Security fixes, bugfixes, anti-pattern fixes and some performance fixes.

.deepsource.toml

@@ -0,0 +1,19 @@
+version = 1
+
+[[analyzers]]
+name = "java"
+enabled = true
+
+  [analyzers.meta]
+  runtime_version = "11"
+
+[[analyzers]]
+name = "shell"
+enabled = true
+
+[[analyzers]]
+name = "python"
+enabled = true
+
+  [analyzers.meta]
+  runtime_version = "3.x.x"

contrib/devtools/github-merge.py

@@ -16,7 +16,7 @@
 # name $BRANCH is overwritten with the merged result, and optionally pushed.
 from __future__ import division,print_function,unicode_literals
 import os
-from sys import stdin,stdout,stderr
+from sys import stdin,stdout,stderr,exit
 import argparse
 import hashlib
 import subprocess
@@ -85,7 +85,8 @@ def tree_sha512sum(commit='HEAD'):
     for line in subprocess.check_output([GIT, 'ls-tree', '--full-tree', '-r', commit]).splitlines():
         name_sep = line.index(b'\t')
         metadata = line[:name_sep].split() # perms, 'blob', blobid
-        assert(metadata[1] == b'blob')
+        if (metadata[1] != b'blob'):
+            raise AssertionError
         name = line[name_sep+1:]
         files.append(name)
         blob_by_name[name] = metadata[2]
@@ -102,7 +103,8 @@ def tree_sha512sum(commit='HEAD'):
         p.stdin.flush()
         # read header: blob, "blob", size
         reply = p.stdout.readline().split()
-        assert(reply[0] == blob and reply[1] == b'blob')
+        if not (reply[0] == blob and reply[1] == b'blob'):
+            raise AssertionError
         size = int(reply[2])
         # hash the blob data
         intern = hashlib.sha512()
@@ -116,7 +118,8 @@ def tree_sha512sum(commit='HEAD'):
                 raise IOError('Premature EOF reading git cat-file output')
             ptr += bs
         dig = intern.hexdigest()
-        assert(p.stdout.read(1) == b'\n') # ignore LF that follows blob data
+        if (p.stdout.read(1) != b'\n'):
+            raise AssertionError
         # update overall hash with file hash
         overall.update(dig.encode("utf-8"))
         overall.update("  ".encode("utf-8"))

contrib/devtools/security-check.py

@@ -153,7 +153,8 @@ def check_PE_HIGH_ENTROPY_VA(executable):
     if arch == 'i386:x86-64':
         reqbits = IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA
     else: # Unnecessary on 32-bit
-        assert(arch == 'i386')
+        if (arch != 'i386'):
+            raise AssertionError
         reqbits = 0
     return (bits & reqbits) == reqbits
 

contrib/devtools/symbol-check.py

@@ -53,7 +53,6 @@
 CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt')
 # Allowed NEEDED libraries
 ALLOWED_LIBRARIES = {
-# bitcoind and bitcoin-qt
 'libgcc_s.so.1', # GCC base support
 'libc.so.6', # C library
 'libpthread.so.0', # threading

contrib/linearize/linearize-hashes.py

@@ -9,7 +9,6 @@
 
 from __future__ import print_function
 import json
-import struct
 import re
 import base64
 import httplib
@@ -68,8 +67,9 @@ def get_block_hashes(settings, max_blocks_per_call=10000):
 		for x,resp_obj in enumerate(reply):
 			if rpc.response_is_error(resp_obj):
 				print('JSON-RPC: error at height', height+x, ': ', resp_obj['error'], file=sys.stderr)
-				exit(1)
-			assert(resp_obj['id'] == x) # assume replies are in-sequence
+				sys.exit(1)
+			if (resp_obj['id'] != x):
+				raise AssertionError
 			print(resp_obj['result'])
 
