add by hyb for issues334 gosec

854ce979 · heyubin · vipwzw · 10cf1647 · 854ce979 · 854ce979
Commit 854ce979 authored Feb 13, 2019 by heyubin Committed by vipwzw Feb 15, 2019
7 changed files
--- a/plugin/dapp/multisig/autotest/transferIn.go
+++ b/plugin/dapp/multisig/autotest/transferIn.go
@@ -66,8 +66,11 @@ func (pack *transferInPack) checkBalance(txInfo types.CheckHandlerParamType) boo
 	}

 	interCase := pack.TCase.(*transferInCase)
-	amount, _ := strconv.ParseFloat(interCase.Amount, 64)
-
+	amount, err := strconv.ParseFloat(interCase.Amount, 64)
+	if err != nil {
+		pack.FLog.Error("checkMultiSignTransferIn", "id", pack.PackID, "ParseFloat", err)
+		return false
+	}
 	return types.CheckBalanceDeltaWithAddr(fromLog, interCase.From, -amount) &&
 		types.CheckBalanceDeltaWithAddr(toLog, interCase.info.account, amount) &&
 		types.CheckFrozenDeltaWithAddr(frozenLog, interCase.info.account, amount) &&

--- a/plugin/dapp/multisig/autotest/transferOut.go
+++ b/plugin/dapp/multisig/autotest/transferOut.go
@@ -61,7 +61,11 @@ func (pack *transferOutPack) checkBalance(txInfo types.CheckHandlerParamType) bo

 	logLen := len(txInfo.Receipt.Logs)
 	var txLog map[string]interface{}
-	_ = json.Unmarshal(txInfo.Receipt.Logs[logLen-1].Log, &txLog)
+	err := json.Unmarshal(txInfo.Receipt.Logs[logLen-1].Log, &txLog)
+	if err != nil {
+		pack.FLog.Error("checkMultiSignTransferOut", "id", pack.PackID, "Unmarshal", err)
+		return false
+	}
 	pack.txID = txLog["multiSigTxOwner"].(map[string]interface{})["txid"].(string)
 	if logLen < 6 {
 		//need confirm
@@ -75,13 +79,16 @@ func (pack *transferOutPack) checkBalance(txInfo types.CheckHandlerParamType) bo
 	err2 := json.Unmarshal(txInfo.Receipt.Logs[2].Log, &toLog)

 	if err1 != nil || err2 != nil {
-		pack.FLog.Error("checkMultiSignTransferOut", "id", pack.PackID, "unmarshalErr1", err1, "unmarshalErr2")
+		pack.FLog.Error("checkMultiSignTransferOut", "id", pack.PackID, "unmarshalErr1", err1, "unmarshalErr2", err2)
 		return false
 	}

 	interCase := pack.TCase.(*transferOutCase)
-	amount, _ := strconv.ParseFloat(interCase.Amount, 64)
-
+	amount, err3 := strconv.ParseFloat(interCase.Amount, 64)
+	if err3 != nil {
+		pack.FLog.Error("checkMultiSignTransferOut", "id", pack.PackID, "ParseFloat", err3)
+		return false
+	}
 	return types.CheckFrozenDeltaWithAddr(fromLog, interCase.info.account, -amount) &&
 		types.CheckBalanceDeltaWithAddr(toLog, interCase.To, amount)
 }
--- a/plugin/dapp/multisig/commands/multisig.go
+++ b/plugin/dapp/multisig/commands/multisig.go
--- a/plugin/dapp/multisig/executor/action.go
+++ b/plugin/dapp/multisig/executor/action.go
@@ -212,8 +212,8 @@ func (a *action) MultiSigExecTransferFrom(multiSigAccTransfer *mty.MultiSigExecT
 	}

 	// to 地址必须不是多重签名账户地址
-	multiSigAccTo, _ := getMultiSigAccFromDb(a.db, multiSigAccTransfer.To)
-	if multiSigAccTo != nil {
+	multiSigAccTo, err := getMultiSigAccFromDb(a.db, multiSigAccTransfer.To)
+	if multiSigAccTo != nil && err == nil {
 		multisiglog.Error("MultiSigExecTransferFrom", "multiSigAccTo", multiSigAccTo, "ToAddr", multiSigAccTransfer.To)
 		return nil, mty.ErrAddrNotSupport
 	}
@@ -250,19 +250,19 @@ func (a *action) MultiSigExecTransferFrom(multiSigAccTransfer *mty.MultiSigExecT
 func (a *action) MultiSigExecTransferTo(execTransfer *mty.MultiSigExecTransferTo) (*types.Receipt, error) {

