node icon indicating copy to clipboard operation
node copied to clipboard
verified publisher icon zeta-chain

Fix ZetaClient gosec

Open lumtis opened this issue 1 year ago • 1 comments

Three gosec entries reported recently:

[/github/workspace/zetaclient/evm/evm_client.go:809] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    808: 		if _, err := os.Stat(dbPath); os.IsNotExist(err) {
  > 809: 			err := os.MkdirAll(dbPath, os.ModePerm)
    810: 			if err != nil {



[/github/workspace/zetaclient/config/config.go:20] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    19: 	folderPath := filepath.Join(path, folder)
  > 20: 	err := os.MkdirAll(folderPath, os.ModePerm)
    21: 	if err != nil {



[/github/workspace/zetaclient/bitcoin/bitcoin_client.go:1660] - G301 (CWE-276): Expect directory permissions to be 0750 or less (Confidence: HIGH, Severity: MEDIUM)
    1659: 	if _, err := os.Stat(dbpath); os.IsNotExist(err) {
  > 1660: 		err := os.MkdirAll(dbpath, os.ModePerm)
    1661: 		if err != nil {

lumtis avatar May 14 '24 15:05 lumtis

Caused by using @master as version, which got updated today to v2.20 https://github.com/securego/gosec/releases/tag/v2.20.0 and caught this issue https://github.com/securego/gosec/commit/6fbd381238e97e1d1f3358f0d6d65de78dcf9245.

Currently hardcoded it back to v2.19 which was used before, and this fixes build, but let's use this issue to update this, because there are some useful bug fixes, including this one.

skosito avatar May 14 '24 20:05 skosito