Fix gosec failures on integer conversion (#145)

New versions of gosec implemented stricter type conversion and bounds checks. Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
hyperledger · Sep 9, 2024 · dbd0ca7 · dbd0ca7
1 parent 358a613
commit dbd0ca7
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 39 deletions.
diff --git a/internal/contract_function.go b/internal/contract_function.go
@@ -182,51 +182,49 @@ func (cf *ContractFunction) handleResponse(response []reflect.Value, returnsMeta
 
 	returnsSuccess := cf.returns.success != nil
 
-	if returnsSuccess && cf.returns.error {
-		expectedLength = 2
-	} else if returnsSuccess || cf.returns.error {
-		expectedLength = 1
+	if returnsSuccess {
+		expectedLength++
+	}
+	if cf.returns.error {
+		expectedLength++
 	}
 
-	if len(response) == expectedLength {
+	if len(response) != expectedLength {
+		return "", nil, errors.New("response does not match expected return for given function")
+	}
 
-		var successResponse reflect.Value
-		var errorResponse reflect.Value
+	var successResponse reflect.Value
+	var errorResponse reflect.Value
 
-		if returnsSuccess && cf.returns.error {
-			successResponse = response[0]
-			errorResponse = response[1]
-		} else if returnsSuccess {
-			successResponse = response[0]
-		} else if cf.returns.error {
-			errorResponse = response[0]
-		}
+	if returnsSuccess {
+		successResponse = response[0]
+	}
+	if cf.returns.error {
+		errorResponse = response[len(response)-1]
+	}
 
-		var successString string
-		var errorError error
-		var iface interface{}
+	var successString string
+	var errorError error
+	var iface interface{}
 
-		if successResponse.IsValid() {
-			if serializer != nil {
-				var err error
-				successString, err = serializer.ToString(successResponse, cf.returns.success, returnsMetadata, components)
+	if successResponse.IsValid() {
+		if serializer != nil {
+			var err error
+			successString, err = serializer.ToString(successResponse, cf.returns.success, returnsMetadata, components)
 
-				if err != nil {
-					return "", nil, fmt.Errorf("error handling success response. %s", err.Error())
-				}
+			if err != nil {
+				return "", nil, fmt.Errorf("error handling success response. %s", err.Error())
 			}
-
-			iface = successResponse.Interface()
 		}
 
-		if errorResponse.IsValid() && !errorResponse.IsNil() {
-			errorError = errorResponse.Interface().(error)
-		}
+		iface = successResponse.Interface()
+	}
 
-		return successString, iface, errorError
+	if errorResponse.IsValid() && !errorResponse.IsNil() {
+		errorError = errorResponse.Interface().(error)
 	}
 
-	return "", nil, errors.New("response does not match expected return for given function")
+	return successString, iface, errorError
 }
 
 func newContractFunction(fnValue reflect.Value, callType CallType, paramDetails contractFunctionParams, returnDetails contractFunctionReturns) *ContractFunction {

diff --git a/internal/functionaltests/contracts/complexcontract/complexcontract.go b/internal/functionaltests/contracts/complexcontract/complexcontract.go
@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 
 	"github.com/hyperledger/fabric-contract-api-go/v2/contractapi"
 	"github.com/hyperledger/fabric-contract-api-go/v2/internal/functionaltests/contracts/utils"
@@ -89,7 +90,10 @@ func (c *ComplexContract) UpdateValue(ctx utils.CustomTransactionContextInterfac
 		return fmt.Errorf("data retrieved from world state for key %s was not of type BasicObject", id)
 	}
 
-	newValue := int(ba.Value) + valueAdd
+	if ba.Value > math.MaxInt {
+		return errors.New("%d overflows an int")
+	}
+	newValue := int(ba.Value) + valueAdd // #nosec G115
 
 	if newValue < 0 {
 		newValue = 0

diff --git a/internal/types/types.go b/internal/types/types.go
@@ -79,7 +79,7 @@ func (it *int8Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int8", value)
 		}
 
-		intVal = int8(int64val)
+		intVal = int8(int64val) // #nosec G115
 	}
 
 	return reflect.ValueOf(intVal), nil
@@ -100,7 +100,7 @@ func (it *int16Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int16", value)
 		}
 
-		intVal = int16(int64val)
+		intVal = int16(int64val) // #nosec G115
 	}
 
 	return reflect.ValueOf(intVal), nil
@@ -121,7 +121,7 @@ func (it *int32Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to int32", value)
 		}
 
-		intVal = int32(int64val)
+		intVal = int32(int64val) // #nosec G115
 	}
 
 	return reflect.ValueOf(intVal), nil
@@ -191,7 +191,7 @@ func (ut *uint8Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint8", value)
 		}
 
-		uintVal = uint8(uint64Val)
+		uintVal = uint8(uint64Val) // #nosec G115
 	}
 
 	return reflect.ValueOf(uintVal), nil
@@ -217,7 +217,7 @@ func (ut *uint16Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint16", value)
 		}
 
-		uintVal = uint16(uint64Val)
+		uintVal = uint16(uint64Val) // #nosec G115
 	}
 
 	return reflect.ValueOf(uintVal), nil
@@ -243,7 +243,7 @@ func (ut *uint32Type) Convert(value string) (reflect.Value, error) {
 			return reflect.Value{}, fmt.Errorf("cannot convert passed value %s to uint32", value)
 		}
 
-		uintVal = uint32(uint64Val)
+		uintVal = uint32(uint64Val) // #nosec G115
 	}
 
 	return reflect.ValueOf(uintVal), nil