Emmanuel T Odeke issues

Results 183 issues of


                                            Emmanuel T Odeke

rules/sdk: G703 errors not propagated should obey hash.Hash.Write not returning an error

I've seen this error ```shell [/go/src/github.com/cosmos/cosmos-sdk/crypto/hd/hdpath.go:269] - G703 (CWE-): Returned error is not propagated up the stack. (Confidence: HIGH, Severity: LOW) 268: // sha512 does not err > 269: _,...

rules/sdk: add pass to reject time.Now()

time.Now() uses local clocks that unfortunately when used in distributed consensus introduce lots of skew and can be exploited in vulnerabilities. Instead there is consensus aware clock whose timestamp is...

rules/sdk: flag methods inside sort comparators to avoid quadratic worst case time & memory consumption: instead recommend O(n) computations and memoization of results

### Summary If we look at this cosmos-sdk issue https://github.com/cosmos/cosmos-sdk/issues/7766 we can see that it was fixed by https://github.com/cosmos/cosmos-sdk/pull/8719 and one of the root causes was this code ```go sort.Slice(balances,...

enhancement

rules/sdk: flag panics in BeginBlock/Endblock

Requested in #1 by @ebuchman saying >panics in Begin/EndBlock (these are allowed in tx handling, since they're handled by the SDK, but not in the Begin/EndBlock)

rules/sdk: add check for missing .IsNil check before deference after being cast from an interface{} to avoid nil pointer dereferences

### Summary There is this cosmos-sdk bug https://github.com/cosmos/cosmos-sdk/issues/5621 in which an sdk.Dec value was cast from an interface{} value, thus can be nil. We really should be able to detect...

enhancement

rules/sdk: G701 IntegerCast invalid warnings casting int to int64

I've just seen this report for G701 for code already in the rules themselbves ```shell [/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:39] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)...

bug

rules/sdk: is it pedantic to reject reflect, runtime, math/rand, crypto/rand?

The purpose of this issue is to ask if we are being pedantic about some of these imports: If we look at https://github.com/informalsystems/gosec/blob/a284576b08668f2835734b359b27faea587a98b1/rules/sdk/blocklist.go#L71-L78 we can see a bunch of critical...

e4c_store_mem: examine O(n) key lookup algorithm and examine if we need to a hash map if size is massive

Just noticed while auditing the code https://github.com/teserakt-io/libe4/blob/601fd4dbddfa608cb226dff85609b6c9dff29590/src/e4c_store_mem.c#L84-L104 but we don't have an explanation on the number of keys that can be stored in e4store. What's going to be the usual...

O-Linux

A-Storage

P-LOW

readiness method checklist for completion

While at the meeting at Uber, I recall a suggestion that I should make a readiness report with a checklist to list out methods that are already completed. This issue...

history: add trip count feature

Raised offline by @indragiek(citation for credit) when I was marketing the project to him, getting a total sum of trips would be a convenience method.