smaller PR #659
smaller PR #659
Conversation
| # Additional recommended linters | ||
| - gosec # Security checker | ||
| - misspell # Find commonly misspelled words | ||
| - bodyclose # Check HTTP response bodies are closed |
There was a problem hiding this comment.
This one seems a bit out of place. We don't handle HTTP requests here. Let's remove it.
There was a problem hiding this comment.
eh, let's keep it in case we ever do. Its there to prevent mistakes sir. Now we know we pass that linter. There are many more to pass.
There was a problem hiding this comment.
Sir, this is glue code between a blockchain sdk and a VM. It will never do any HTTP requests.
There was a problem hiding this comment.
Pass the linter anyhow. The idea is to have e'm all (well realistically the right ones) working right. So I can remove it, but there's no reason to it eats like .1s or something and provides a layer of protection in the future.
There was a problem hiding this comment.
Please remove. If I accept useless changes like this, the repo will bloat in no time.
| if filepath.IsAbs(cleanPath) || strings.Contains(cleanPath, "..") { | ||
| fmt.Println("Error: invalid file path") | ||
| exitCode = 1 | ||
| return | ||
| } |
There was a problem hiding this comment.
Why go out of our way to reject absolute paths and paths in the parent directory?
There was a problem hiding this comment.
slavishly satisfying the linter's high standards
There was a problem hiding this comment.
Why is this a "high standard"? Are there possible problems with accepting absolute paths or paths inside the parent directory? Otherwise, this is needlessly restrictive.
Which linter causes this? Are there any explanations for this lint?
There was a problem hiding this comment.
I think it's gosec. And the reasoning is validating file paths a bit insanely. They have a numbered system. I'll dig it up.
There was a problem hiding this comment.
yeah, it's a security thing, suggest we keep it. It's basically keeping us vigilant here, I think that's okay
There was a problem hiding this comment.
Please remove and mark as nolint. A lint like this makes sense in a webserver environment where you want people to only access relative paths inside a directory. This is a cli application where the path is supplied by the person who executes it.
| for i, m := range response.SubMessages() { | ||
| messages := response.SubMessages() | ||
| for i := 0; i < len(messages); i++ { |
There was a problem hiding this comment.
Why this change? VS Code even marks this as an issue for me and recommends to use range.
There was a problem hiding this comment.
it's because the repo bounced between using versions of Go. Feel free to change it back or what have you. We should always use the latest release of Go, and that's currently 1.24.
When we DO NOT always use the latest release of Go, validators and chain teams compile with all kinds of different freaky go's and then the chain has a bad time due to changes in the go runtime.
so, ALWAYS use the latest GO
by FORCING best practices on downstream, we will improve code quality in actual operational settings significantly.
Validators and the like are free to be dumb by using any old version of Go.
We, as maintainers, aren't, and we should look out for the end users, who in this case are mainly validators.
There was a problem hiding this comment.
I get your point about forcing best practices on downstream and I think there is some truth to it. I think it's about striking a balance between forcing best practices and keeping some wiggle room for users in case the best practice doesn't work for them or doesn't make sense in their case.
We've had problems with this on the Rust side before, where a Rust update enables some new wasm proposal, making all contracts compiled with that version fail to upload (because the VM doesn't fully support the proposal yet). If the Rust libraries followed your rule, that would be hell for contract devs.
On the topic of latest Go:
- The Cosmos SDK also doesn't enforce this, so I don't see why we should do that. The way you describe it, the problem is a general one in the Cosmos ecosystem, so a solution should not only work for CosmWasm chains.
- The docs of the
godirective specifically say that it's supposed to be the "minimum version of Go required to compile packages in this module". That doesn't sound to me like the intention is to force downstream to use latest Go.
Do you have any examples of chains that had "a bad time due to changes in the go runtime"? The way you describe it as "freaky go's" sounds a bit manipulative to me. I'm sure you didn't mean it like that. Having some examples of that would make for a stronger case. Especially, since minor Go updates are supposed to be non-breaking.
There was a problem hiding this comment.
Yeah, so there are countless examples of chains that had a bad time due to MIXED go runtimes, and ZERO examples of chains that had a bad time due to HAVING EXACTLY THE SAME RUNTIME.
So imo, that's the trick but there's a big added benefit:
- by using the latest language runtime, we get all of the latest language features and fixes
...also they're not really being forced to do anything - anyone can compile whatever crazy config they want anyhow.
There was a problem hiding this comment.
Does your vscode still flag this?
There was a problem hiding this comment.
Yes.
for loop can be modernized using range over int modernize(rangeint)
It recommends:
for i := range messages {And in fact, I would say this would be even nicer to get rid of the messages[i]:
for i, m := range messages {
Co-authored-by: Christoph Otter <chipshort@tutanota.com>
| tmpdir := t.TempDir() | ||
| tmpdir, err := os.MkdirTemp("", "wasmvm-testing") | ||
| require.NoError(t, err) | ||
| defer func() { | ||
| if err := os.RemoveAll(tmpdir); err != nil { | ||
| t.Errorf("failed to remove temp dir: %v", err) | ||
| } | ||
| }() |
There was a problem hiding this comment.
There are still lots of t.TempDir() removals here. Please undo
There was a problem hiding this comment.
it's fair. I need to figure out why it does this though, and keep it ifxed.
| # Additional recommended linters | ||
| - gosec # Security checker | ||
| - misspell # Find commonly misspelled words | ||
| - bodyclose # Check HTTP response bodies are closed |
There was a problem hiding this comment.
Please remove. If I accept useless changes like this, the repo will bloat in no time.
| if filepath.IsAbs(cleanPath) || strings.Contains(cleanPath, "..") { | ||
| fmt.Println("Error: invalid file path") | ||
| exitCode = 1 | ||
| return | ||
| } |
There was a problem hiding this comment.
Please remove and mark as nolint. A lint like this makes sense in a webserver environment where you want people to only access relative paths inside a directory. This is a cli application where the path is supplied by the person who executes it.
| for i, m := range response.SubMessages() { | ||
| messages := response.SubMessages() | ||
| for i := 0; i < len(messages); i++ { |
There was a problem hiding this comment.
Yes.
for loop can be modernized using range over int modernize(rangeint)
It recommends:
for i := range messages {And in fact, I would say this would be even nicer to get rid of the messages[i]:
for i, m := range messages {
|
@chipshort - gosec is literally the golang security linter and I do not think it is any sort of a good idea to remove it. It checks for common security issues, and removing it kinda defeats the purpose of this exercise sir. |
I didn't mean to remove the whole linter. Only the change I commented on and mark it as nolint. |
|
|
That's in reference to the line I am commenting on, namely the bodyclose linter, not gosec. |
NOTE: this is not the juicy PR, it just gets us moving.
Please, review this, it is easy. Then I can get to work on revive and gocritic and good lord, #654