Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commiteded0ed

Browse files
authored
chore: fix false positives in CodeQL (#17138)
Clears up some false positives being surfaced by CodeQL
1 parente1f27a7 commiteded0ed

File tree

3 files changed

+6
-10
lines changed

3 files changed

+6
-10
lines changed

‎agent/agentcontainers/containers_dockercli.go

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -491,21 +491,15 @@ func convertDockerInspect(raw []byte) ([]codersdk.WorkspaceAgentContainer, []str
491491
//"8080" -> 8080, "tcp"
492492
funcconvertDockerPort(instring) (uint16,string,error) {
493493
parts:=strings.Split(in,"/")
494+
p,err:=strconv.ParseUint(parts[0],10,16)
495+
iferr!=nil {
496+
return0,"",xerrors.Errorf("invalid port format: %s",in)
497+
}
494498
switchlen(parts) {
495499
case1:
496500
// assume it's a TCP port
497-
p,err:=strconv.Atoi(parts[0])
498-
iferr!=nil {
499-
return0,"",xerrors.Errorf("invalid port format: %s",in)
500-
}
501-
// #nosec G115 - Safe conversion since Docker TCP ports are limited to uint16 range
502501
returnuint16(p),"tcp",nil
503502
case2:
504-
p,err:=strconv.Atoi(parts[0])
505-
iferr!=nil {
506-
return0,"",xerrors.Errorf("invalid port format: %s",in)
507-
}
508-
// #nosec G115 - Safe conversion since Docker ports are limited to uint16 range
509503
returnuint16(p),parts[1],nil
510504
default:
511505
return0,"",xerrors.Errorf("invalid port format: %s",in)

‎agent/ls.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,7 @@ func listFiles(query LSRequest) (LSResponse, error) {
7676
returnLSResponse{},xerrors.Errorf("failed to get absolute path of %q: %w",fullPathRelative,err)
7777
}
7878

79+
// codeql[go/path-injection] - The intent is to allow the user to navigate to any directory in their workspace.
7980
f,err:=os.Open(absolutePathString)
8081
iferr!=nil {
8182
returnLSResponse{},xerrors.Errorf("failed to open directory %q: %w",absolutePathString,err)

‎coderd/userauth.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1100,6 +1100,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
11001100
// We use AuthCodeURL from the OAuth2Config field instead of the one on
11011101
// GithubOAuth2Config because when device flow is configured, AuthCodeURL
11021102
// is overridden and returns a value that doesn't pass the URL check.
1103+
// codeql[go/constant-oauth2-state] -- We are solely using the AuthCodeURL from the OAuth2Config field in order to validate the hostname of the external auth provider.
11031104
ifexternalauth.IsGithubDotComURL(api.GithubOAuth2Config.OAuth2Config.AuthCodeURL(""))&&user.GithubComUserID.Int64!=ghUser.GetID() {
11041105
err=api.Database.UpdateUserGithubComUserID(ctx, database.UpdateUserGithubComUserIDParams{
11051106
ID:user.ID,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp