diff --git a/.github/ISSUE_TEMPLATE/module-readiness-checklist.md b/.github/ISSUE_TEMPLATE/module-readiness-checklist.md deleted file mode 100644 index 4e6bebe..0000000 --- a/.github/ISSUE_TEMPLATE/module-readiness-checklist.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -name: Module Readiness Checklist -about: Pre-flight checklist that modules must pass in order to be included in a release of the Cosmos SDK -labels: 'module-readiness-checklist' ---- - -## x/{MODULE_NAME} Module Readiness Checklist - -This checklist is to be used for tracking the final internal audit of new Cosmos SDK modules prior to inclusion in a published release. - -### Release Candidate Checklist - -The following checklist should be gone through once the module has been fully implemented. This audit should be performed directly on `main`, or preferably on a `alpha` or `beta` release tag that includes the module. - -The module **should not** be included in any Release Candidate tag until it has passed this checklist. - -- [ ] API audit (at least 1 person) (@assignee) - - [ ] Are Msg and Query methods and types well-named and organized? - - [ ] Is everything well documented (inline godoc as well as the spec [README.md](https://github.com/cosmos/cosmos-sdk/blob/main/docs/spec/SPEC-SPEC.md) in module directory) -- [ ] State machine audit (at least 2 people) (@assignee1, @assignee2) - - [ ] Read through MsgServer code and verify correctness upon visual inspection - - [ ] Ensure all state machine code which could be confusing is properly commented - - [ ] Make sure state machine logic matches Msg method documentation - - [ ] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) - - [ ] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method - - [ ] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed -- [ ] Completeness audit, fully implemented with tests (at least 1 person) (@assignee) - - [ ] Genesis import and export of all state - - [ ] Query services - - [ ] CLI methods - - [ ] All necessary migration scripts are present (if this is an upgrade of existing module) - -### Published Release Checklist - -After the above checks have been audited and the module is included in a tagged Release Candidate, the following additional checklist should be undertaken for live testing, and potentially a 3rd party audit (if deemed necessary): - -- [ ] Testnet / devnet testing (2-3 people) (@assignee1, @assignee2, @assignee3) - - [ ] All Msg methods have been tested especially in light of any potential threats identified - - [ ] Genesis import and export has been tested -- [ ] Nice to have (and needed in some cases if threats could be high): Official 3rd party audit diff --git a/.github/ISSUE_TEMPLATE/qa.md b/.github/ISSUE_TEMPLATE/qa.md deleted file mode 100644 index 6b0ef14..0000000 --- a/.github/ISSUE_TEMPLATE/qa.md +++ /dev/null @@ -1,87 +0,0 @@ - - -## Summary - - - -## Major Changes - - - -## Gotchas - - - -## QA Breakdown - -* Audit - * [ ] Audit BaseApp - * [ ] Audit Types - * [ ] Audit x/auth - * [ ] Audit x/authz - * [ ] Audit x/bank - * [ ] Audit x/circuit - * [ ] Audit x/consensus - * [ ] Audit x/crisis - * [ ] Audit x/distribution - * [ ] Audit x/evidence - * [ ] Audit x/feegrant - * [ ] Audit x/genutil - * [ ] Audit x/gov - * [ ] Audit x/group - * [ ] Audit x/mint - * [ ] Audit x/nft - * [ ] Audit x/simulation - * [ ] Audit x/slashing - * [ ] Audit x/staking - * [ ] Audit x/tx - * [ ] Audit x/upgrade - * [ ] Audit client - * [ ] Audit server - * [ ] Audit store - * [ ] Audit runtime - * [ ] Audit simapp -* [ ] Release alpha -* [ ] Cosmos-SDK testnet -* [ ] Public testnet (IBC, WASM, SDK) -* [ ] Upgrade a chain with data from vX -* Release documentation - * [ ] Audit UPGRADING.md - * [ ] Update all codeblock to the appropriate version number - - -### Audit checklist - -* please copy to a markdown to follow while you walk through the code -* 2 people should be assigned to each section - -* [ ] API audit - * spec audit: check if the spec is complete. - * Are Msg and Query methods and types well-named and organized? - * Is everything well documented (inline godoc as well as package [`README.md`](https://docs.cosmos.network/main/spec/SPEC_MODULE#common-layout) in module directory) - * check the proto definition - make sure everything is in accordance to ADR-30 (at least 1 person, TODO assignee) - * Check new fields and endpoints have the `Since: cosmos-sdk X` comment -* [ ] Completeness audit, fully implemented with tests - * [ ] Genesis import and export of all state - * [ ] Query services - * [ ] CLI methods - * [ ] All necessary migration scripts are present (if this is an upgrade of existing module) -* [ ] State machine audit - * [ ] Read through MsgServer code and verify correctness upon visual inspection - * [ ] Ensure all state machine code which could be confusing is properly commented - * [ ] Make sure state machine logic matches Msg method documentation - * [ ] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) - * [ ] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method. Specifically we should be paying attention to: - * [ ] algorithmic complexity and places this could be exploited (ex. nested `for` loops) - * [ ] charging gas