Fix CodeQL code scanning alerts (#36858)
Fixes 10 CodeQL code scanning alerts: - Change `NewPagination`/`SetLinkHeader` to accept `int64` for total count, clamping internally to fix incorrect-integer-conversion alerts ([#110](https://github.com/go-gitea/gitea/security/code-scanning/110), [#114](https://github.com/go-gitea/gitea/security/code-scanning/114), [#115](https://github.com/go-gitea/gitea/security/code-scanning/115), [#116](https://github.com/go-gitea/gitea/security/code-scanning/116)) - Use `strconv.Atoi()` in `htmlrenderer.go` to avoid int64 intermediate ([#105](https://github.com/go-gitea/gitea/security/code-scanning/105), [#106](https://github.com/go-gitea/gitea/security/code-scanning/106)) - Clamp regex match indices in `escape_stream.go` to fix allocation-size-overflow ([#161](https://github.com/go-gitea/gitea/security/code-scanning/161), [#162](https://github.com/go-gitea/gitea/security/code-scanning/162), [#163](https://github.com/go-gitea/gitea/security/code-scanning/163)) - Cap slice pre-allocation in `GetIssueDependencies` ([#181](https://github.com/go-gitea/gitea/security/code-scanning/181)) --------- Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@@ -163,7 +163,7 @@ func GetAPIContext(req *http.Request) *APIContext {
|
||||
return req.Context().Value(apiContextKey).(*APIContext)
|
||||
}
|
||||
|
||||
func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
|
||||
func genAPILinks(curURL *url.URL, total int64, pageSize, curPage int) []string {
|
||||
page := NewPagination(total, pageSize, curPage, 0)
|
||||
paginater := page.Paginater
|
||||
links := make([]string, 0, 4)
|
||||
@@ -204,7 +204,8 @@ func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
|
||||
}
|
||||
|
||||
// SetLinkHeader sets pagination link header by given total number and page size.
|
||||
func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
||||
// "count" is usually from database result "count int64", so it also uses int64,
|
||||
func (ctx *APIContext) SetLinkHeader(total int64, pageSize int) {
|
||||
links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.FormInt("page"))
|
||||
|
||||
if len(links) > 0 {
|
||||
|
||||
@@ -6,6 +6,7 @@ package context
|
||||
import (
|
||||
"fmt"
|
||||
"html/template"
|
||||
"math"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"slices"
|
||||
@@ -22,11 +23,13 @@ type Pagination struct {
|
||||
}
|
||||
|
||||
// NewPagination creates a new instance of the Pagination struct.
|
||||
// "total" is usually from database result "count int64", so it also uses int64
|
||||
// "pagingNum" is "page size" or "limit", "current" is "page"
|
||||
// total=-1 means only showing prev/next
|
||||
func NewPagination(total, pagingNum, current, numPages int) *Pagination {
|
||||
func NewPagination(total int64, pagingNum, current, numPages int) *Pagination {
|
||||
totalInt := int(min(total, int64(math.MaxInt)))
|
||||
p := &Pagination{}
|
||||
p.Paginater = paginator.New(total, pagingNum, current, numPages)
|
||||
p.Paginater = paginator.New(totalInt, pagingNum, current, numPages)
|
||||
return p
|
||||
}
|
||||
|
||||
|
||||
@@ -18,10 +18,10 @@ import (
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
)
|
||||
|
||||
func GetFeedsForDashboard(ctx context.Context, opts activities_model.GetFeedsOptions) (activities_model.ActionList, int, error) {
|
||||
func GetFeedsForDashboard(ctx context.Context, opts activities_model.GetFeedsOptions) (activities_model.ActionList, int64, error) {
|
||||
opts.DontCount = opts.RequestedTeam == nil && opts.Date == ""
|
||||
results, cnt, err := activities_model.GetFeeds(ctx, opts)
|
||||
return results, util.Iif(opts.DontCount, -1, int(cnt)), err
|
||||
return results, util.Iif(opts.DontCount, -1, cnt), err
|
||||
}
|
||||
|
||||
// GetFeeds returns actions according to the provided options
