-
Notifications
You must be signed in to change notification settings - Fork 20k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
p2p/enode: store local port number as uint16 #23926
Conversation
We have decided against enabling CodeQL scanning in the past, for various reasons. |
That said, would be interested to explain the reasoning behind the integer conversion change in package p2p/enode? |
Port of an internet address has a well-defined range (hence type), and we need to utilize that when parsing a port string. For example "71000" should be treated equally invalid as "xyzw" when parsing a port field. This can yield to unpredictable problems, including security ones and CodeQL warns about these. |
I don't think it is a security issue in this specific case because netutil.IPTracker will always return one of the strings added to it via AddStatement, and the statement strings are created by net.UDPAddr.String. However I do agree it is cleaner to use uint16. Could you remove the CodeQL addition and leave only the integer type change in this PR? I would merge it then. |
discovered by CodeQL
Fix integer conversions discovered by CodeQL