fix gosec issue in tendermint

ccfe557f · caopingcp · vipwzw · 345465a6 · ccfe557f · ccfe557f
Commit ccfe557f authored Jan 30, 2019 by caopingcp Committed by vipwzw Jan 30, 2019
9 changed files
--- a/plugin/consensus/tendermint/consensus_state.go
+++ b/plugin/consensus/tendermint/consensus_state.go
@@ -598,7 +598,11 @@ func (cs *ConsensusState) proposalHeartbeat(height int64, round int) {
 			ValidatorIndex:   int32(valIndex),
 		}
 		heartbeatMsg := &ttypes.Heartbeat{Heartbeat: heartbeat}
-		cs.privValidator.SignHeartbeat(chainID, heartbeatMsg)
+		err := cs.privValidator.SignHeartbeat(chainID, heartbeatMsg)
+		if err != nil {
+			tendermintlog.Error("SignHeartbeat failed", "err", err)
+			continue
+		}
 		cs.broadcastChannel <- MsgInfo{TypeID: ttypes.ProposalHeartbeatID, Msg: heartbeat, PeerID: cs.ourID, PeerIP: ""}
 		cs.broadcastChannel <- MsgInfo{TypeID: ttypes.NewRoundStepID, Msg: rs.RoundStateMessage(), PeerID: cs.ourID, PeerIP: ""}
 		counter++
@@ -1241,7 +1245,7 @@ func (cs *ConsensusState) tryAddVote(voteRaw *tmtypes.Vote, peerID string, peerI
 				tendermintlog.Error("Found conflicting vote from ourselves. Did you unsafe_reset a validator?", "height", vote.Height, "round", vote.Round, "type", vote.Type)
 				return err
 			}
-			cs.evpool.AddEvidence(voteErr.DuplicateVoteEvidence)
+			err = cs.evpool.AddEvidence(voteErr.DuplicateVoteEvidence)
 			return err
 		} else {
 			// Probably an invalid signature / Bad peer.

--- a/plugin/consensus/tendermint/evidence.go
+++ b/plugin/consensus/tendermint/evidence.go
@@ -175,13 +175,22 @@ func (store *EvidenceStore) AddNewEvidence(evidence ttypes.Evidence, priority in

 	// add it to the store
 	key := keyOutqueue(evidence, priority)
-	store.db.Set(key, eiBytes)
+	if err = store.db.Set(key, eiBytes); err != nil {
+		fmt.Printf("AddNewEvidence Set failed:%v\n", err)
+		return false
+	}

 	key = keyPending(evidence)
-	store.db.Set(key, eiBytes)
+	if err = store.db.Set(key, eiBytes); err != nil {
+		fmt.Printf("AddNewEvidence Set failed:%v\n", err)
+		return false
+	}

 	key = keyLookup(evidence)
-	store.db.SetSync(key, eiBytes)
+	if err = store.db.SetSync(key, eiBytes); err != nil {
+		fmt.Printf("AddNewEvidence SetSync failed:%v\n", err)
+		return false
+	}

 	return true
 }
@@ -190,7 +199,9 @@ func (store *EvidenceStore) AddNewEvidence(evidence ttypes.Evidence, priority in
 func (store *EvidenceStore) MarkEvidenceAsBroadcasted(evidence ttypes.Evidence) {
 	ei := store.getEvidenceInfo(evidence)
 	key := keyOutqueue(evidence, ei.Priority)
-	store.db.Delete(key)
+	if err := store.db.Delete(key); err != nil {
+		fmt.Printf("MarkEvidenceAsBroadcasted Delete failed:%v", err)
+	}
 }

 // MarkEvidenceAsCommitted removes evidence from pending and outqueue and sets the state to committed.
@@ -199,7 +210,9 @@ func (store *EvidenceStore) MarkEvidenceAsCommitted(evidence ttypes.Evidence) {
 	store.MarkEvidenceAsBroadcasted(evidence)

 	pendingKey := keyPending(evidence)
-	store.db.Delete(pendingKey)
+	if err := store.db.Delete(pendingKey); err != nil {
+		fmt.Printf("MarkEvidenceAsCommitted Delete failed:%v", err)
+	}

 	ei := store.getEvidenceInfo(evidence)
 	ei.Committed = true
@@ -209,7 +222,9 @@ func (store *EvidenceStore) MarkEvidenceAsCommitted(evidence ttypes.Evidence) {
 	if err != nil {
 		fmt.Printf("MarkEvidenceAsCommitted marshal failed:%v", err)
 	}
-	store.db.SetSync(lookupKey, eiBytes)
+	if err = store.db.SetSync(lookupKey, eiBytes); err != nil {
+		fmt.Printf("MarkEvidenceAsCommitted SetSync failed:%v", err)
+	}
 }

 //---------------------------------------------------
@@ -338,7 +353,7 @@ func (evpool *EvidencePool) Update(block *ttypes.TendermintBlock) {

