Fix CodeQL code scanning alerts (#36858)

Fixes 10 CodeQL code scanning alerts:

- Change `NewPagination`/`SetLinkHeader` to accept `int64` for total
count, clamping internally to fix incorrect-integer-conversion alerts
([#110](https://github.com/go-gitea/gitea/security/code-scanning/110),
[#114](https://github.com/go-gitea/gitea/security/code-scanning/114),
[#115](https://github.com/go-gitea/gitea/security/code-scanning/115),
[#116](https://github.com/go-gitea/gitea/security/code-scanning/116))
- Use `strconv.Atoi()` in `htmlrenderer.go` to avoid int64 intermediate
([#105](https://github.com/go-gitea/gitea/security/code-scanning/105),
[#106](https://github.com/go-gitea/gitea/security/code-scanning/106))
- Clamp regex match indices in `escape_stream.go` to fix
allocation-size-overflow
([#161](https://github.com/go-gitea/gitea/security/code-scanning/161),
[#162](https://github.com/go-gitea/gitea/security/code-scanning/162),
[#163](https://github.com/go-gitea/gitea/security/code-scanning/163))
- Cap slice pre-allocation in `GetIssueDependencies`
([#181](https://github.com/go-gitea/gitea/security/code-scanning/181))

---------

Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
silverwind
2026-03-08 15:35:50 +01:00
committed by GitHub
parent 3f1ef703d5
commit 0724344a8a
70 changed files with 155 additions and 168 deletions

View File

@@ -163,7 +163,7 @@ func GetAPIContext(req *http.Request) *APIContext {
return req.Context().Value(apiContextKey).(*APIContext)
}
func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
func genAPILinks(curURL *url.URL, total int64, pageSize, curPage int) []string {
page := NewPagination(total, pageSize, curPage, 0)
paginater := page.Paginater
links := make([]string, 0, 4)
@@ -204,7 +204,8 @@ func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
}
// SetLinkHeader sets pagination link header by given total number and page size.
func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
// "count" is usually from database result "count int64", so it also uses int64,
func (ctx *APIContext) SetLinkHeader(total int64, pageSize int) {
links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.FormInt("page"))
if len(links) > 0 {

View File

@@ -6,6 +6,7 @@ package context
import (
"fmt"
"html/template"
"math"
"net/http"
"net/url"
"slices"
@@ -22,11 +23,13 @@ type Pagination struct {
}
// NewPagination creates a new instance of the Pagination struct.
// "total" is usually from database result "count int64", so it also uses int64
// "pagingNum" is "page size" or "limit", "current" is "page"
// total=-1 means only showing prev/next
func NewPagination(total, pagingNum, current, numPages int) *Pagination {
func NewPagination(total int64, pagingNum, current, numPages int) *Pagination {
totalInt := int(min(total, int64(math.MaxInt)))
p := &Pagination{}
p.Paginater = paginator.New(total, pagingNum, current, numPages)
p.Paginater = paginator.New(totalInt, pagingNum, current, numPages)
return p
}

View File

@@ -18,10 +18,10 @@ import (
"code.gitea.io/gitea/modules/util"
)
func GetFeedsForDashboard(ctx context.Context, opts activities_model.GetFeedsOptions) (activities_model.ActionList, int, error) {
func GetFeedsForDashboard(ctx context.Context, opts activities_model.GetFeedsOptions) (activities_model.ActionList, int64, error) {
opts.DontCount = opts.RequestedTeam == nil && opts.Date == ""
results, cnt, err := activities_model.GetFeeds(ctx, opts)
return results, util.Iif(opts.DontCount, -1, int(cnt)), err
return results, util.Iif(opts.DontCount, -1, cnt), err
}
// GetFeeds returns actions according to the provided options

View File

@@ -240,16 +240,15 @@ func DeleteUnadoptedRepository(ctx context.Context, doer, u *user_model.User, re
type unadoptedRepositories struct {
repositories []string
index int
start int
end int
count int64
start, end int64
}
func (unadopted *unadoptedRepositories) add(repository string) {
if unadopted.index >= unadopted.start && unadopted.index < unadopted.end {
if unadopted.count >= unadopted.start && unadopted.count < unadopted.end {
unadopted.repositories = append(unadopted.repositories, repository)
}
unadopted.index++
unadopted.count++
}
func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesToCheck []string, unadopted *unadoptedRepositories) error {
@@ -291,7 +290,7 @@ func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesT
}
// ListUnadoptedRepositories lists all the unadopted repositories that match the provided query
func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int, error) {
func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int64, error) {
globUser, _ := glob.Compile("*")
globRepo, _ := glob.Compile("*")
@@ -311,12 +310,12 @@ func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListO
}
var repoNamesToCheck []string
start := (opts.Page - 1) * opts.PageSize
start := int64((opts.Page - 1) * opts.PageSize)
unadopted := &unadoptedRepositories{
repositories: make([]string, 0, opts.PageSize),
start: start,
end: start + opts.PageSize,
index: 0,
end: start + int64(opts.PageSize),
count: 0,
}
var userName string
@@ -372,5 +371,5 @@ func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListO
return nil, 0, err
}
return unadopted.repositories, unadopted.index, nil
return unadopted.repositories, unadopted.count, nil
}

View File

@@ -20,20 +20,20 @@ import (
)
func TestCheckUnadoptedRepositories_Add(t *testing.T) {
start := 10
end := 20
const start = 10
const end = 20
unadopted := &unadoptedRepositories{
start: start,
end: end,
index: 0,
count: 0,
}
total := 30
const total = 30
for range total {
unadopted.add("something")
}
assert.Equal(t, total, unadopted.index)
assert.EqualValues(t, total, unadopted.count)
assert.Len(t, unadopted.repositories, end-start)
}
@@ -64,7 +64,7 @@ func TestCheckUnadoptedRepositories(t *testing.T) {
err = checkUnadoptedRepositories(t.Context(), userName, []string{repoName}, unadopted)
assert.NoError(t, err)
assert.Empty(t, unadopted.repositories)
assert.Equal(t, 0, unadopted.index)
assert.Zero(t, unadopted.count)
}
func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
@@ -78,13 +78,13 @@ func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
opts := db.ListOptions{Page: 1, PageSize: 1}
repoNames, count, err := ListUnadoptedRepositories(t.Context(), "", &opts)
assert.NoError(t, err)
assert.Equal(t, 2, count)
assert.EqualValues(t, 2, count)
assert.Equal(t, unadoptedList[0], repoNames[0])
opts = db.ListOptions{Page: 2, PageSize: 1}
repoNames, count, err = ListUnadoptedRepositories(t.Context(), "", &opts)
assert.NoError(t, err)
assert.Equal(t, 2, count)
assert.EqualValues(t, 2, count)
assert.Equal(t, unadoptedList[1], repoNames[0])
}