Skip to content

Remove gosec from test linting #4471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maru-ava merged 3 commits into from
Nov 6, 2025
Merged

Remove gosec from test linting #4471

maru-ava merged 3 commits into from
Nov 6, 2025

Conversation

@alarso16
Copy link
Contributor

@alarso16 alarso16 commented Nov 6, 2025

Why this should be merged

The linter is intended to catch mistakes, but (almost) all of the nolint clauses for gosec in testing were for random number generation. These are intentional, so it's feels unreasonable to lint in the first place.

How this works

Removed linter, and did a global search for #nosec and removed all in testing files.

How this was tested

CI

Need to be documented in RELEASES.md?

No

Copilot AI review requested due to automatic review settings November 6, 2025 14:59
Copilot AI reviewed Nov 6, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes the gosec linter from test files and eliminates all #nosec comments that were used to suppress security warnings for intentional random number generation in tests.

Key Changes:

  • Added gosec to the list of excluded linters for test files in .golangci.yml
  • Removed #nosec G404 and #nosec G204 comments from test files across the codebase
  • Removed //nolint:gosec comment from one test file

Reviewed Changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.golangci.yml Added gosec to the excluded linters list for test files
x/sync/workheap_test.go Removed #nosec comment from random number generation
x/sync/sync_test.go Removed #nosec comment from random number generation
x/merkledb/view_test.go Removed #nosec comment from random number generation
x/merkledb/view_iterator_test.go Removed #nosec comment from random number generation
x/merkledb/trie_test.go Removed #nosec comment from random number generation
x/merkledb/sync_test.go Removed multiple #nosec comments from random operations
x/merkledb/proof_test.go Removed multiple #nosec comments from random operations
x/merkledb/network_server_test.go Removed #nosec comments from random number generation
x/merkledb/history_test.go Removed #nosec comment from random number generation
x/merkledb/helpers_test.go Removed #nosec comments from random operations
x/merkledb/hashing_test.go Removed multiple #nosec comments from random operations
x/merkledb/db_test.go Removed multiple #nosec comments from random operations
x/merkledb/codec_test.go Removed #nosec comments from random operations
wallet/chain/p/builder/builder_test.go Removed #nosec comments from random number generation
vms/proposervm/proposer/windower_test.go Removed #nosec comments from random number generation
vms/platformvm/state/state_test.go Removed nolint:gosec comment
vms/platformvm/state/l1_validator_test.go Removed multiple #nosec comments from random operations
utils/formatting/encoding_benchmark_test.go Removed #nosec comment from random operation
utils/bag/bag_benchmark_test.go Removed #nosec comments from random operations
tests/fixture/tmpnet/process_runtime.go Removed #nosec G204 comment from command execution
snow/networking/sender/sender_test.go Removed #nosec comment from random operation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@alarso16 alarso16 self-assigned this Nov 6, 2025
@joshua-kim joshua-kim changed the title style: remove gosec for testing Remove gosec from test linting Nov 6, 2025
maru-ava
maru-ava approved these changes Nov 6, 2025
View reviewed changes
Copy link
Contributor

@maru-ava maru-ava left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice cleanup!

@maru-ava maru-ava enabled auto-merge November 6, 2025 15:10
@maru-ava maru-ava added this pull request to the merge queue Nov 6, 2025
Merged via the queue into master with commit 2907593 Nov 6, 2025
35 checks passed
@maru-ava maru-ava deleted the alarso16/gosec-test branch November 6, 2025 15:42
@github-project-automation github-project-automation bot moved this to Done 🎉 in avalanchego Nov 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@joshua-kim joshua-kim joshua-kim approved these changes

@StephenButtolph StephenButtolph StephenButtolph approved these changes

@maru-ava maru-ava maru-ava approved these changes

@rrazvan1 rrazvan1 Awaiting requested review from rrazvan1 rrazvan1 is a code owner

Assignees

@alarso16 alarso16

Labels

None yet

Projects

avalanchego
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@alarso16 @joshua-kim @StephenButtolph @maru-ava