build: fix new gosec linter

gbotrel · gbotrel · commit fe7f39dcafb4 · 2024-08-27T09:48:15.000-05:00
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -32,7 +32,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
-          version: v1.54
+          version: v1.60
           args: -v --timeout=5m
           skip-pkg-cache: true
   
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -35,7 +35,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
-          version: v1.54
+          version: v1.60
           args: -v --timeout=5m
           skip-pkg-cache: true
   
diff --git a/ecc/bls12-377/fr/sis/sis_test.go b/ecc/bls12-377/fr/sis/sis_test.go
@@ -404,7 +404,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {
 	}
 	sum := r.Sum(nil)
 	var rlen [4]byte
-	binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))
+	binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here
 	reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))
 	var result fr.Vector
 	_, err := result.ReadFrom(reader)
diff --git a/ecc/bn254/fr/sis/sis_test.go b/ecc/bn254/fr/sis/sis_test.go
@@ -368,7 +368,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {
 	}
 	sum := r.Sum(nil)
 	var rlen [4]byte
-	binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))
+	binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here
 	reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))
 	var result fr.Vector
 	_, err := result.ReadFrom(reader)
diff --git a/ecc/bn254/fr/tensor-commitment/commitment.go b/ecc/bn254/fr/tensor-commitment/commitment.go
@@ -134,7 +134,7 @@ func NewTCParams(codeRate, NbColumns, NbRows int, makeHash func() hash.Hash) (*T
 	res.Domains[1] = fft.NewDomain(uint64(codeRate * NbColumns))
 
 	// size of the matrix
-	res.NbColumns = int(res.Domains[0].Cardinality)
+	res.NbColumns = int(res.Domains[0].Cardinality) // #nosec G115 not overflow territory here
 	res.NbRows = NbRows
 
 	// rate
@@ -285,7 +285,8 @@ func (tc *TensorCommitment) Commit() (Digest, error) {
 	// now we hash each columns of _p
 	res := make([][]byte, tc.params.Domains[1].Cardinality)
 
-	parallel.Execute(int(tc.params.Domains[1].Cardinality), func(start, stop int) {
+	cardinality := int(tc.params.Domains[1].Cardinality) // #nosec G115 not overflow territory here
+	parallel.Execute(cardinality, func(start, stop int) {
 		hasher := tc.params.MakeHash()
 		for i := start; i < stop; i++ {
 			hasher.Reset()
diff --git a/ecc/stark-curve/hash_to_g1.go b/ecc/stark-curve/hash_to_g1.go
@@ -93,7 +93,8 @@ func MapToCurve1(u *fp.Element) G1Affine {
 	signsNotEqual := g1Sgn0(u) ^ g1Sgn0(&y) //    34.  e3 = sgn0(u) == sgn0(y)
 
 	tv1.Neg(&y)
-	y.Select(int(signsNotEqual), &y, &tv1) //    35.   y = CMOV(-y, y, e3)       # Select correct sign of y
+	//  35.   y = CMOV(-y, y, e3)       # Select correct sign of y
+	y.Select(int(signsNotEqual), &y, &tv1) // #nosec G115 not overflow territory here
 	return G1Affine{x, y}
 }
 
diff --git a/ecc/stark-curve/marshal.go b/ecc/stark-curve/marshal.go
@@ -330,7 +330,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
 		return
 	case []fr.Element:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
@@ -347,7 +347,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
 		return nil
 	case []fp.Element:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
@@ -365,7 +365,7 @@ func (enc *Encoder) encode(v interface{}) (err error) {
 
 	case []G1Affine:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
@@ -420,7 +420,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
 		return
 	case []fr.Element:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
@@ -437,7 +437,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
 		return nil
 	case []fp.Element:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
@@ -455,7 +455,7 @@ func (enc *Encoder) encodeRaw(v interface{}) (err error) {
 
 	case []G1Affine:
 		// write slice length
-		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t)))
+		err = binary.Write(enc.w, binary.BigEndian, uint32(len(t))) // #nosec G115 not overflow territory here
 		if err != nil {
 			return
 		}
diff --git a/field/generator/config/field_config.go b/field/generator/config/field_config.go
@@ -415,7 +415,7 @@ func (f *FieldConfig) WriteElement(element Element) string {
 	var subElementNames string
 	if length > 1 {
 		builder.WriteString("\n")
-		subElementNames = CoordNameForExtensionDegree(uint8(length))
+		subElementNames = CoordNameForExtensionDegree(uint8(length)) // #nosec G115 not overflow territory here
 	}
 	for i, e := range element {
 		if length > 1 {
diff --git a/field/hash/hashutils.go b/field/hash/hashutils.go
@@ -18,7 +18,7 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
 	if len(dst) > 255 {
 		return nil, errors.New("invalid domain size (>255 bytes)")
 	}
-	sizeDomain := uint8(len(dst))
+	sizeDomain := uint8(len(dst)) // #nosec G115 not overflow territory here, checked above
 