 	//from地址校验必须不是多重签名账户地址
-	multiSigAccFrom, _ := getMultiSigAccFromDb(a.db, a.fromaddr)
-	if multiSigAccFrom != nil {
+	multiSigAccFrom, err := getMultiSigAccFromDb(a.db, a.fromaddr)
+	if multiSigAccFrom != nil && err == nil {
 		multisiglog.Error("MultiSigExecTransferTo", "multiSigAccFrom", multiSigAccFrom, "From", a.fromaddr)
 		return nil, mty.ErrAddrNotSupport
 	}
 	// to 地址必须是多重签名账户地址
-	multiSigAccTo, _ := getMultiSigAccFromDb(a.db, execTransfer.To)
-	if multiSigAccTo == nil {
+	multiSigAccTo, err := getMultiSigAccFromDb(a.db, execTransfer.To)
+	if multiSigAccTo == nil || err != nil {
 		multisiglog.Error("MultiSigExecTransferTo", "ToAddr", execTransfer.To)
 		return nil, mty.ErrAddrNotSupport
 	}
 	//assete资产合法性校验
-	err := mty.IsAssetsInvalid(execTransfer.Execname, execTransfer.Symbol)
+	err = mty.IsAssetsInvalid(execTransfer.Execname, execTransfer.Symbol)
 	if err != nil {
 		return nil, err
 	}

--- a/plugin/dapp/multisig/executor/multisigdb.go
+++ b/plugin/dapp/multisig/executor/multisigdb.go
@@ -39,10 +39,10 @@ func setMultiSigAccToDb(db dbm.KV, multiSigAcc *mty.MultiSig) ([]byte, []byte) {
 	value := types.Encode(multiSigAcc)

 	//即时保存到db中，方便同一个区块的下一个交易使用
-	db.Set(key, value)
-	//test
-	multisiglog.Info("setMultiSigAccToDb", "multiSigAcc", multiSigAcc)
-
+	err := db.Set(key, value)
+	if err != nil {
+		multisiglog.Error("setMultiSigAccToDb", "multiSigAcc", multiSigAcc, "err", err)
+	}
 	return key, value
 }

@@ -71,10 +71,10 @@ func getMultiSigAccTxFromDb(db dbm.KV, multiSigAddr string, txid uint64) (*mty.M
 func setMultiSigAccTxToDb(db dbm.KV, multiSigTx *mty.MultiSigTx) ([]byte, []byte) {
 	key := calcMultiSigAccTxKey(multiSigTx.MultiSigAddr, multiSigTx.Txid)
 	value := types.Encode(multiSigTx)
-	db.Set(key, value)
-
-	//test
-	multisiglog.Info("setMultiSigAccTxToDb", "multiSigTx", multiSigTx)
+	err := db.Set(key, value)
+	if err != nil {
+		multisiglog.Error("setMultiSigAccTxToDb", "multiSigTx", multiSigTx, "err", err)
+	}
 	return key, value
 }

@@ -127,7 +127,10 @@ func updateMultiSigAccCount(cachedb dbm.KVDB, isadd bool) (*types.KeyValue, erro
 		}
 		count--
 	}
-	setMultiSigAccCount(cachedb, count)
+	err = setMultiSigAccCount(cachedb, count)
+	if err != nil {
+		multisiglog.Error("updateMultiSigAccCount:setMultiSigAccCount ", "count", count, "err", err)
+	}
 	//keyvalue
 	return getMultiSigAccCountKV(count), nil
 }
@@ -188,12 +191,18 @@ func updateMultiSigAccList(db dbm.KVDB, addr string, index int64, isadd bool) (*
 	}

 	if isadd { //新增
-		db.Set(calcMultiSigAllAcc(index), []byte(addr))
+		err = db.Set(calcMultiSigAllAcc(index), []byte(addr))
+		if err != nil {
+			multisiglog.Error("UpdateMultiSigAccList add", "addr", addr, "index", index, "err", err)
+		}
 		kv := &types.KeyValue{Key: calcMultiSigAllAcc(index), Value: []byte(addr)}
 		return kv, nil
 	}
 	// 删除
-	db.Set(calcMultiSigAllAcc(index), nil)
+	err = db.Set(calcMultiSigAllAcc(index), nil)
+	if err != nil {
+		multisiglog.Error("UpdateMultiSigAccList del", "addr", addr, "index", index, "err", err)
+	}
 	kv := &types.KeyValue{Key: calcMultiSigAllAcc(index), Value: nil}
 	return kv, nil
 }
@@ -263,7 +272,10 @@ func updateAddrReciver(cachedb dbm.KVDB, addr, execname, symbol string, amount i
 	} else {
 		recv -= amount
 	}
-	setAddrReciver(cachedb, addr, execname, symbol, recv)
+	err = setAddrReciver(cachedb, addr, execname, symbol, recv)
+	if err != nil {
+		multisiglog.Error("updateAddrReciver setAddrReciver", "addr", addr, "execname", execname, "symbol", symbol, "err", err)
+	}
 	//keyvalue
 	return getAddrReciverKV(addr, execname, symbol, recv), nil
 }
@@ -350,7 +362,10 @@ func setMultiSigAddress(db dbm.KVDB, createAddr, multiSigAddr string, isadd bool
 	key := calcMultiSigAccCreateAddr(createAddr)
 	value := types.Encode(accAddress)

