From 6a0f6a6b9718d8b5c4ef2e61225df27568ce46d2 Mon Sep 17 00:00:00 2001 From: ganeshkumarsv <53483484+ganeshkumarsv@users.noreply.github.com> Date: Fri, 12 Nov 2021 10:38:10 -0500 Subject: [PATCH] fix codeql alerts (#9647) Co-authored-by: Stephen Groat --- cmd/agent/gui/checks.go | 1 - cmd/agent/gui/views/private/js/codemirror.js | 4 ++-- cmd/system-probe/api/restart.go | 3 +-- .../corechecks/snmp/report/report_device_metadata.go | 2 +- pkg/dogstatsd/parse_events.go | 7 ++++--- pkg/network/ephemeral_linux.go | 9 +++++++-- pkg/network/proc_net.go | 3 +-- pkg/process/dockerproxy/filter.go | 2 +- pkg/snmp/traps/testing.go | 2 +- pkg/trace/filters/replacer.go | 2 +- pkg/trace/stats/aggregation.go | 2 +- pkg/util/cgroups/cgroupv1_pids.go | 4 ++-- pkg/util/cgroups/cgroupv2_pids.go | 4 ++-- rtloader/common/builtins/_util.c | 4 ++-- tasks/release.py | 2 +- 15 files changed, 27 insertions(+), 24 deletions(-) diff --git a/cmd/agent/gui/checks.go b/cmd/agent/gui/checks.go index b7b4caf339a45f..8f94fbefefdcd0 100644 --- a/cmd/agent/gui/checks.go +++ b/cmd/agent/gui/checks.go @@ -76,7 +76,6 @@ func runCheck(w http.ResponseWriter, r *http.Request) { common.Coll.RunCheck(ch) //nolint:errcheck } log.Infof("Scheduled new check: " + name) - w.Write([]byte("Scheduled new check:" + name)) } // Runs a specified check once diff --git a/cmd/agent/gui/views/private/js/codemirror.js b/cmd/agent/gui/views/private/js/codemirror.js index 2f90d18df36175..6e5a034789d723 100644 --- a/cmd/agent/gui/views/private/js/codemirror.js +++ b/cmd/agent/gui/views/private/js/codemirror.js @@ -1645,7 +1645,7 @@ function extractLineClasses(type, output) { var prop = lineClass[1] ? "bgClass" : "textClass" if (output[prop] == null) { output[prop] = lineClass[2] } - else if (!(new RegExp("(?:^|\s)" + lineClass[2] + "(?:$|\s)")).test(output[prop])) + else if (!(new RegExp("(?:^|\\s)" + lineClass[2] + "(?:$|\\s)")).test(output[prop])) { output[prop] += " " + lineClass[2] } } } return type @@ -9619,4 +9619,4 @@ CodeMirror.version = "5.30.0" return CodeMirror; -}))); \ No newline at end of file +}))); diff --git a/cmd/system-probe/api/restart.go b/cmd/system-probe/api/restart.go index acaf4e067df076..b4d353aa13521b 100644 --- a/cmd/system-probe/api/restart.go +++ b/cmd/system-probe/api/restart.go @@ -1,7 +1,6 @@ package api import ( - "fmt" "net/http" "github.com/DataDog/datadog-agent/cmd/system-probe/api/module" @@ -27,7 +26,7 @@ func restartModuleHandler(w http.ResponseWriter, r *http.Request) { } if target.Name != moduleName { - http.Error(w, fmt.Sprintf("invalid module: %s", moduleName), http.StatusBadRequest) + http.Error(w, "invalid module", http.StatusBadRequest) return } diff --git a/pkg/collector/corechecks/snmp/report/report_device_metadata.go b/pkg/collector/corechecks/snmp/report/report_device_metadata.go index a3c3b1f07ba0cf..d92893ebe666e8 100644 --- a/pkg/collector/corechecks/snmp/report/report_device_metadata.go +++ b/pkg/collector/corechecks/snmp/report/report_device_metadata.go @@ -83,7 +83,7 @@ func buildNetworkInterfacesMetadata(deviceID string, store *valuestore.ResultVal var interfaces []metadata.InterfaceMetadata for _, strIndex := range indexes { - index, err := strconv.Atoi(strIndex) + index, err := strconv.ParseInt(strIndex, 10, 32) if err != nil { log.Warnf("interface metadata: invalid index: %s", index) continue diff --git a/pkg/dogstatsd/parse_events.go b/pkg/dogstatsd/parse_events.go index 9d69f0a1b119b3..e277b8ba96288f 100644 --- a/pkg/dogstatsd/parse_events.go +++ b/pkg/dogstatsd/parse_events.go @@ -3,7 +3,6 @@ package dogstatsd import ( "bytes" "fmt" - "github.com/DataDog/datadog-agent/pkg/util/log" ) @@ -85,7 +84,9 @@ func parseHeader(rawHeader []byte) (eventHeader, error) { // Convert title length to workable type and do a basic validity check on value titleLength, err := parseInt64(rawTitleLength) - if err != nil || titleLength < 0 { + // Before Go 1.17, we can use the following trick to define MaxInt + const MaxInt = ^uint(0) >> 1 + if err != nil || titleLength < 0 || titleLength > int64(MaxInt) { return eventHeader{}, fmt.Errorf("invalid event header: %q", rawHeader) } @@ -96,7 +97,7 @@ func parseHeader(rawHeader []byte) (eventHeader, error) { // Convert text length to workable type and do a basic validity check on value textLength, err := parseInt64(rawTextLength) - if err != nil || textLength < 0 { + if err != nil || textLength < 0 || textLength > int64(MaxInt) { return eventHeader{}, fmt.Errorf("invalid event header: %q", rawHeader) } diff --git a/pkg/network/ephemeral_linux.go b/pkg/network/ephemeral_linux.go index 950bea3542606e..337562a284fc09 100644 --- a/pkg/network/ephemeral_linux.go +++ b/pkg/network/ephemeral_linux.go @@ -1,6 +1,7 @@ package network import ( + "math" "sync" "time" @@ -28,8 +29,12 @@ func IsPortInEphemeralRange(p uint16) EphemeralPortType { low, hi, err := ephemeralIntPair.Get() if err == nil { - ephemeralLow = uint16(low) - ephemeralHigh = uint16(hi) + if low > 0 && low <= math.MaxUint16 { + ephemeralLow = uint16(low) + } + if hi > 0 && hi <= math.MaxUint16 { + ephemeralHigh = uint16(hi) + } } if err != nil || ephemeralLow == 0 || ephemeralHigh == 0 { return EphemeralUnknown diff --git a/pkg/network/proc_net.go b/pkg/network/proc_net.go index aa120a529d35b1..977bbeb7d127d9 100644 --- a/pkg/network/proc_net.go +++ b/pkg/network/proc_net.go @@ -73,14 +73,13 @@ func readProcNetWithStatus(path string, status int64) ([]uint16, error) { continue } - port, err := strconv.ParseInt(string(rawLocal[idx+1:]), 16, 0) + port, err := strconv.ParseUint(string(rawLocal[idx+1:]), 16, 16) if err != nil { log.Errorf("error parsing port [%s] as hex: %s", rawLocal[idx+1:], err) continue } ports = append(ports, uint16(port)) - } } diff --git a/pkg/process/dockerproxy/filter.go b/pkg/process/dockerproxy/filter.go index f8172602e183c9..5551f7abf36710 100644 --- a/pkg/process/dockerproxy/filter.go +++ b/pkg/process/dockerproxy/filter.go @@ -143,7 +143,7 @@ func extractProxyTarget(p *process.FilledProcess) *proxy { case "-container-ip": proxy.target.Ip = cmd[i+1] case "-container-port": - port, err := strconv.Atoi(cmd[i+1]) + port, err := strconv.ParseInt(cmd[i+1], 10, 32) if err != nil { return nil } diff --git a/pkg/snmp/traps/testing.go b/pkg/snmp/traps/testing.go index 8f2c11cf5b8098..6d58de2f22c027 100644 --- a/pkg/snmp/traps/testing.go +++ b/pkg/snmp/traps/testing.go @@ -40,7 +40,7 @@ func parsePort(t *testing.T, addr string) uint16 { _, portString, err := net.SplitHostPort(addr) require.NoError(t, err) - port, err := strconv.Atoi(portString) + port, err := strconv.ParseUint(portString, 