Skip to content

Commit

Permalink
Fix gosec failures on integer conversion
Browse files Browse the repository at this point in the history 
New versions of gosec implemented stricter type conversion and bounds
checks.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
  • Loading branch information
@bestbeforetoday
bestbeforetoday committed Sep 9, 2024
1 parent 358a613 commit cbb0733
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 32 deletions.
62 changes: 30 additions & 32 deletions internal/contract_function.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,51 +182,49 @@ func (cf *ContractFunction) handleResponse(response []reflect.Value, returnsMeta

returnsSuccess := cf.returns.success != nil

if returnsSuccess && cf.returns.error {
expectedLength = 2
} else if returnsSuccess || cf.returns.error {
expectedLength = 1
if returnsSuccess {
expectedLength++
}
if cf.returns.error {
expectedLength++
}

if len(response) == expectedLength {
if len(response) != expectedLength {
return "", nil, errors.New("response does not match expected return for given function")
}

var successResponse reflect.Value
var errorResponse reflect.Value
var successResponse reflect.Value
var errorResponse reflect.Value

if returnsSuccess && cf.returns.error {
successResponse = response[0]
errorResponse = response[1]
} else if returnsSuccess {
successResponse = response[0]
} else if cf.returns.error {
errorResponse = response[0]
}
if returnsSuccess {
successResponse = response[0]
}
if cf.returns.error {
errorResponse = response[len(response)-1]
}

var successString string
var errorError error
var iface interface{}
var successString string
var errorError error
var iface interface{}

if successResponse.IsValid() {
if serializer != nil {
var err error
successString, err = serializer.ToString(successResponse, cf.returns.success, returnsMetadata, components)
if successResponse.IsValid() {
if serializer != nil {
var err error
successString, err = serializer.ToString(successResponse, cf.returns.success, returnsMetadata, components)

if err != nil {
return "", nil, fmt.Errorf("error handling success response. %s", err.Error())
}
if err != nil {
return "", nil, fmt.Errorf("error handling success response. %s", err.Error())
}

iface = successResponse.Interface()
}

if errorResponse.IsValid() && !errorResponse.IsNil() {
errorError = errorResponse.Interface().(error)
}
iface = successResponse.Interface()
}

return successString, iface, errorError
if errorResponse.IsValid() && !errorResponse.IsNil() {
errorError = errorResponse.Interface().(error)
}

return "", nil, errors.New("response does not match expected return for given function")
return successString, iface, errorError
}

func newContractFunction(fnValue reflect.Value, callType CallType, paramDetails contractFunctionParams, returnDetails contractFunctionReturns) *ContractFunction {
Expand Down
5 changes: 5 additions & 0 deletions internal/functionaltests/contracts/complexcontract/complexcontract.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"encoding/json"
"errors"
"fmt"
"math"

"github.com/hyperledger/fabric-contract-api-go/v2/contractapi"
"github.com/hyperledger/fabric-contract-api-go/v2/internal/functionaltests/contracts/utils"
Expand Down Expand Up @@ -89,6 +90,10 @@ func (c *ComplexContract) UpdateValue(ctx utils.CustomTransactionContextInterfac
return fmt.Errorf("data retrieved from world state for key %s was not of type BasicObject", id)
}

if ba.Value > math.MaxInt {
return errors.New("%d overflows an int")
}
// #nosec G115
newValue := int(ba.Value) + valueAdd

if newValue < 0 {
Expand Down
6 changes: 6 additions & 0 deletions internal/types/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ func (it *int8Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int8", value)
}

// #nosec G115
intVal = int8(int64val)
}

Expand All @@ -100,6 +101,7 @@ func (it *int16Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int16", value)
}

// #nosec G115
intVal = int16(int64val)
}

Expand All @@ -121,6 +123,7 @@ func (it *int32Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int32", value)
}

// #nosec G115
intVal = int32(int64val)
}

Expand Down Expand Up @@ -191,6 +194,7 @@ func (ut *uint8Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint8", value)
}

// #nosec G115
uintVal = uint8(uint64Val)
}

Expand All @@ -217,6 +221,7 @@ func (ut *uint16Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint16", value)
}

// #nosec G115
uintVal = uint16(uint64Val)
}

Expand All @@ -243,6 +248,7 @@ func (ut *uint32Type) Convert(value string) (reflect.Value, error) {
return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint32", value)
}

// #nosec G115
uintVal = uint32(uint64Val)
}

Expand Down

0 comments on commit cbb0733

Please sign in to comment.