|
||||
|
||||
@@ -240,16 +240,15 @@ func DeleteUnadoptedRepository(ctx context.Context, doer, u *user_model.User, re
|
||||
|
||||
type unadoptedRepositories struct {
|
||||
repositories []string
|
||||
index int
|
||||
start int
|
||||
end int
|
||||
count int64
|
||||
start, end int64
|
||||
}
|
||||
|
||||
func (unadopted *unadoptedRepositories) add(repository string) {
|
||||
if unadopted.index >= unadopted.start && unadopted.index < unadopted.end {
|
||||
if unadopted.count >= unadopted.start && unadopted.count < unadopted.end {
|
||||
unadopted.repositories = append(unadopted.repositories, repository)
|
||||
}
|
||||
unadopted.index++
|
||||
unadopted.count++
|
||||
}
|
||||
|
||||
func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesToCheck []string, unadopted *unadoptedRepositories) error {
|
||||
@@ -291,7 +290,7 @@ func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesT
|
||||
}
|
||||
|
||||
// ListUnadoptedRepositories lists all the unadopted repositories that match the provided query
|
||||
func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int, error) {
|
||||
func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int64, error) {
|
||||
globUser, _ := glob.Compile("*")
|
||||
globRepo, _ := glob.Compile("*")
|
||||
|
||||
@@ -311,12 +310,12 @@ func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListO
|
||||
}
|
||||
var repoNamesToCheck []string
|
||||
|
||||
start := (opts.Page - 1) * opts.PageSize
|
||||
start := int64((opts.Page - 1) * opts.PageSize)
|
||||
unadopted := &unadoptedRepositories{
|
||||
repositories: make([]string, 0, opts.PageSize),
|
||||
start: start,
|
||||
end: start + opts.PageSize,
|
||||
index: 0,
|
||||
end: start + int64(opts.PageSize),
|
||||
count: 0,
|
||||
}
|
||||
|
||||
var userName string
|
||||
@@ -372,5 +371,5 @@ func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListO
|
||||
return nil, 0, err
|
||||
}
|
||||
|
||||
return unadopted.repositories, unadopted.index, nil
|
||||
return unadopted.repositories, unadopted.count, nil
|
||||
}
|
||||
|
||||
@@ -20,20 +20,20 @@ import (
|
||||
)
|
||||
|
||||
func TestCheckUnadoptedRepositories_Add(t *testing.T) {
|
||||
start := 10
|
||||
end := 20
|
||||
const start = 10
|
||||
const end = 20
|
||||
unadopted := &unadoptedRepositories{
|
||||
start: start,
|
||||
end: end,
|
||||
index: 0,
|
||||
count: 0,
|
||||
}
|
||||
|
||||
total := 30
|
||||
const total = 30
|
||||
for range total {
|
||||
unadopted.add("something")
|
||||
}
|
||||
|
||||
assert.Equal(t, total, unadopted.index)
|
||||
assert.EqualValues(t, total, unadopted.count)
|
||||
assert.Len(t, unadopted.repositories, end-start)
|
||||
}
|
||||
|
||||
@@ -64,7 +64,7 @@ func TestCheckUnadoptedRepositories(t *testing.T) {
|
||||
err = checkUnadoptedRepositories(t.Context(), userName, []string{repoName}, unadopted)
|
||||
assert.NoError(t, err)
|
||||
assert.Empty(t, unadopted.repositories)
|
||||
assert.Equal(t, 0, unadopted.index)
|
||||
assert.Zero(t, unadopted.count)
|
||||
}
|
||||
|
||||
func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
|
||||
@@ -78,13 +78,13 @@ func TestListUnadoptedRepositories_ListOptions(t *testing.T) {
|
||||
opts := db.ListOptions{Page: 1, PageSize: 1}
|
||||
repoNames, count, err := ListUnadoptedRepositories(t.Context(), "", &opts)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, 2, count)
|
||||
assert.EqualValues(t, 2, count)
|
||||
assert.Equal(t, unadoptedList[0], repoNames[0])
|
||||
|
||||
opts = db.ListOptions{Page: 2, PageSize: 1}
|
||||
repoNames, count, err = ListUnadoptedRepositories(t.Context(), "", &opts)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, 2, count)
|
||||
assert.EqualValues(t, 2, count)
|
||||
assert.Equal(t, unadoptedList[1], repoNames[0])
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user