From 7197f3c0e4d304ceb5e01182b10da71201c5ebd8 Mon Sep 17 00:00:00 2001
From: Arnab Ghose <arnab.ghose128@gmail.com>
Date: Sat, 25 Nov 2023 11:39:32 +0530
Subject: [PATCH] gosec fix: made changes based on gosec analyzer results

---
 .github/workflows/gosec.yml                  | 2 +-
 app/export.go                                | 4 ++--
 cmd/hid-noded/cmd/debug_extensions.go        | 2 +-
 x/ssi/ante/decorators.go                     | 2 +-
 x/ssi/keeper/msg_server_create_credential.go | 5 ++++-
 x/ssi/keeper/msg_server_update_credential.go | 7 +++++--
 x/ssi/keeper/msg_server_update_did.go        | 2 +-
 x/ssi/types/genesis.go                       | 5 ++++-
 8 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index b9fedb6..30afd28 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -1,4 +1,4 @@
-name: Run Gosec
+name: Gosec
 on:
   pull_request:
 
diff --git a/app/export.go b/app/export.go
index 1ca7d25..2ef89a5 100644
--- a/app/export.go
+++ b/app/export.go
@@ -150,6 +150,8 @@ func (app *HidnodeApp) prepForZeroHeightGenesis(ctx sdk.Context, jailAllowedAddr
 	iter := sdk.KVStoreReversePrefixIterator(store, stakingtypes.ValidatorsKey)
 	counter := int16(0)
 
+	defer iter.Close()
+
 	for ; iter.Valid(); iter.Next() {
 		addr := sdk.ValAddress(iter.Key()[1:])
 		validator, found := app.StakingKeeper.GetValidator(ctx, addr)
@@ -166,8 +168,6 @@ func (app *HidnodeApp) prepForZeroHeightGenesis(ctx sdk.Context, jailAllowedAddr
 		counter++
 	}
 
-	iter.Close()
-
 	if _, err := app.StakingKeeper.ApplyAndReturnValidatorSetUpdates(ctx); err != nil {
 		panic(err)
 	}
diff --git a/cmd/hid-noded/cmd/debug_extensions.go b/cmd/hid-noded/cmd/debug_extensions.go
index bf49e13..3a21b51 100644
--- a/cmd/hid-noded/cmd/debug_extensions.go
+++ b/cmd/hid-noded/cmd/debug_extensions.go
@@ -2,7 +2,7 @@ package cmd
 
 import (
 	"crypto/ed25519"
-	"crypto/rand"
+	"crypto/rand" /* #nosec G702 */
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
diff --git a/x/ssi/ante/decorators.go b/x/ssi/ante/decorators.go
index a8be82e..f63bbf4 100644
--- a/x/ssi/ante/decorators.go
+++ b/x/ssi/ante/decorators.go
@@ -63,7 +63,7 @@ func (mfd MempoolFeeDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate b
 
 			// Determine the required fees by multiplying each required minimum gas
 			// price by the gas limit, where fee = ceil(minGasPrice * gasLimit).
-			glDec := sdk.NewDec(int64(gas))
+			glDec := sdk.NewDec(int64(gas)) /* #nosec G701 */
 			for i, gp := range minGasPrices {
 				fee := gp.Amount.Mul(glDec)
 				requiredFees[i] = sdk.NewCoin(gp.Denom, fee.Ceil().RoundInt())
diff --git a/x/ssi/keeper/msg_server_create_credential.go b/x/ssi/keeper/msg_server_create_credential.go
index e6b8322..19d83d6 100644
--- a/x/ssi/keeper/msg_server_create_credential.go
+++ b/x/ssi/keeper/msg_server_create_credential.go
@@ -54,7 +54,10 @@ func (k msgServer) RegisterCredentialStatus(goCtx context.Context, msg *types.Ms
 	}
 
 	// Check if the created date before issuance date
-	currentDate, _ := time.Parse(time.RFC3339, msgCredProof.Created)
+	currentDate, err := time.Parse(time.RFC3339, msgCredProof.Created)
+	if err != nil {
+		return nil, err
+	}
 	if currentDate.Before(issuanceDateParsed) {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidDate, "proof attached has a creation date before issuance date")
 	}
diff --git a/x/ssi/keeper/msg_server_update_credential.go b/x/ssi/keeper/msg_server_update_credential.go
index d1094a6..333709f 100644
--- a/x/ssi/keeper/msg_server_update_credential.go
+++ b/x/ssi/keeper/msg_server_update_credential.go
@@ -3,7 +3,7 @@ package keeper
 import (
 	"context"
 	"fmt"
-	"reflect"
+	"reflect" /* #nosec G702 */
 	"time"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -89,7 +89,10 @@ func (k msgServer) UpdateCredentialStatus(goCtx context.Context, msg *types.MsgU
 	}
 
 	// Check if the created date before issuance date
-	currentDate, _ := time.Parse(time.RFC3339, msgNewCredProof.Created)
+	currentDate, err := time.Parse(time.RFC3339, msgNewCredProof.Created)
+	if err != nil {
+		return nil, err
+	}
 	if currentDate.Before(newIssuanceDateParsed) {
 		return nil, sdkerrors.Wrapf(types.ErrInvalidDate, "proof attached has a creation date before issuance date")
 	}
diff --git a/x/ssi/keeper/msg_server_update_did.go b/x/ssi/keeper/msg_server_update_did.go
index a5aad68..dd759d1 100644
--- a/x/ssi/keeper/msg_server_update_did.go
+++ b/x/ssi/keeper/msg_server_update_did.go
@@ -3,7 +3,7 @@ package keeper
 import (
 	"context"
 	"fmt"
-	"reflect"
+	"reflect" /* #nosec G702 */
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
diff --git a/x/ssi/types/genesis.go b/x/ssi/types/genesis.go
index b3fce73..df22bb6 100644
--- a/x/ssi/types/genesis.go
+++ b/x/ssi/types/genesis.go
@@ -18,7 +18,10 @@ func DefaultGenesis() *GenesisState {
 func (gs GenesisState) Validate() error {
 	namespace := gs.ChainNamespace
 
-	regexPattern, _ := regexp.Compile("^[a-zA-Z0-9-]*$") // Matches string containing whitespaces and tabs
+	regexPattern, err := regexp.Compile("^[a-zA-Z0-9-]*$") // Matches string containing whitespaces and tabs
+	if err != nil {
+		return err
+	}
 	maxChainNamespaceLength := 10
 
 	if len(namespace) > maxChainNamespaceLength {