 // AddEvidence checks the evidence is valid and adds it to the pool.
 // Blocks on the EvidenceChan.
-func (evpool *EvidencePool) AddEvidence(evidence ttypes.Evidence) (err error) {
+func (evpool *EvidencePool) AddEvidence(evidence ttypes.Evidence) error {

 	// TODO: check if we already have evidence for this
 	// validator at this height so we dont get spammed
@@ -349,14 +364,17 @@ func (evpool *EvidencePool) AddEvidence(evidence ttypes.Evidence) (err error) {

 	// fetch the validator and return its voting power as its priority
 	// TODO: something better ?
-	valset, _ := evpool.stateDB.LoadValidators(evidence.Height())
+	valset, err := evpool.stateDB.LoadValidators(evidence.Height())
+	if err != nil {
+		return err
+	}
 	_, val := valset.GetByAddress(evidence.Address())
 	priority := val.VotingPower

 	added := evpool.evidenceStore.AddNewEvidence(evidence, priority)
 	if !added {
 		// evidence already known, just ignore
-		return
+		return nil
 	}

 	tendermintlog.Info("Verified new evidence of byzantine behaviour", "evidence", evidence)

--- a/plugin/consensus/tendermint/node.go
+++ b/plugin/consensus/tendermint/node.go
@@ -250,7 +250,10 @@ func (node *Node) addOutboundPeerWithConfig(addr string) error {
 // Stop ...
 func (node *Node) Stop() {
 	atomic.CompareAndSwapUint32(&node.stopped, 0, 1)
-	node.listener.Close()
+	err := node.listener.Close()
+	if err != nil {
+		tendermintlog.Error("Close listener failed", "err", err)
+	}
 	if node.quit != nil {
 		close(node.quit)
 	}
@@ -412,7 +415,9 @@ func (node *Node) StopPeerForError(peer Peer, reason interface{}) {
 func (node *Node) addInboundPeer(conn net.Conn) error {
 	peerConn, err := newInboundPeerConn(conn, node.privKey, node.StopPeerForError, node.state, node.evpool)
 	if err != nil {
-		conn.Close()
+		if er := conn.Close(); er != nil {
+			tendermintlog.Error("addInboundPeer close conn failed", "er", er)
+		}
 		return err
 	}
 	if err = node.addPeer(peerConn); err != nil {

--- a/plugin/consensus/tendermint/peer_set.go
+++ b/plugin/consensus/tendermint/peer_set.go
@@ -264,7 +264,10 @@ func (pc *peerConn) SetTransferChannel(transferChannel chan MsgInfo) {
 }

 func (pc *peerConn) CloseConn() {
-	pc.conn.Close() // nolint: errcheck
+	err := pc.conn.Close() // nolint: errcheck
+	if err != nil {
+		tendermintlog.Error("peerConn CloseConn failed", "err", err)
+	}
 }

 func (pc *peerConn) HandshakeTimeout(
@@ -479,7 +482,12 @@ FOR_LOOP:
 				pc.stopForError(err)
 				break FOR_LOOP
 			}
-			pc.bufWriter.Flush()
+			err = pc.bufWriter.Flush()
+			if err != nil {
+				tendermintlog.Error("peerConn sendroutine flush buffer failed", "error", err)
+				pc.stopForError(err)
+				break FOR_LOOP
+			}
 		case _, ok := <-pc.pongChannel:
 			if ok {
 				tendermintlog.Debug("Send Pong")

--- a/plugin/consensus/tendermint/secret_connection.go
+++ b/plugin/consensus/tendermint/secret_connection.go
@@ -326,7 +326,10 @@ func shareAuthSignature(sc io.ReadWriter, pubKey crypto.PubKey, signature crypto
 // sha256
 func hash32(input []byte) (res *[32]byte) {
 	hasher := sha256.New()
-	hasher.Write(input) // nolint: errcheck, gas
+	_, err := hasher.Write(input) // nolint: errcheck, gas
+	if err != nil {
+		panic(err)
+	}
 	resSlice := hasher.Sum(nil)
 	res = new([32]byte)
 	copy(res[:], resSlice)
@@ -336,7 +339,10 @@ func hash32(input []byte) (res *[32]byte) {
 // We only fill in the first 20 bytes with ripemd160
 func hash24(input []byte) (res *[24]byte) {
 	hasher := ripemd160.New()
-	hasher.Write(input) // nolint: errcheck, gas
+	_, err := hasher.Write(input) // nolint: errcheck, gas
+	if err != nil {
+		panic(err)
+	}
 	resSlice := hasher.Sum(nil)
 	res = new([24]byte)
 	copy(res[:], resSlice)

