wormhole-foundation · djb15 · Jan 17, 2025 · Jan 17, 2025 · Jan 18, 2025 · Jan 28, 2025
@@ -293,7 +293,7 @@ jobs:
       - name: Formatting checks
         run: ./scripts/lint.sh -l -g format
       - name: Install linters
-        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.1
+        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.63.4
       - name: Run linters
         run: make generate && golangci-lint --version && ./scripts/lint.sh -g lint
       - name: Ensure generated proto matches

@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"math"
 	"net/http"
 	"sort"
 	"strings"
@@ -201,9 +202,16 @@ func (s *httpServer) handleQuery(w http.ResponseWriter, r *http.Request) {
 			return res.Signatures[i].Index < res.Signatures[j].Index
 		})
 		signatures := make([]string, 0, len(res.Signatures))
-		for _, s := range res.Signatures {
+		for _, sig := range res.Signatures {
+			if sig.Index > math.MaxUint8 {
+				s.logger.Error("Signature index out of bounds", zap.Int("sig.Index", sig.Index))
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				invalidQueryRequestReceived.WithLabelValues("failed_to_marshal_response").Inc()
+				failedQueriesByUser.WithLabelValues(permEntry.userName).Inc()
+				break
+			}
 			// ECDSA signature + a byte for the index of the guardian in the guardian set
-			signature := fmt.Sprintf("%s%02x", s.Signature, uint8(s.Index))
+			signature := fmt.Sprintf("%s%02x", sig.Signature, uint8(sig.Index)) // #nosec G115 -- This is validated above
 			signatures = append(signatures, signature)
 		}
 		w.Header().Add("Content-Type", "application/json")

@@ -258,9 +258,10 @@ func runQueryServer(cmd *cobra.Command, args []string) {
 		if statServer != nil && *shutdownDelay1 != 0 {
 			logger.Info("Received sigterm. disabling health checks and pausing.")
 			statServer.disableHealth()
-			time.Sleep(time.Duration(*shutdownDelay1) * time.Second)
+			time.Sleep(time.Duration(*shutdownDelay1) * time.Second) // #nosec G115 -- Defaults to 25 seconds, overflowing is infeasible
 			numPending := 0
 			logger.Info("Waiting for any outstanding requests to complete before shutting down.")
+			// #nosec G115 -- Defaults to 65 seconds, overflowing is infeasible
 			for count := 0; count < int(*shutdownDelay2); count++ {
 				time.Sleep(time.Second)
 				numPending = pendingResponses.NumPending()

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"os"
 	"strconv"
 	"strings"
@@ -301,6 +302,7 @@ func runFindMissingMessages(cmd *cobra.Command, args []string) {
 	if err != nil {
 		log.Fatalf("invalid chain ID: %v", err)
 	}
+
 	emitterAddress := args[1]
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
@@ -312,8 +314,12 @@ func runFindMissingMessages(cmd *cobra.Command, args []string) {
 	}
 	defer conn.Close()
 
+	if chainID > math.MaxUint16 {
+		log.Fatalf("chain ID is not a valid 16 bit unsigned integer: %v", err)
+	}
+
 	msg := nodev1.FindMissingMessagesRequest{
-		EmitterChain:   uint32(chainID),
+		EmitterChain:   uint32(chainID), // #nosec G115 -- This conversion is checked above
 		EmitterAddress: emitterAddress,
 		RpcBackfill:    *shouldBackfill,
 		BackfillNodes:  sdk.PublicRPCEndpoints,
@@ -343,6 +349,10 @@ func runDumpVAAByMessageID(cmd *cobra.Command, args []string) {
 	if err != nil {
 		log.Fatalf("invalid chain ID: %v", err)
 	}
+	// We only constrain this to int32 now, not uint16, given the ChainID protobuf definition
+	if chainID > math.MaxInt32 {
+		log.Fatalf("chain id must not exceed the max int32: %v", chainID)
+	}
 	emitterAddress := parts[1]
 	seq, err := strconv.ParseUint(parts[2], 10, 64)
 	if err != nil {
@@ -560,11 +570,11 @@ func runChainGovernorResetReleaseTimer(cmd *cobra.Command, args []string) {
 	if len(args) > 1 {
 		numDaysArg, err := strconv.Atoi(args[1])
 
