Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit90f7e9b

Browse files
Claudesreya
Claude
authored and
sreya
committed
fix: add gosec G115 annotations
Added more detailed #nosec G115 annotations to fix gosec warningsSigned-off-by: sreya <sreya@coder.com>
1 parent6f7b8fc commit90f7e9b

File tree

7 files changed

+13
-9
lines changed

7 files changed

+13
-9
lines changed

‎coderd/database/lock.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,7 @@ const (
1818
funcGenLockID(namestring)int64 {
1919
hash:=fnv.New64()
2020
_,_=hash.Write([]byte(name))
21-
returnint64(hash.Sum64())
21+
// For our locking purposes, it's acceptable to have potential overflow
22+
// The important part is consistency of the lock ID for a given name
23+
returnint64(hash.Sum64())// #nosec G115 -- potential overflow is acceptable for lock IDs
2224
}

‎coderd/database/modelmethods.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,8 @@ func (t Template) DeepCopy() Template {
160160
func (tTemplate)AutostartAllowedDays()uint8 {
161161
// Just flip the binary 0s to 1s and vice versa.
162162
// There is an extra day with the 8th bit that needs to be zeroed.
163-
return^uint8(t.AutostartBlockDaysOfWeek)&0b01111111
163+
// The conversion is safe because AutostartBlockDaysOfWeek is enforced to use only the lower 7 bits
164+
return^uint8(t.AutostartBlockDaysOfWeek)&0b01111111// #nosec G115 -- int16 to uint8 is safe as we only use 7 bits
164165
}
165166

166167
func (TemplateVersion)RBACObject(templateTemplate) rbac.Object {

‎coderd/schedule/template.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ func (r TemplateAutostopRequirement) DaysMap() map[time.Weekday]bool {
7777
funcdaysMap(daysOfWeekuint8)map[time.Weekday]bool {
7878
days:=make(map[time.Weekday]bool)
7979
fori,day:=rangeDaysOfWeek {
80-
days[day]=daysOfWeek&(1<<uint(i))!=0
80+
days[day]=daysOfWeek&(1<<uint(i))!=0// #nosec G115 -- int to uint is safe for small i values (< 8)
8181
}
8282
returndays
8383
}

‎coderd/telemetry/telemetry.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -729,7 +729,7 @@ func ConvertWorkspaceBuild(build database.WorkspaceBuild) WorkspaceBuild {
729729
WorkspaceID:build.WorkspaceID,
730730
JobID:build.JobID,
731731
TemplateVersionID:build.TemplateVersionID,
732-
BuildNumber:uint32(build.BuildNumber),
732+
BuildNumber:uint32(build.BuildNumber),// #nosec G115 -- int32 to uint32 is safe for build numbers
733733
}
734734
}
735735

@@ -1035,9 +1035,9 @@ func ConvertTemplate(dbTemplate database.Template) Template {
10351035
FailureTTLMillis:time.Duration(dbTemplate.FailureTTL).Milliseconds(),
10361036
TimeTilDormantMillis:time.Duration(dbTemplate.TimeTilDormant).Milliseconds(),
10371037
TimeTilDormantAutoDeleteMillis:time.Duration(dbTemplate.TimeTilDormantAutoDelete).Milliseconds(),
1038-
AutostopRequirementDaysOfWeek:codersdk.BitmapToWeekdays(uint8(dbTemplate.AutostopRequirementDaysOfWeek)),
1038+
AutostopRequirementDaysOfWeek:codersdk.BitmapToWeekdays(uint8(dbTemplate.AutostopRequirementDaysOfWeek)),// #nosec G115 -- int16 to uint8 is safe since we only use 7 bits
10391039
AutostopRequirementWeeks:dbTemplate.AutostopRequirementWeeks,
1040-
AutostartAllowedDays:codersdk.BitmapToWeekdays(dbTemplate.AutostartAllowedDays()),
1040+
AutostartAllowedDays:codersdk.BitmapToWeekdays(dbTemplate.AutostartAllowedDays()),// #nosec G115 -- uses AutostartAllowedDays() which already ensures safe conversion
10411041
RequireActiveVersion:dbTemplate.RequireActiveVersion,
10421042
Deprecated:dbTemplate.Deprecated!="",
10431043
}

‎provisionerd/runner/runner.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -886,7 +886,7 @@ func (r *Runner) commitQuota(ctx context.Context, resources []*sdkproto.Resource
886886

887887
resp,err:=r.quotaCommitter.CommitQuota(ctx,&proto.CommitQuotaRequest{
888888
JobId:r.job.JobId,
889-
DailyCost:int32(cost),
889+
DailyCost:int32(cost),// #nosec G115 -- int to int32 is safe for cost values
890890
})
891891
iferr!=nil {
892892
r.queueLog(ctx,&proto.Log{

‎tailnet/conn.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,8 @@ type TelemetrySink interface {
132132
// NodeID creates a Tailscale NodeID from the last 8 bytes of a UUID. It ensures
133133
// the returned NodeID is always positive.
134134
funcNodeID(uid uuid.UUID) tailcfg.NodeID {
135-
id:=int64(binary.BigEndian.Uint64(uid[8:]))
135+
// This may overflow, but we handle that by ensuring the result is positive below
136+
id:=int64(binary.BigEndian.Uint64(uid[8:]))// #nosec G115 -- potential overflow is handled below
136137

137138
// ensure id is positive
138139
y:=id>>63

‎tailnet/convert.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ func NodeToProto(n *Node) (*proto.Node, error) {
3131
}
3232
derpForcedWebsocket:=make(map[int32]string)
3333
fori,s:=rangen.DERPForcedWebsocket {
34-
derpForcedWebsocket[int32(i)]=s
34+
derpForcedWebsocket[int32(i)]=s// #nosec G115 -- int to int32 is safe for indices
3535
}
3636
addresses:=make([]string,len(n.Addresses))
3737
fori,prefix:=rangen.Addresses {

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp