From be2262eb22008df922cd518f35e5b85feaadd0fd Mon Sep 17 00:00:00 2001
From: Michael Schurter <mschurter@hashicorp.com>
Date: Tue, 12 Jul 2022 15:44:24 -0700
Subject: [PATCH] Add semgrep rule to catch non-determinism in FSM (#13725)

See `message:` in rule for details.

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
---
 .semgrep/fsm_time.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .semgrep/fsm_time.yml

diff --git a/.semgrep/fsm_time.yml b/.semgrep/fsm_time.yml
new file mode 100644
index 00000000000..7e520f5b6f4
--- /dev/null
+++ b/.semgrep/fsm_time.yml
@@ -0,0 +1,26 @@
+rules:
+  - id: "no-time-in-fsm"
+    patterns:
+      - pattern: time.Now()
+
+      # Metric state is local to the server and therefore must use time.
+      - pattern-not-inside: |
+          defer metrics.MeasureSince(...)
+
+      # The timetable's whole point is to roughly track timestamps for Raft log
+      # indexes, so it must use time.
+      - pattern-not-inside: |
+          $N.timetable.Witness(...)
+    message: |
+      time.Now() should not be called from within the Server's FSM. Apply Raft
+      log messages to the State Store must be deterministic so that each server
+      contains exactly the same state. Since time drifts between nodes, it must
+      be set before the Raft log message is applied so that all Raft members
+      see the same timestamp.
+    languages:
+      - "go"
+    severity: "WARNING"
+    paths:
+      include:
+        - "nomad/fsm.*"
+        - "nomad/state/state_store.*"