fix codeql alerts (#9647)

Co-authored-by: Stephen Groat <[email protected]>
DataDog · Nov 12, 2021 · 6a0f6a6 · 6a0f6a6
1 parent 99089bc
commit 6a0f6a6
Show file tree

Hide file tree

Showing 15 changed files with 27 additions and 24 deletions.
diff --git a/cmd/agent/gui/checks.go b/cmd/agent/gui/checks.go
@@ -76,7 +76,6 @@ func runCheck(w http.ResponseWriter, r *http.Request) {
 		common.Coll.RunCheck(ch) //nolint:errcheck
 	}
 	log.Infof("Scheduled new check: " + name)
-	w.Write([]byte("Scheduled new check:" + name))
 }
 
 // Runs a specified check once

diff --git a/cmd/agent/gui/views/private/js/codemirror.js b/cmd/agent/gui/views/private/js/codemirror.js
@@ -1645,7 +1645,7 @@ function extractLineClasses(type, output) {
     var prop = lineClass[1] ? "bgClass" : "textClass"
     if (output[prop] == null)
       { output[prop] = lineClass[2] }
-    else if (!(new RegExp("(?:^|\s)" + lineClass[2] + "(?:$|\s)")).test(output[prop]))
+    else if (!(new RegExp("(?:^|\\s)" + lineClass[2] + "(?:$|\\s)")).test(output[prop]))
       { output[prop] += " " + lineClass[2] }
   } }
   return type
@@ -9619,4 +9619,4 @@ CodeMirror.version = "5.30.0"
 
 return CodeMirror;
 
-})));
+})));
diff --git a/cmd/system-probe/api/restart.go b/cmd/system-probe/api/restart.go
@@ -1,7 +1,6 @@
 package api
 
 import (
-	"fmt"
 	"net/http"
 
 	"github.com/DataDog/datadog-agent/cmd/system-probe/api/module"
@@ -27,7 +26,7 @@ func restartModuleHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if target.Name != moduleName {
-		http.Error(w, fmt.Sprintf("invalid module: %s", moduleName), http.StatusBadRequest)
+		http.Error(w, "invalid module", http.StatusBadRequest)
 		return
 	}
 

diff --git a/pkg/collector/corechecks/snmp/report/report_device_metadata.go b/pkg/collector/corechecks/snmp/report/report_device_metadata.go
@@ -83,7 +83,7 @@ func buildNetworkInterfacesMetadata(deviceID string, store *valuestore.ResultVal
 
 	var interfaces []metadata.InterfaceMetadata
 	for _, strIndex := range indexes {
-		index, err := strconv.Atoi(strIndex)
+		index, err := strconv.ParseInt(strIndex, 10, 32)
 		if err != nil {
 			log.Warnf("interface metadata: invalid index: %s", index)
 			continue

diff --git a/pkg/dogstatsd/parse_events.go b/pkg/dogstatsd/parse_events.go
@@ -3,7 +3,6 @@ package dogstatsd
 import (
 	"bytes"
 	"fmt"
-
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
 
@@ -85,7 +84,9 @@ func parseHeader(rawHeader []byte) (eventHeader, error) {
 
 	// Convert title length to workable type and do a basic validity check on value
 	titleLength, err := parseInt64(rawTitleLength)
-	if err != nil || titleLength < 0 {
+	// Before Go 1.17, we can use the following trick to define MaxInt
+	const MaxInt = ^uint(0) >> 1
+	if err != nil || titleLength < 0 || titleLength > int64(MaxInt) {
 		return eventHeader{}, fmt.Errorf("invalid event header: %q", rawHeader)
 	}
 
@@ -96,7 +97,7 @@ func parseHeader(rawHeader []byte) (eventHeader, error) {
 
 	// Convert text length to workable type and do a basic validity check on value
 	textLength, err := parseInt64(rawTextLength)
-	if err != nil || textLength < 0 {
+	if err != nil || textLength < 0 || textLength > int64(MaxInt) {
 		return eventHeader{}, fmt.Errorf("invalid event header: %q", rawHeader)
 	}
 

diff --git a/pkg/network/ephemeral_linux.go b/pkg/network/ephemeral_linux.go
@@ -1,6 +1,7 @@
 package network
 
 import (
+	"math"
 	"sync"
 	"time"
 
@@ -28,8 +29,12 @@ func IsPortInEphemeralRange(p uint16) EphemeralPortType {
 
 	low, hi, err := ephemeralIntPair.Get()
 	if err == nil {
-		ephemeralLow = uint16(low)
-		ephemeralHigh = uint16(hi)
+		if low > 0 && low <= math.MaxUint16 {
+			ephemeralLow = uint16(low)
+		}
+		if hi > 0 && hi <= math.MaxUint16 {
+			ephemeralHigh = uint16(hi)
+		}
 	}
 	if err != nil || ephemeralLow == 0 || ephemeralHigh == 0 {
 		return EphemeralUnknown

diff --git a/pkg/network/proc_net.go b/pkg/network/proc_net.go
@@ -73,14 +73,13 @@ func readProcNetWithStatus(path string, status int64) ([]uint16, error) {
 				continue
 			}
 