-		if err != nil {
+		if numDaysArg > math.MaxUint32 || err != nil {
 			log.Fatalf("invalid num_days: %v", err)
 		}
 
-		numDays = uint32(numDaysArg)
+		numDays = uint32(numDaysArg) // #nosec G115 -- This is validated above
 	}
 
 	msg := nodev1.ChainGovernorResetReleaseTimerRequest{

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math"
 	"os"
 	"sort"
 	"strings"
@@ -166,6 +167,9 @@ func runListNodes(cmd *cobra.Command, args []string) {
 		truncAddrs := make(map[vaa.ChainID]string)
 		errors := map[vaa.ChainID]uint64{}
 		for _, n := range h.RawHeartbeat.Networks {
+			if n.Id > math.MaxUint16 {
+				log.Fatalf("heartbeat chain id is greater than MaxUint16: %v", n.Id)
+			}
 			heights[vaa.ChainID(n.Id)] = n.Height
 			errors[vaa.ChainID(n.Id)] = n.ErrorCount
 			if len(n.ContractAddress) >= 16 {

@@ -359,15 +359,15 @@ func runGuardianSetTemplate(cmd *cobra.Command, args []string) {
 	// Use deterministic devnet addresses as examples in the template, such that this doubles as a test fixture.
 	guardians := make([]*nodev1.GuardianSetUpdate_Guardian, *setUpdateNumGuardians)
 	for i := 0; i < *setUpdateNumGuardians; i++ {
-		k := devnet.InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i))
+		k := devnet.InsecureDeterministicEcdsaKeyByIndex(crypto.S256(), uint64(i)) // #nosec G115 -- Number of guardians will never overflow here
 		guardians[i] = &nodev1.GuardianSetUpdate_Guardian{
 			Pubkey: crypto.PubkeyToAddress(k.PublicKey).Hex(),
 			Name:   fmt.Sprintf("Example validator %d", i),
 		}
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- Number of guardians will never overflow here
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -397,7 +397,7 @@ func runContractUpgradeTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -429,7 +429,7 @@ func runTokenBridgeRegisterChainTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -463,7 +463,7 @@ func runTokenBridgeUpgradeContractTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -505,7 +505,7 @@ func runRecoverChainIdTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -596,7 +596,7 @@ func runAccountantModifyBalanceTemplate(cmd *cobra.Command, args []string) {
 		log.Fatalf("reason is too long, can be at most %d bytes", vaa.AccountantModifyBalanceReasonLength)
 	}
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -642,7 +642,7 @@ func runCircleIntegrationUpdateWormholeFinalityTemplate(cmd *cobra.Command, args
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -695,7 +695,7 @@ func runCircleIntegrationRegisterEmitterAndDomainTemplate(cmd *cobra.Command, ar
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -736,7 +736,7 @@ func runCircleIntegrationUpgradeContractImplementationTemplate(cmd *cobra.Comman
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -775,7 +775,7 @@ func runWormchainStoreCodeTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -812,7 +812,7 @@ func runWormchainInstantiateContractTemplate(cmd *cobra.Command, args []string)
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -851,7 +851,7 @@ func runWormchainMigrateContractTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -895,7 +895,7 @@ func runWormchainWasmInstantiateAllowlistTemplate(action nodev1.WormchainWasmIns
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -933,7 +933,7 @@ func runGatewayScheduleUpgradeTemplate(cmd *cobra.Command, args []string) {
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -957,7 +957,7 @@ func runGatewayScheduleUpgradeTemplate(cmd *cobra.Command, args []string) {
 
 func runGatewayCancelUpgradeTemplate(cmd *cobra.Command, args []string) {
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -980,7 +980,7 @@ func runGatewayIbcComposabilityMwSetContractTemplate(cmd *cobra.Command, args []
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -1034,7 +1034,7 @@ func runIbcUpdateChannelChainTemplate(module nodev1.IbcUpdateChannelChainModule)
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -1070,7 +1070,7 @@ func runWormholeRelayerSetDefaultDeliveryProviderTemplate(cmd *cobra.Command, ar
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -1119,7 +1119,7 @@ func runGeneralPurposeGovernanceEvmCallTemplate(cmd *cobra.Command, args []strin
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),
@@ -1163,7 +1163,7 @@ func runGeneralPurposeGovernanceSolanaCallTemplate(cmd *cobra.Command, args []st
 	}
 
 	m := &nodev1.InjectGovernanceVAARequest{
-		CurrentSetIndex: uint32(*templateGuardianIndex),
+		CurrentSetIndex: uint32(*templateGuardianIndex), // #nosec G115 -- This will never overflow
 		Messages: []*nodev1.GovernanceMessage{
 			{
 				Sequence: rand.Uint64(),

