Minor SAST warnings #3419

fyfyrchik · 2024-04-24T08:04:36Z

Hello! I have run https://svace.pages.ispras.ru/svace-website/en/ against neo-go codebase and here are some of the issues found. I think most of them are OK (I ignored issues such as having empty set of oracles in the oracle post-persist)

After discussion of @roman-khimov, I decided to create it here, both seems minor.

Here prevHeader could be nil in the else branch.

Message: After having been compared to a nil value at blockchain.go:2984, pointer 'prevHeader' is dereferenced at blockchain.go:2987.

neo-go/pkg/core/blockchain.go

Line 2984 in a13dc59

if prevHeader == nil && currHeader.PrevHash.Equals(util.Uint256{}) {

Here an attacker could use NeoFS protocol scheme to cause panic in production node without neofs support

Variable len(t67.MainCfg.NeoFS.Nodes), whose possible value set allows a zero value at request.go:162 by calling function 'builtin.len', is used as a denominator at request.go:162.

neo-go/pkg/services/oracle/request.go

Line 163 in a13dc59

rc, err := neofs.Get(ctx, priv, u, o.MainCfg.NeoFS.Nodes[index])

The text was updated successfully, but these errors were encountered:

roman-khimov · 2024-04-24T08:11:00Z

prevHeader is never a nil in reality, but the code is bogus, I agree (since a6610ba).
True, but requires a very specific (mis)configuration --- oracle service enabled, but no NeoFS nodes configured.

Prevents prevHeader to be nil in the else branch. Refs #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

Prevent the risk of a division by zero error when accessing the `o.MainCfg.NeoFS.Nodes[index]` array Close #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

Prevent the risk of a division by zero error when accessing the `o.MainCfg.NeoFS.Nodes[index]` array. Close #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

prevHeader is never nil. Refs #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

Prevent the risk of a division by zero error when accessing the `o.MainCfg.NeoFS.Nodes[index]` array. Close #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

fyfyrchik added bug Something isn't working U2 Seriously planned labels Apr 24, 2024

roman-khimov added S4 Routine I4 No visible changes labels Apr 24, 2024

roman-khimov added this to the v0.106.0 milestone Apr 24, 2024

roman-khimov added the security Affects security label Apr 24, 2024

roman-khimov modified the milestones: v0.106.0, v0.107.0 May 13, 2024

AnnaShaleva modified the milestones: v0.107.0, v0.106.1 May 21, 2024

AnnaShaleva assigned AliceInHunterland May 21, 2024

AliceInHunterland added a commit that referenced this issue May 21, 2024

core: adjust prevHeader nill check

93ff918

Prevents prevHeader to be nil in the else branch. Refs #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

AliceInHunterland linked a pull request May 21, 2024 that will close this issue

Adjust minor SAST warnings #3455

Open

AliceInHunterland added a commit that referenced this issue May 21, 2024

core: adjust prevHeader nil check

dded82f

prevHeader is never nil. Refs #3419 Signed-off-by: Ekaterina Pavlova <[email protected]>

roman-khimov modified the milestones: v0.106.1, v0.106.2 Jun 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minor SAST warnings #3419

Minor SAST warnings #3419

fyfyrchik commented Apr 24, 2024 •

edited

roman-khimov commented Apr 24, 2024

Minor SAST warnings #3419

Minor SAST warnings #3419

Comments

fyfyrchik commented Apr 24, 2024 • edited

roman-khimov commented Apr 24, 2024

fyfyrchik commented Apr 24, 2024 •

edited