-			port, err := strconv.ParseInt(string(rawLocal[idx+1:]), 16, 0)
+			port, err := strconv.ParseUint(string(rawLocal[idx+1:]), 16, 16)
 			if err != nil {
 				log.Errorf("error parsing port [%s] as hex: %s", rawLocal[idx+1:], err)
 				continue
 			}
 
 			ports = append(ports, uint16(port))
-
 		}
 	}
 

diff --git a/pkg/process/dockerproxy/filter.go b/pkg/process/dockerproxy/filter.go
@@ -143,7 +143,7 @@ func extractProxyTarget(p *process.FilledProcess) *proxy {
 		case "-container-ip":
 			proxy.target.Ip = cmd[i+1]
 		case "-container-port":
-			port, err := strconv.Atoi(cmd[i+1])
+			port, err := strconv.ParseInt(cmd[i+1], 10, 32)
 			if err != nil {
 				return nil
 			}

diff --git a/pkg/snmp/traps/testing.go b/pkg/snmp/traps/testing.go
@@ -40,7 +40,7 @@ func parsePort(t *testing.T, addr string) uint16 {
 	_, portString, err := net.SplitHostPort(addr)
 	require.NoError(t, err)
 
-	port, err := strconv.Atoi(portString)
+	port, err := strconv.ParseUint(portString, 10, 16)
 	require.NoError(t, err)
 
 	return uint16(port)

diff --git a/pkg/trace/filters/replacer.go b/pkg/trace/filters/replacer.go
@@ -61,7 +61,7 @@ func (f Replacer) ReplaceStatsGroup(b *pb.ClientGroupedStats) {
 			fallthrough
 		case "http.status_code":
 			strcode := re.ReplaceAllString(strconv.Itoa(int(b.HTTPStatusCode)), str)
-			if code, err := strconv.Atoi(strcode); err == nil {
+			if code, err := strconv.ParseUint(strcode, 10, 32); err == nil {
 				b.HTTPStatusCode = uint32(code)
 			}
 		}

diff --git a/pkg/trace/stats/aggregation.go b/pkg/trace/stats/aggregation.go
@@ -44,7 +44,7 @@ func getStatusCode(s *pb.Span) uint32 {
 	if strC == "" {
 		return 0
 	}
-	c, err := strconv.Atoi(strC)
+	c, err := strconv.ParseUint(strC, 10, 32)
 	if err != nil {
 		log.Debugf("Invalid status code %s. Using 0.", strC)
 		return 0

diff --git a/pkg/util/cgroups/cgroupv1_pids.go b/pkg/util/cgroups/cgroupv1_pids.go
@@ -21,13 +21,13 @@ func (c *cgroupV1) GetPIDStats(stats *PIDStats) error {
 
 	stats.PIDs = nil
 	if err := parseFile(c.fr, c.pathFor("pids", "cgroup.procs"), func(s string) error {
-		pid, err := strconv.ParseInt(s, 10, 64)
+		pid, err := strconv.Atoi(s)
 		if err != nil {
 			reportError(newValueError(s, err))
 			return nil
 		}
 
-		stats.PIDs = append(stats.PIDs, int(pid))
+		stats.PIDs = append(stats.PIDs, pid)
 
 		return nil
 	}); err != nil {

diff --git a/pkg/util/cgroups/cgroupv2_pids.go b/pkg/util/cgroups/cgroupv2_pids.go
@@ -21,13 +21,13 @@ func (c *cgroupV2) GetPIDStats(stats *PIDStats) error {
 
 	stats.PIDs = nil
 	if err := parseFile(c.fr, c.pathFor("cgroup.procs"), func(s string) error {
-		pid, err := strconv.ParseInt(s, 10, 64)
+		pid, err := strconv.Atoi(s)
 		if err != nil {
 			reportError(newValueError(s, err))
 			return nil
 		}
 
-		stats.PIDs = append(stats.PIDs, int(pid))
+		stats.PIDs = append(stats.PIDs, pid)
 
 		return nil
 	}); err != nil {

diff --git a/rtloader/common/builtins/_util.c b/rtloader/common/builtins/_util.c
@@ -109,8 +109,8 @@ PyObject *subprocess_output(PyObject *self, PyObject *args, PyObject *kw)
     int i;
     int raise = 0;
     int ret_code = 0;
-    int subprocess_args_sz;
-    int subprocess_env_sz;
+    int subprocess_args_sz = 0;
+    int subprocess_env_sz = 0;
     char **subprocess_args = NULL;
     char **subprocess_env = NULL;
     char *c_stdout = NULL;

diff --git a/tasks/release.py b/tasks/release.py
@@ -1047,7 +1047,7 @@ def finish(ctx, major_versions="6,7"):
 
     for major_version in list_major_versions:
         new_version = next_final_version(ctx, major_version)
-        update_release_json(github_token, new_version)
+        update_release_json(ctx, github_token, new_version)
 
     # Update internal module dependencies
     update_modules(ctx, str(new_version))