-	db.Set(key, value)
+	err = db.Set(key, value)
+	if err != nil {
+		multisiglog.Error("setMultiSigAddress", "key", string(key), "err", err)
+	}
 	return &types.KeyValue{Key: key, Value: value}
 }


--- a/plugin/dapp/multisig/executor/query.go
+++ b/plugin/dapp/multisig/executor/query.go
@@ -340,7 +340,10 @@ func (m *MultiSig) Query_MultiSigAccAssets(in *mty.ReqAccAssets) (types.Message,
 					continue
 				}
 				accAssets := &mty.AccAssets{}
-				account, _ := m.getMultiSigAccAssets(reciver.MultiSigAddr, reciver.Assets)
+				account, err := m.getMultiSigAccAssets(reciver.MultiSigAddr, reciver.Assets)
+				if err != nil {
+					multisiglog.Error("Query_MultiSigAccAssets:getMultiSigAccAssets", "MultiSigAddr", reciver.MultiSigAddr, "err", err)
+				}
 				accAssets.Account = account
 				accAssets.Assets = reciver.Assets
 				accAssets.RecvAmount = reciver.Amount
@@ -355,11 +358,17 @@ func (m *MultiSig) Query_MultiSigAccAssets(in *mty.ReqAccAssets) (types.Message,
 		if err != nil {
 			return nil, err
 		}
-		account, _ := m.getMultiSigAccAssets(in.MultiSigAddr, in.Assets)
+		account, err := m.getMultiSigAccAssets(in.MultiSigAddr, in.Assets)
+		if err != nil {
+			multisiglog.Error("Query_MultiSigAccAssets:getMultiSigAccAssets", "MultiSigAddr", in.MultiSigAddr, "err", err)
+		}
 		accAssets.Account = account
 		accAssets.Assets = in.Assets

-		amount, _ := getAddrReciver(m.GetLocalDB(), in.MultiSigAddr, in.Assets.Execer, in.Assets.Symbol)
+		amount, err := getAddrReciver(m.GetLocalDB(), in.MultiSigAddr, in.Assets.Execer, in.Assets.Symbol)
+		if err != nil {
+			multisiglog.Error("Query_MultiSigAccAssets:getAddrReciver", "MultiSigAddr", in.MultiSigAddr, "err", err)
+		}
 		accAssets.RecvAmount = amount

 		replyAccAssets.AccAssets = append(replyAccAssets.AccAssets, accAssets)

--- a/plugin/dapp/multisig/wallet/multisig.go
+++ b/plugin/dapp/multisig/wallet/multisig.go
@@ -492,7 +492,10 @@ func (policy *multisigPolicy) proceMultiSigAcc(multiSigAccs *mtypes.ReplyMultiSi
 				} else if ownerAttrs != nil {
 					AddOwnerAttr(false, ownerAttrs, ownerAttr, newbatch)
 				}
-				newbatch.Write()
+				err = newbatch.Write()
+				if err != nil {
+					bizlog.Error("ProceMultiSigAcc Write", "owneraddr", owneraddr, "err", err)
+				}
 				break
 			}
 		}
@@ -501,7 +504,10 @@ func (policy *multisigPolicy) proceMultiSigAcc(multiSigAccs *mtypes.ReplyMultiSi

 func (policy *multisigPolicy) proceWalletTxDetail(block *types.BlockDetail, tx *types.Transaction, index int32) *types.WalletTxDetail {
 	receipt := block.Receipts[index]
-	amount, _ := tx.Amount()
+	amount, err := tx.Amount()
+	if err != nil {
+		bizlog.Error("proceWalletTxDetail:tx.Amount()", "err", err)
+	}
 	wtxdetail := &types.WalletTxDetail{
 		Tx:         tx,
 		Height:     block.Block.Height,