 	// Z_pad = I2OSP(0, r_in_bytes)
 	// l_i_b_str = I2OSP(len_in_bytes, 2)
@@ -31,7 +31,9 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
 	if _, err := h.Write(msg); err != nil {
 		return nil, err
 	}
-	if _, err := h.Write([]byte{uint8(lenInBytes >> 8), uint8(lenInBytes), uint8(0)}); err != nil {
+	s := uint8(lenInBytes >> 8) // #nosec G115 not overflow territory here
+	b := uint8(lenInBytes)      // #nosec G115 not overflow territory here
+	if _, err := h.Write([]byte{s, b, 0}); err != nil {
 		return nil, err
 	}
 	if _, err := h.Write(dst); err != nil {
@@ -71,7 +73,8 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {
 		if _, err := h.Write(strxor); err != nil {
 			return nil, err
 		}
-		if _, err := h.Write([]byte{uint8(i)}); err != nil {
+		bi := uint8(i) // #nosec G115 not overflow territory here
+		if _, err := h.Write([]byte{bi}); err != nil {
 			return nil, err
 		}
 		if _, err := h.Write(dst); err != nil {
diff --git a/internal/generator/config/hash_to_curve.go b/internal/generator/config/hash_to_curve.go
@@ -77,7 +77,7 @@ func (parameters *HashSuiteSvdw) GetInfo(baseField *field.FieldConfig, g *Point,
 func (suite *HashSuiteSswu) GetInfo(baseField *field.FieldConfig, g *Point, name string) HashSuiteInfo {
 
 	f := field.NewTower(baseField, g.CoordExtDegree, g.CoordExtRoot)
-	fieldSizeMod256 := uint8(f.Size.Bits()[0])
+	fieldSizeMod256 := uint8(f.Size.Bits()[0]) // #nosec G115 false positive
 
 	Z := toBigIntSlice(suite.Z)
 	var c []field.Element
diff --git a/utils/unsafe/dump_slice.go b/utils/unsafe/dump_slice.go
@@ -15,7 +15,7 @@ import (
 // (e.g. 32 vs 64 bit, big endian vs little endian).
 func WriteSlice[S ~[]E, E any](w io.Writer, s S) error {
 	var e E
-	size := int(unsafe.Sizeof(e))
+	size := int(unsafe.Sizeof(e)) // #nosec G115 not overflow territory here
 	if err := binary.Write(w, binary.LittleEndian, uint64(len(s))); err != nil {
 		return err
 	}
@@ -43,9 +43,10 @@ func ReadSlice[S ~[]E, E any](r io.Reader, maxElements ...int) (s S, read int, e
 	length := binary.LittleEndian.Uint64(buf[:])
 
 	var e E
-	size := int(unsafe.Sizeof(e))
+	size := int(unsafe.Sizeof(e)) // #nosec G115 not overflow territory here
 	limit := length
-	if len(maxElements) == 1 && maxElements[0] > 0 && int(length) > maxElements[0] {
+	iLength := int(length) // #nosec G115 safe to ignore
+	if len(maxElements) == 1 && maxElements[0] > 0 && iLength > maxElements[0] {
 		limit = uint64(maxElements[0])
 	}
 
@@ -57,16 +58,16 @@ func ReadSlice[S ~[]E, E any](r io.Reader, maxElements ...int) (s S, read int, e
 
 	// directly read the bytes from reader into the target memory area
 	// (slice data)
-	data := unsafe.Slice((*byte)(unsafe.Pointer(&toReturn[0])), size*int(limit))
+	data := unsafe.Slice((*byte)(unsafe.Pointer(&toReturn[0])), size*int(limit)) // #nosec G115 safe to ignore
 	if _, err := io.ReadFull(r, data); err != nil {
 		return nil, read, err
 	}
 
-	read += size * int(limit)
+	read += size * int(limit) // #nosec G115 safe to ignore
 
 	// advance the reader if we had more elements than we wanted
 	if length > limit {
-		advance := int(length-limit) * size
+		advance := int(length-limit) * size // #nosec G115 not overflow territory here
 		if _, err := io.CopyN(io.Discard, r, int64(advance)); err != nil {
 			return nil, read, err
 		}
@@ -82,7 +83,7 @@ const marker uint64 = 0xdeadbeef
 // This is used to ensure that the dump was written on the same architecture.
 func WriteMarker(w io.Writer) error {
 	marker := marker
-	_, err := w.Write(unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8))
+	_, err := w.Write(unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8)) // #nosec G115 unsafe, but we know it.
 	return err
 }
 
@@ -94,7 +95,7 @@ func ReadMarker(r io.Reader) error {
 		return err
 	}
 	marker := marker
-	d := unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8)
+	d := unsafe.Slice((*byte)(unsafe.Pointer(&marker)), 8) // #nosec G115 unsafe, but we know it.
 	if !bytes.Equal(d, buf[:]) {
 		return errors.New("marker mismatch: dump was not written on the same architecture")
 	}

Original file line number	Diff line number	Diff line change
`@@ -404,7 +404,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {`
`404`	`404`	`}`
`405`	`405`	`sum := r.Sum(nil)`
`406`	`406`	`var rlen [4]byte`
`407`		`- binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))`
	`407`	`+ binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here`
`408`	`408`	`reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))`
`409`	`409`	`var result fr.Vector`
`410`	`410`	`_, err := result.ReadFrom(reader)`
Original file line number	Diff line number	Diff line change
`@@ -368,7 +368,7 @@ func (r *RSis) Hash(v []fr.Element) ([]fr.Element, error) {`
`368`	`368`	`}`
`369`	`369`	`sum := r.Sum(nil)`
`370`	`370`	`var rlen [4]byte`
`371`		`- binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes))`
	`371`	`+ binary.BigEndian.PutUint32(rlen[:], uint32(len(sum)/fr.Bytes)) // #nosec G115 not overflow territory here`
`372`	`372`	`reader := io.MultiReader(bytes.NewReader(rlen[:]), bytes.NewReader(sum))`
`373`	`373`	`var result fr.Vector`
`374`	`374`	`_, err := result.ReadFrom(reader)`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,8 @@ func MapToCurve1(u *fp.Element) G1Affine {`
`93`	`93`	`signsNotEqual := g1Sgn0(u) ^ g1Sgn0(&y) // 34. e3 = sgn0(u) == sgn0(y)`
`94`	`94`
`95`	`95`	`tv1.Neg(&y)`
`96`		`- y.Select(int(signsNotEqual), &y, &tv1) // 35. y = CMOV(-y, y, e3) # Select correct sign of y`
	`96`	`+ // 35. y = CMOV(-y, y, e3) # Select correct sign of y`
	`97`	`+ y.Select(int(signsNotEqual), &y, &tv1) // #nosec G115 not overflow territory here`
`97`	`98`	`return G1Affine{x, y}`
`98`	`99`	`}`
`99`	`100`
Original file line number	Diff line number	Diff line change
`@@ -415,7 +415,7 @@ func (f *FieldConfig) WriteElement(element Element) string {`
`415`	`415`	`var subElementNames string`
`416`	`416`	`if length > 1 {`
`417`	`417`	`builder.WriteString("\n")`
`418`		`- subElementNames = CoordNameForExtensionDegree(uint8(length))`
	`418`	`+ subElementNames = CoordNameForExtensionDegree(uint8(length)) // #nosec G115 not overflow territory here`
`419`	`419`	`}`
`420`	`420`	`for i, e := range element {`
`421`	`421`	`if length > 1 {`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {`
`18`	`18`	`if len(dst) > 255 {`
`19`	`19`	`return nil, errors.New("invalid domain size (>255 bytes)")`
`20`	`20`	`}`
`21`		`- sizeDomain := uint8(len(dst))`
	`21`	`+ sizeDomain := uint8(len(dst)) // #nosec G115 not overflow territory here, checked above`
`22`	`22`
`23`	`23`	`// Z_pad = I2OSP(0, r_in_bytes)`
`24`	`24`	`// l_i_b_str = I2OSP(len_in_bytes, 2)`
`@@ -31,7 +31,9 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {`
`31`	`31`	`if _, err := h.Write(msg); err != nil {`
`32`	`32`	`return nil, err`
`33`	`33`	`}`
`34`		`- if _, err := h.Write([]byte{uint8(lenInBytes >> 8), uint8(lenInBytes), uint8(0)}); err != nil {`
	`34`	`+ s := uint8(lenInBytes >> 8) // #nosec G115 not overflow territory here`
	`35`	`+ b := uint8(lenInBytes) // #nosec G115 not overflow territory here`
	`36`	`+ if _, err := h.Write([]byte{s, b, 0}); err != nil {`
`35`	`37`	`return nil, err`
`36`	`38`	`}`
`37`	`39`	`if _, err := h.Write(dst); err != nil {`
`@@ -71,7 +73,8 @@ func ExpandMsgXmd(msg, dst []byte, lenInBytes int) ([]byte, error) {`
`71`	`73`	`if _, err := h.Write(strxor); err != nil {`
`72`	`74`	`return nil, err`
`73`	`75`	`}`
`74`		`- if _, err := h.Write([]byte{uint8(i)}); err != nil {`
	`76`	`+ bi := uint8(i) // #nosec G115 not overflow territory here`
	`77`	`+ if _, err := h.Write([]byte{bi}); err != nil {`
`75`	`78`	`return nil, err`
`76`	`79`	`}`
`77`	`80`	`if _, err := h.Write(dst); err != nil {`