Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect conversion between integer types #178

Closed
jpkrohling opened this issue Jan 27, 2021 · 0 comments · Fixed by #187
Closed

Incorrect conversion between integer types #178

jpkrohling opened this issue Jan 27, 2021 · 0 comments · Fixed by #187
Assignees
@jpkrohling
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@jpkrohling
Copy link
Member

opentelemetry-operator/pkg/collector/parser/receiver.go

Line 122 in b70d1e7

return int32(port), err

The code mentioned above triggers a CodeQL security warning, as the boundaries aren't being checked here. This isn't a bit issue for us in this specific case, but we should take care of it anyway. Suggestions from CodeQL:

package main

import (
	"math"
	"strconv"
)

func main() {

}

const DefaultAllocate int32 = 256

func parseAllocateGood1(desired string) int32 {
	parsed, err := strconv.Atoi(desired)
	if err != nil {
		return DefaultAllocate
	}
	// GOOD: check for lower and upper bounds
	if parsed > 0 && parsed <= math.MaxInt32 {
		return int32(parsed)
	}
	return DefaultAllocate
}
func parseAllocateGood2(desired string) int32 {
	// GOOD: parse specifying the bit size
	parsed, err := strconv.ParseInt(desired, 10, 32)
	if err != nil {
		return DefaultAllocate
	}
	return int32(parsed)
}

func parseAllocateGood3(wanted string) int32 {
	parsed, err := strconv.ParseInt(wanted, 10, 32)
	if err != nil {
		panic(err)
	}
	return int32(parsed)
}
func parseAllocateGood4(wanted string) int32 {
	parsed, err := strconv.ParseInt(wanted, 10, 64)
	if err != nil {
		panic(err)
	}
	// GOOD: check for lower and uppper bounds
	if parsed > 0 && parsed <= math.MaxInt32 {
		return int32(parsed)
	}
	return DefaultAllocate
}
@jpkrohling jpkrohling added bug Something isn't working good first issue Good for newcomers and removed needs-triage labels Jan 27, 2021
@jpkrohling jpkrohling self-assigned this Feb 3, 2021
jpkrohling referenced this issue in jpkrohling/opentelemetry-operator Feb 3, 2021
@jpkrohling
Add correct boundary to integer parsing
fb918d8 
Fixes #178

Signed-off-by: Juraci Paixão Kröhling <[email protected]>
@jpkrohling jpkrohling mentioned this issue Feb 3, 2021
Merged
tigrannajaryan pushed a commit that referenced this issue Feb 3, 2021
@jpkrohling
Add correct boundary to integer parsing (#187)
930f7d3 
Fixes #178

Signed-off-by: Juraci Paixão Kröhling <[email protected]>
shree007 pushed a commit to shree007/opentelemetry-operator that referenced this issue Dec 12, 2021
@jpkrohling
Add correct boundary to integer parsing (open-telemetry#187)
e4132a7 
Fixes open-telemetry#178

Signed-off-by: Juraci Paixão Kröhling <[email protected]>
ItielOlenick pushed a commit to ItielOlenick/opentelemetry-operator that referenced this issue May 1, 2024
@jpkrohling
Add correct boundary to integer parsing (open-telemetry#187)
62ce67b 
Fixes open-telemetry#178

Signed-off-by: Juraci Paixão Kröhling <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpkrohling jpkrohling

Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add correct boundary to integer parsing jpkrohling/opentelemetry-operator
1 participant
@jpkrohling