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"math"
 	"net"
 	"net/http"
 	"os"
@@ -187,8 +188,11 @@ func (s *spyServer) SubscribeSignedVAA(req *spyv1.SubscribeSignedVAARequest, res
 				if err != nil {
 					return status.Error(codes.InvalidArgument, fmt.Sprintf("failed to decode emitter address: %v", err))
 				}
+				if t.EmitterFilter.GetChainId() > math.MaxUint16 {
+					return status.Error(codes.InvalidArgument, fmt.Sprintf("emitter chain id must be a valid 16 bit unsigned integer: %v", t.EmitterFilter.ChainId.Number()))
+				}
 				fi = append(fi, filterSignedVaa{
-					chainId:     vaa.ChainID(t.EmitterFilter.ChainId),
+					chainId:     vaa.ChainID(t.EmitterFilter.ChainId), // #nosec G115 -- This is validated above
 					emitterAddr: addr,
 				})
 			default:

@@ -51,7 +51,7 @@ func main() {
 		logger.Fatal("failed to load guardian key", zap.Error(err))
 	}
 
-	sequence := uint64(time.Now().Unix())
+	sequence := uint64(time.Now().Unix()) // #nosec G115 -- This is safe indefinitely
 	timestamp := time.Now()
 
 	if !testSubmit(ctx, logger, guardianSigner, wormchainConn, contract, "0000000000000000000000000290fb167208af455bb137780163b7b7a9a10c16", timestamp, sequence, true, "Submit should succeed") {

@@ -9,6 +9,7 @@ import (
 	"context"
 	"flag"
 	"log"
+	"math"
 
 	"github.com/certusone/wormhole/node/pkg/watchers/evm"
 	"github.com/certusone/wormhole/node/pkg/watchers/evm/connectors"
@@ -31,7 +32,11 @@ func main() {
 		log.Fatal("No transaction specified")
 	}
 
-	chainID := vaa.ChainID(*flagChainID)
+	if *flagChainID > math.MaxUint16 {
+		log.Fatalf("chain id is not a valid uint16: %d", *flagChainID)
+	}
+
+	chainID := vaa.ChainID(*flagChainID) // #nosec G115 -- This is validated above
 
 	ctx := context.Background()
 

@@ -138,7 +138,7 @@ func main() {
 
 	// Manual p2p setup
 	components := p2p.DefaultComponents()
-	components.Port = uint(*p2pPort)
+	components.Port = uint(*p2pPort) // #nosec G115 -- TCP ports are 16 bit, so this conversion is safe
 	bootstrapPeers := *p2pBootstrap
 	networkID := *p2pNetworkID + "/ccq"
 

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
 	"net/http"
 	"net/http/cookiejar"
 	"strconv"
@@ -397,12 +398,18 @@ func main() {
 
 		var from, to string
 		if lastHeight == 0 {
-			from = strconv.Itoa(int(currentHeight - step))
+			if currentHeight-step > math.MaxInt {
+				log.Fatalf("from block overflowed: %v", currentHeight-step)
+			}
+			from = strconv.Itoa(int(currentHeight - step)) // #nosec G115 -- This is checked above
 			to = "latest"
 			lastHeight = currentHeight
 		} else {
-			from = strconv.Itoa(int(lastHeight - step))
-			to = strconv.Itoa(int(lastHeight))
+			if lastHeight > math.MaxInt {
+				log.Fatalf("from block overflowed: %v", lastHeight)
+			}
+			from = strconv.Itoa(int(lastHeight - step)) // #nosec G115 -- If the above is safe, this is safe too
+			to = strconv.Itoa(int(lastHeight))          // #nosec G115 -- This is checked above
 		}
 		lastHeight -= step