10, 16) require.NoError(t, err) return uint16(port) diff --git a/pkg/trace/filters/replacer.go b/pkg/trace/filters/replacer.go index d86f006531b02d..98b8c6d1ff061e 100644 --- a/pkg/trace/filters/replacer.go +++ b/pkg/trace/filters/replacer.go @@ -61,7 +61,7 @@ func (f Replacer) ReplaceStatsGroup(b *pb.ClientGroupedStats) { fallthrough case "http.status_code": strcode := re.ReplaceAllString(strconv.Itoa(int(b.HTTPStatusCode)), str) - if code, err := strconv.Atoi(strcode); err == nil { + if code, err := strconv.ParseUint(strcode, 10, 32); err == nil { b.HTTPStatusCode = uint32(code) } } diff --git a/pkg/trace/stats/aggregation.go b/pkg/trace/stats/aggregation.go index 4ed3a85ec2db3a..13ef79a8b73c7a 100644 --- a/pkg/trace/stats/aggregation.go +++ b/pkg/trace/stats/aggregation.go @@ -44,7 +44,7 @@ func getStatusCode(s *pb.Span) uint32 { if strC == "" { return 0 } - c, err := strconv.Atoi(strC) + c, err := strconv.ParseUint(strC, 10, 32) if err != nil { log.Debugf("Invalid status code %s. Using 0.", strC) return 0 diff --git a/pkg/util/cgroups/cgroupv1_pids.go b/pkg/util/cgroups/cgroupv1_pids.go index 4bf75d28f650d4..a07def68508857 100644 --- a/pkg/util/cgroups/cgroupv1_pids.go +++ b/pkg/util/cgroups/cgroupv1_pids.go @@ -21,13 +21,13 @@ func (c *cgroupV1) GetPIDStats(stats *PIDStats) error { stats.PIDs = nil if err := parseFile(c.fr, c.pathFor("pids", "cgroup.procs"), func(s string) error { - pid, err := strconv.ParseInt(s, 10, 64) + pid, err := strconv.Atoi(s) if err != nil { reportError(newValueError(s, err)) return nil } - stats.PIDs = append(stats.PIDs, int(pid)) + stats.PIDs = append(stats.PIDs, pid) return nil }); err != nil { diff --git a/pkg/util/cgroups/cgroupv2_pids.go b/pkg/util/cgroups/cgroupv2_pids.go index ae2cc569dd575b..d9dfd91378d6e7 100644 --- a/pkg/util/cgroups/cgroupv2_pids.go +++ b/pkg/util/cgroups/cgroupv2_pids.go @@ -21,13 +21,13 @@ func (c *cgroupV2) GetPIDStats(stats *PIDStats) error { stats.PIDs = nil if err := parseFile(c.fr, c.pathFor("cgroup.procs"), func(s string) error { - pid, err := strconv.ParseInt(s, 10, 64) + pid, err := strconv.Atoi(s) if err != nil { reportError(newValueError(s, err)) return nil } - stats.PIDs = append(stats.PIDs, int(pid)) + stats.PIDs = append(stats.PIDs, pid) return nil }); err != nil { diff --git a/rtloader/common/builtins/_util.c b/rtloader/common/builtins/_util.c index e8dd848bea0744..c552c441624e12 100644 --- a/rtloader/common/builtins/_util.c +++ b/rtloader/common/builtins/_util.c @@ -109,8 +109,8 @@ PyObject *subprocess_output(PyObject *self, PyObject *args, PyObject *kw) int i; int raise = 0; int ret_code = 0; - int subprocess_args_sz; - int subprocess_env_sz; + int subprocess_args_sz = 0; + int subprocess_env_sz = 0; char **subprocess_args = NULL; char **subprocess_env = NULL; char *c_stdout = NULL; diff --git a/tasks/release.py b/tasks/release.py index cd832f804122c8..cefe14de9b18dc 100644 --- a/tasks/release.py +++ b/tasks/release.py @@ -1047,7 +1047,7 @@ def finish(ctx, major_versions="6,7"): for major_version in list_major_versions: new_version = next_final_version(ctx, major_version) - update_release_json(github_token, new_version) + update_release_json(ctx, github_token, new_version) # Update internal module dependencies update_modules(ctx, str(new_version))