 		height += num_blocks

contrib/seeds/generate-seeds.py

@@ -59,13 +59,15 @@ def name_to_ipv6(addr):
                 if i == 0 or i == (len(addr)-1): # skip empty component at beginning or end
                     continue
                 x += 1 # :: skips to suffix
-                assert(x < 2)
+                if (x >= 2):
+                    raise AssertionError
             else: # two bytes per component
                 val = int(comp, 16)
                 sub[x].append(val >> 8)
                 sub[x].append(val & 0xff)
         nullbytes = 16 - len(sub[0]) - len(sub[1])
-        assert((x == 0 and nullbytes == 0) or (x == 1 and nullbytes > 0))
+        if not ((x == 0 and nullbytes == 0) or (x == 1 and nullbytes > 0)):
+            raise AssertionError
         return bytearray(sub[0] + ([0] * nullbytes) + sub[1])
     elif addr.startswith('0x'): # IPv4-in-little-endian
         return pchIPv4 + bytearray(reversed(a2b_hex(addr[2:])))
@@ -114,7 +116,7 @@ def process_nodes(g, f, structname, defaultport):
 def main():
     if len(sys.argv)<2:
         print(('Usage: %s <path_to_nodes_txt>' % sys.argv[0]), file=sys.stderr)
-        exit(1)
+        sys.exit(1)
     g = sys.stdout
     indir = sys.argv[1]
     g.write('#ifndef BITCOIN_CHAINPARAMSSEEDS_H\n')

contrib/spendfrom/spendfrom.py

@@ -15,7 +15,6 @@
 
 from decimal import *
 import getpass
-import math
 import os
 import os.path
 import platform
@@ -253,7 +252,7 @@ def main():
     else:
         fee = Decimal(options.fee)
         amount = Decimal(options.amount)
-        while unlock_wallet(unigridd) == False:
+        while unlock_wallet(unigridd) is False:
             pass # Keep asking for passphrase until they get it right
         txdata = create_tx(unigridd, options.fromaddresses.split(","), options.to, amount, fee)
         sanity_test_fee(unigridd, txdata, amount*Decimal("0.01"))

contrib/testgen/base58.py

@@ -96,9 +96,12 @@ def get_bcaddress_version(strAddress):
 
 if __name__ == '__main__':
     # Test case (from http://gitorious.org/bitcoin/python-base58.git)
-    assert get_bcaddress_version('15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC') is 0
+    if get_bcaddress_version('15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC') is not 0:
+        raise AssertionError
     _ohai = 'o hai'.encode('ascii')
     _tmp = b58encode(_ohai)
-    assert _tmp == 'DYB3oMS'
-    assert b58decode(_tmp, 5) == _ohai
+    if _tmp != 'DYB3oMS':
+        raise AssertionError
+    if b58decode(_tmp, 5) != _ohai:
+        raise AssertionError
     print("Tests passed")

contrib/testgen/gen_base58_test_vectors.py

@@ -10,7 +10,7 @@
 # Released under MIT License
 import os
 from itertools import islice
-from base58 import b58encode, b58decode, b58encode_chk, b58decode_chk, b58chars
+from base58 import b58encode_chk, b58decode_chk, b58chars
 import random
 from binascii import b2a_hex
 
@@ -59,7 +59,8 @@ def gen_valid_vectors():
             payload = os.urandom(template[1]) 
             suffix = str(bytearray(template[2]))
             rv = b58encode_chk(prefix + payload + suffix)
-            assert is_valid(rv)
+            if not is_valid(rv):
+                raise AssertionError
             metadata = dict([(x,y) for (x,y) in zip(metadata_keys,template[3]) if y is not None])
             yield (rv, b2a_hex(payload), metadata)
 

contrib/zmq/zmq_sub.py

@@ -1,6 +1,5 @@
 #!/usr/bin/env python
 
-import array
 import binascii
 import zmq
 import struct

daemon/test/bctest.py

@@ -3,7 +3,6 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 import subprocess
-import os
 import json
 import sys