complex computation (ex. `for` loops) - * [ ] storage is safe (we don't pollute the state). - * [ ] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed - * [ ] Check correctness of simulation implementation if any -* [ ] Audit Changelog against commit log, ensuring all breaking changes, bug fixes, and improvements are properly documented. - -If any changes are needed, please make them against main and backport them to release/vX.X.x diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index ef76a10..0000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,50 +0,0 @@ - - -## Description - -Closes: #XXXX - - - ---- - -### Author Checklist - -*All items are required. Please add a note to the item if the item is not applicable and -please add links to any relevant follow up issues.* - -I have... - -* [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title -* [ ] added `!` to the type prefix if API or client breaking change -* [ ] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#pr-targeting)) -* [ ] provided a link to the relevant issue or specification -* [ ] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/main/docs/docs/building-modules) -* [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/main/CONTRIBUTING.md#testing) -* [ ] added a changelog entry to `CHANGELOG.md` -* [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) -* [ ] updated the relevant documentation or specification -* [ ] reviewed "Files changed" and left comments if necessary -* [ ] confirmed all CI checks have passed - -### Reviewers Checklist - -*All items are required. Please add a note if the item is not applicable and please add -your handle next to the items reviewed if you only reviewed selected items.* - -I have... - -* [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title -* [ ] confirmed `!` in the type prefix if API or client breaking change -* [ ] confirmed all author checklist items have been addressed -* [ ] reviewed state machine logic -* [ ] reviewed API design and naming -* [ ] reviewed documentation is accurate -* [ ] reviewed tests and test coverage -* [ ] manually tested (if applicable) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 22daf2c..8f2edd2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build SimApp +name: Build rosetta # This workflow is run on pushes to main & every Pull Requests where a .go, .mod, .sum have been changed on: pull_request: diff --git a/.github/workflows/consensuswarn.yml b/.github/workflows/consensuswarn.yml deleted file mode 100644 index c2944e3..0000000 --- a/.github/workflows/consensuswarn.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "Warn about consensus code changes" - -on: - pull_request_target: - types: - - opened - - edited - - synchronize - -jobs: - main: - permissions: - pull-requests: write # For reading the PR and posting comment - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: orijtech/consensuswarn@main - with: - roots: "github.com/cosmos/cosmos-sdk/baseapp.BaseApp.PrepareProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.ProcessProposal,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.FinalizeBlock,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.Commit,github.com/cosmos/cosmos-sdk/baseapp.BaseApp.VerifyVoteExtension" diff --git a/.github/workflows/dependabot-update-all.yml b/.github/workflows/dependabot-update-all.yml deleted file mode 100644 index 5f6342a..0000000 --- a/.github/workflows/dependabot-update-all.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Dependabot Update All Go Modules -on: pull_request - -permissions: - pull-requests: write - -jobs: - update-all: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name }} - ref: ${{ github.event.pull_request.head.ref }} - # Secret to be added in the repo under Settings > Secrets > Dependabot - token: ${{ secrets.PRBOT_PAT }} - - uses: actions/setup-go@v4 - with: - go-version: "1.20" - check-latest: true - - name: Extract updated dependency - id: deps - run: | - # Extract the dependency name from the PR title - # Example: "build(deps): Bump github.com/cosmos/cosmos-sdk from 0.46.0 to 0.47.0" - # Extracts "github.com/cosmos/cosmos-sdk" and "0.47.0" - echo "::set-output name=name::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)" - echo "::set-output name=version::$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 7)" - - name: Update all Go modules - run: | - ./scripts/go-update-dep-all.sh ${{ format('{0}@v{1}', steps.deps.outputs.name, steps.deps.outputs.version) }} - ./scripts/go-mod-tidy-all.sh - - name: Commit changes - uses: EndBug/add-and-commit@v9 - with: - default_author: github_actions - message: "${{ github.event.pull_request.title }} for all modules" diff --git a/.github/workflows/md-link-checker.yml b/.github/workflows/md-link-checker.yml deleted file mode 100644 index 23749b5..0000000 --- a/.github/workflows/md-link-checker.