (*types.Receipt, error) {
 	var logs []*types.ReceiptLog
 	var kv []*types.KeyValue

-	logger.Info(fmt.Sprintf("Quit pokerbull game %s", pbend.GameId))
-	game, err := action.readGame(pbend.GetGameId())
+	logger.Info(fmt.Sprintf("Quit pokerbull game %s", pbquit.GameId))
+	game, err := action.readGame(pbquit.GetGameId())
 	if err != nil {
-		logger.Error("GameEnd", "GameID", pbend.GetGameId(), "addr", action.fromaddr, "execaddr",
+		logger.Error("GameQuit", "GameID", pbquit.GetGameId(), "addr", action.fromaddr, "execaddr",
 			action.execaddr, "get game failed", "err", err)
 		return nil, err
 	}

 	if game.Status == pkt.PBGameActionQuit {
-		logger.Error("Quit pokerbull game", "GameID", pbend.GetGameId(), "value", game.Value, "err", "already game over")
+		logger.Error("Quit pokerbull game", "GameID", pbquit.GetGameId(), "value", game.Value, "err", "already game over")
 		return nil, fmt.Errorf("already game over")
 	}

 	if !action.checkPlayerAddressExist(game.Players) {
 		if action.fromaddr != pkt.PlatformSignAddress {
-			logger.Error("GameEnd", "GameID", pbend.GetGameId(), "addr", action.fromaddr, "execaddr",
+			logger.Error("GameQuit", "GameID", pbquit.GetGameId(), "addr", action.fromaddr, "execaddr",
 				action.execaddr, "err", "permission denied")
 			return nil, fmt.Errorf("permission denied")
 		}
@@ -814,7 +835,7 @@ func (action *Action) GameQuit(pbend *pkt.PBGameQuit) (*types.Receipt, error) {
 			for _, player := range game.Players {
 				receipt, err := action.coinsAccount.ExecActive(player.Address, action.execaddr, game.GetValue()*PokerbullLeverageMax)
 				if err != nil {
-					logger.Error("GameSettleDealer.ExecActive", "GameID", pbend.GetGameId(), "addr", player.Address,
+					logger.Error("GameSettleDealer.ExecActive", "GameID", pbquit.GetGameId(), "addr", player.Address,
 						"execaddr", action.execaddr, "amount", game.GetValue(), "err", err)
 					continue
 				}
@@ -829,7 +850,7 @@ func (action *Action) GameQuit(pbend *pkt.PBGameQuit) (*types.Receipt, error) {

 				receipt, err := action.coinsAccount.ExecActive(player.Address, action.execaddr, game.GetValue()*PokerbullLeverageMax)
 				if err != nil {
-					logger.Error("GameSettleDealer.ExecActive", "GameID", pbend.GetGameId(), "addr", player.Address,
+					logger.Error("GameSettleDealer.ExecActive", "GameID", pbquit.GetGameId(), "addr", player.Address,
 						"execaddr", action.execaddr, "amount", game.GetValue(), "err", err)
 					continue
 				}
@@ -848,7 +869,13 @@ func (action *Action) GameQuit(pbend *pkt.PBGameQuit) (*types.Receipt, error) {

 	receiptLog := action.GetReceiptLog(game)
 	logs = append(logs, receiptLog)
-	kv = append(kv, action.saveGame(game)...)
+	gamekv,err := action.saveGame(game)
+	if err != nil {
+		logger.Error("GameQuit", "GameID", pbquit.GetGameId(), "addr", action.fromaddr, "execaddr",
+			action.execaddr, "err", "save game to db failed")
+		return nil, err
+	}
+	kv = append(kv,gamekv...)
 	return &types.Receipt{Ty: types.ExecOk, KV: kv, Logs: logs}, nil
 }

@@ -865,6 +892,13 @@ func (action *Action) GamePlay(pbplay *pkt.PBGamePlay) (*types.Receipt, error) {
 		return nil, fmt.Errorf("game signing address not support")
 	}

+	// 参数校验
+	if pbplay.Round <= 0 || pbplay.Value <= 0 {
+		logger.Error("GameStart", "addr", action.fromaddr, "execaddr", action.execaddr,
+			"err", fmt.Sprintf("Invalid parameter"))
+		return nil, types.ErrInvalidParam
+	}
+
 	// 检查玩家人数
 	if len(pbplay.Address) < pkt.MinPlayerNum || len(pbplay.Address) > pkt.MaxPlayerNum {
 		logger.Error("Pokerbull game play", "GameID", pbplay.GetGameId(), "round", pbplay.Round, "value",
@@ -964,7 +998,13 @@ func (action *Action) GamePlay(pbplay *pkt.PBGamePlay) (*types.Receipt, error) {

 	receiptLog := action.GetReceiptLog(game)
 	logs = append(logs, receiptLog)
-	kv = append(kv, action.saveGame(game)...)
+	gamekv,err := action.saveGame(game)
+	if err != nil {
+		logger.Error("Pokerbull game play", "GameID", pbplay.GetGameId(), "round", pbplay.Round, "value",
+			pbplay.Value, "players", strings.Join(pbplay.Address, ","), "err", "save game to db failed")
+		return nil, err
+	}
+	kv = append(kv, gamekv...)

 	return &types.Receipt{Ty: types.ExecOk, KV: kv, Logs: logs}, nil
 }