--- a/plugin/consensus/tendermint/tendermint.go
+++ b/plugin/consensus/tendermint/tendermint.go
@@ -482,12 +482,16 @@ func (client *Client) QueryValidatorsByHeight(height int64) (*tmtypes.ValNodes, 
 	req := &tmtypes.ReqNodeInfo{Height: height}
 	param, err := proto.Marshal(req)
 	if err != nil {
-		tendermintlog.Error("QueryValidatorsByHeight", "err", err)
+		tendermintlog.Error("QueryValidatorsByHeight marshal", "err", err)
 		return nil, types.ErrInvalidParam
 	}
 	msg := client.GetQueueClient().NewMessage("execs", types.EventBlockChainQuery,
 		&types.ChainExecutor{Driver: "valnode", FuncName: "GetValNodeByHeight", StateHash: zeroHash[:], Param: param})
-	client.GetQueueClient().Send(msg, true)
+	err = client.GetQueueClient().Send(msg, true)
+	if err != nil {
+		tendermintlog.Error("QueryValidatorsByHeight send", "err", err)
+		return nil, err
+	}
 	msg, err = client.GetQueueClient().Wait(msg)
 	if err != nil {
 		return nil, err
@@ -503,12 +507,16 @@ func (client *Client) QueryBlockInfoByHeight(height int64) (*tmtypes.TendermintB
 	req := &tmtypes.ReqBlockInfo{Height: height}
 	param, err := proto.Marshal(req)
 	if err != nil {
-		tendermintlog.Error("QueryBlockInfoByHeight", "err", err)
+		tendermintlog.Error("QueryBlockInfoByHeight marshal", "err", err)
 		return nil, types.ErrInvalidParam
 	}
 	msg := client.GetQueueClient().NewMessage("execs", types.EventBlockChainQuery,
 		&types.ChainExecutor{Driver: "valnode", FuncName: "GetBlockInfoByHeight", StateHash: zeroHash[:], Param: param})
-	client.GetQueueClient().Send(msg, true)
+	err = client.GetQueueClient().Send(msg, true)
+	if err != nil {
+		tendermintlog.Error("QueryBlockInfoByHeight send", "err", err)
+		return nil, err
+	}
 	msg, err = client.GetQueueClient().Wait(msg)
 	if err != nil {
 		return nil, err

--- a/plugin/consensus/tendermint/types/priv_validator.go
+++ b/plugin/consensus/tendermint/types/priv_validator.go
@@ -500,8 +500,14 @@ func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) bool {
 	now := CanonicalTime(time.Now())
 	lastVote.Vote.Timestamp = now
 	newVote.Vote.Timestamp = now
-	lastVoteBytes, _ := json.Marshal(lastVote)
-	newVoteBytes, _ := json.Marshal(newVote)
+	lastVoteBytes, err := json.Marshal(lastVote)
+	if err != nil {
+		panic(Fmt("Marshal lastVoteBytes failed: %v", err))
+	}
+	newVoteBytes, err := json.Marshal(newVote)
+	if err != nil {
+		panic(Fmt("Marshal newVoteBytes failed: %v", err))
+	}

 	return bytes.Equal(newVoteBytes, lastVoteBytes)
 }
@@ -520,8 +526,14 @@ func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) boo
 	now := CanonicalTime(time.Now())
 	lastProposal.Proposal.Timestamp = now
 	newProposal.Proposal.Timestamp = now
-	lastProposalBytes, _ := json.Marshal(lastProposal)
-	newProposalBytes, _ := json.Marshal(newProposal)
+	lastProposalBytes, err := json.Marshal(lastProposal)
+	if err != nil {
+		panic(Fmt("Marshal lastProposalBytes failed: %v", err))
+	}
+	newProposalBytes, err := json.Marshal(newProposal)
+	if err != nil {
+		panic(Fmt("Marshal newProposalBytes failed: %v", err))
+	}

 	return bytes.Equal(newProposalBytes, lastProposalBytes)
 }
--- a/plugin/consensus/tendermint/types/pvfile.go
+++ b/plugin/consensus/tendermint/types/pvfile.go
@@ -99,7 +99,11 @@ func createFiles(cmd *cobra.Command, args []string) {
 	}

 	num, _ := cmd.Flags().GetString("num")
-	n, _ := strconv.Atoi(num)
+	n, err := strconv.Atoi(num)
+	if err != nil {
+		tendermintlog.Error("num parameter is not valid digit")
+		return
+	}
 	for i := 0; i < n; i++ {
 		// create private validator file
 		pvFileName := pvFile + strconv.Itoa(i) + ".json"

--- a/plugin/consensus/tendermint/types/util.go
+++ b/plugin/consensus/tendermint/types/util.go
@@ -70,7 +70,9 @@ func WriteFileAtomic(filePath string, newBytes []byte, mode os.FileMode) error {
 	}
 	// any err should result in full cleanup
 	if err != nil {
-		os.Remove(f.Name())
+		if er := os.Remove(f.Name()); er != nil {
+			fmt.Printf("WriteFileAtomic Remove failed:%v", er)
+		}
 	}
 	return err
 }