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Check Markdown links -on: - schedule: - - cron: '* */24 * * *' -jobs: - markdown-link-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 - with: - folder-path: "docs" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 728a12e..dfec955 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,4 +38,4 @@ jobs: if: env.GIT_DIFF run: | make test - go test -mod=readonly -timeout 30m -coverprofile=coverage.out -covermode=atomic -tags='norace ledger test_ledger_mock rocksdb_build' ./... \ No newline at end of file + go test -mod=readonly -timeout 30m -coverprofile=coverage.out -covermode=atomic ./... diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..e0a8fc5 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,116 @@ +run: + tests: true + timeout: 10m + sort-results: true + allow-parallel-runners: true + exclude-dir: testutil/testdata + +linters: + disable-all: true + enable: + - depguard + - dogsled + - exportloopref + - goconst + - gocritic + - gofumpt + - gosec + - gosimple + - govet + - ineffassign + - misspell + - nakedret + - nolintlint + - staticcheck + - revive + - stylecheck + - typecheck + - unconvert + - unused + +issues: + exclude-rules: + - text: "Use of weak random number generator" + linters: + - gosec + - text: "ST1003:" + linters: + - stylecheck + - text: "ST1016:" + linters: + - stylecheck + - path: "migrations" + text: "SA1019:" + linters: + - staticcheck + - text: "SA1019: codec.NewAminoCodec is deprecated" # TODO remove once migration path is set out + linters: + - staticcheck + - text: "leading space" + linters: + - nolintlint + + max-issues-per-linter: 10000 + max-same-issues: 10000 + +linters-settings: + gosec: + # To select a subset of rules to run. + # Available rules: https://github.com/securego/gosec#available-rules + # Default: [] - means include all rules + includes: + # - G101 # Look for hard coded credentials + - G102 # Bind to all interfaces + - G103 # Audit the use of unsafe block + - G104 # Audit errors not checked + - G106 # Audit the use of ssh.InsecureIgnoreHostKey + - G107 # Url provided to HTTP request as taint input + - G108 # Profiling endpoint automatically exposed on /debug/pprof + - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 + - G110 # Potential DoS vulnerability via decompression bomb + - G111 # Potential directory traversal + - G112 # Potential slowloris attack + - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772) + - G114 # Use of net/http serve function that has no support for setting timeouts + - G201 # SQL query construction using format string + - G202 # SQL query construction using string concatenation + - G203 # Use of unescaped data in HTML templates + - G204 # Audit use of command execution + - G301 # Poor file permissions used when creating a directory + - G302 # Poor file permissions used with chmod + - G303 # Creating tempfile using a predictable path + - G304 # File path provided as taint input + - G305 # File traversal when extracting zip/tar archive + - G306 # Poor file permissions used when writing to a new file + - G307 # Deferring a method which returns an error + - G401 # Detect the usage of DES, RC4, MD5 or SHA1 + - G402 # Look for bad TLS connection settings + - G403 # Ensure minimum RSA key length of 2048 bits + - G404 # Insecure random number source (rand) + - G501 # Import blocklist: crypto/md5 + - G502 # Import blocklist: crypto/des + - G503 # Import blocklist: crypto/rc4 + - G504 # Import blocklist: net/http/cgi + - G505 # Import blocklist: crypto/sha1 + - G601 # Implicit memory aliasing of items from a range statement + misspell: + locale: US + gofumpt: + extra-rules: true + dogsled: + max-blank-identifiers: 5 + maligned: + suggest-new: true + nolintlint: + allow-unused: false + allow-leading-space: true + require-explanation: true + require-specific: false + gosimple: + checks: ["all"] + + gocritic: + disabled-checks: + - regexpMust + - appendAssign + - ifElseChain diff --git a/Makefile b/Makefile index 60a5999..a8135b7 100644 --- a/Makefile +++ b/Makefile @@ -11,4 +11,19 @@ build: test: go test -mod=readonly -race ./... -.PHONY: all build rosetta test \ No newline at end of file +############################################################################### +### Linting ### +############################################################################### + +golangci_lint_cmd=golangci-lint +golangci_version=v1.51.2 +lint: + @echo "--> Running linter" + @go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(golangci_version) + @./scripts/go-lint-all.bash --timeout=15m +lint-fix: + @echo "--> Running linter" + @go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(golangci_version) + @./scripts/go-lint-all.bash --fix + +.PHONY: all build rosetta test lint lint-fix \ No newline at end of file diff --git a/scripts/go-lint-all.bash b/scripts/go-lint-all.bash new file mode 100755 index 0000000..b996068 --- /dev/null +++ b/scripts/go-lint-all.bash @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +set -eu -o pipefail + +REPO_ROOT="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )/.." &> /dev/null && pwd )" +export REPO_ROOT + +lint_module() { + local root="$1" + shift + cd "$(dirname "$root")" && + echo "linting $(grep "^module" go.mod) [$(date -Iseconds -u)]" && + golangci-lint run ./... -c "${REPO_ROOT}/.golangci.yml" "$@" +} +export -f lint_module + +find "${REPO_ROOT}" -type f -name go.mod -print0 | + xargs -0 -I{} bash -c 'lint_module "$@"' _ {} "$@" # Prepend go.mod file before command-line args.