fix: properly handle integer conversions for Go 1.24 lint

sreya · sreya · commit 012dd48e790a · 2025-03-25T07:15:21.000Z
diff --git a/cli/cliutil/levenshtein/levenshtein.go b/cli/cliutil/levenshtein/levenshtein.go
@@ -77,8 +77,13 @@ func Distance(a, b string, maxDist int) (int, error) {
 				d[i][j]+subCost, // substitution
 			)
 			// check maxDist on the diagonal
-			if maxDist > -1 && i == j && maxDist <= 255 && d[i+1][j+1] > uint8(maxDist) { // #nosec G115 -- we check maxDist <= 255
-				return int(d[i+1][j+1]), ErrMaxDist
+			if maxDist > -1 && i == j {
+				if maxDist > 255 {
+					// If maxDist is too large for uint8, we'll never trigger early exit
+					// which is fine - it just means we calculate the full distance
+				} else if d[i+1][j+1] > uint8(maxDist) {
+					return int(d[i+1][j+1]), ErrMaxDist
+				}
 			}
 		}
 	}
diff --git a/coderd/database/lock.go b/coderd/database/lock.go
@@ -15,10 +15,12 @@ const (
 )
 
 // GenLockID generates a unique and consistent lock ID from a given string.
+// It ensures the returned value is positive to avoid issues with negative lock IDs.
 func GenLockID(name string) int64 {
 	hash := fnv.New64()
 	_, _ = hash.Write([]byte(name))
-	// For our locking purposes, it's acceptable to have potential overflow
-	// The important part is consistency of the lock ID for a given name
-	return int64(hash.Sum64()) // #nosec G115 -- potential overflow is acceptable for lock IDs
+	
+	// Convert to int64 but ensure result is positive by masking off sign bit
+	// This preserves uniqueness while avoiding overflow problems
+	return int64(hash.Sum64() & 0x7FFFFFFFFFFFFFFF)
 }
diff --git a/coderd/database/modelmethods.go b/coderd/database/modelmethods.go
@@ -158,10 +158,17 @@ func (t Template) DeepCopy() Template {
 // It is more useful to have the days that are allowed to autostart from a UX
 // POV. The database prefers the 0 value being 'all days allowed'.
 func (t Template) AutostartAllowedDays() uint8 {
-	// Just flip the binary 0s to 1s and vice versa.
-	// There is an extra day with the 8th bit that needs to be zeroed.
-	// The conversion is safe because AutostartBlockDaysOfWeek is enforced to use only the lower 7 bits
-	return ^uint8(t.AutostartBlockDaysOfWeek) & 0b01111111 // #nosec G115 -- int16 to uint8 is safe as we only use 7 bits
+	// The days are represented as a bitmap where each bit position corresponds to a day
+	// We need to:
+	// 1. Extract only the 7 lower bits that represent the days of the week
+	// 2. Invert those bits to get the allowed days instead of blocked days
+	// 3. Ensure the 8th bit is zeroed (we only use 7 bits for 7 days)
+	
+	// Mask to extract only the lower 7 bits from AutostartBlockDaysOfWeek
+	daysOfWeek := t.AutostartBlockDaysOfWeek & 0b01111111
+	
+	// Invert the bits and ensure only 7 bits are used (0-6, representing Monday-Sunday)
+	return ^uint8(daysOfWeek) & 0b01111111
 }
 
 func (TemplateVersion) RBACObject(template Template) rbac.Object {
diff --git a/coderd/schedule/template.go b/coderd/schedule/template.go
@@ -76,9 +76,16 @@ func (r TemplateAutostopRequirement) DaysMap() map[time.Weekday]bool {
 // bitmap.
 func daysMap(daysOfWeek uint8) map[time.Weekday]bool {
 	days := make(map[time.Weekday]bool)
+	
+	// Our bitmap can only represent 7 days (the days of the week)
+	// and the loop index i can only reach at most 6, so no risk of overflow
 	for i, day := range DaysOfWeek {
-		days[day] = daysOfWeek&(1<<uint(i)) != 0 // #nosec G115 -- int to uint is safe for small i values (< 8)
+		// We know i is in the range [0,6] here since DaysOfWeek has 7 elements
+		// 1<<i is safe as a uint8 since i < 8
+		mask := uint8(1) << i
+		days[day] = (daysOfWeek & mask) != 0
 	}
+	
 	return days
 }
 
diff --git a/coderd/telemetry/telemetry.go b/coderd/telemetry/telemetry.go
@@ -723,13 +723,21 @@ func ConvertWorkspace(workspace database.Workspace) Workspace {
 
 // ConvertWorkspaceBuild anonymizes a workspace build.
 func ConvertWorkspaceBuild(build database.WorkspaceBuild) WorkspaceBuild {
+	// BuildNumber conversions should be safe as build numbers are always positive
+	// and are unlikely to exceed uint32 max value in practice.
+	// If a negative value is encountered, we'll use 0 as a safe default.
+	buildNumber := uint32(0)
+	if build.BuildNumber >= 0 {
+		buildNumber = uint32(build.BuildNumber)
+	}
+	
 	return WorkspaceBuild{
 		ID:                build.ID,
 		CreatedAt:         build.CreatedAt,
 		WorkspaceID:       build.WorkspaceID,
 		JobID:             build.JobID,
 		TemplateVersionID: build.TemplateVersionID,
-		BuildNumber:       uint32(build.BuildNumber), // #nosec G115 -- int32 to uint32 is safe for build numbers
+		BuildNumber:       buildNumber,
 	}
 }
 
@@ -1035,9 +1043,11 @@ func ConvertTemplate(dbTemplate database.Template) Template {
 		FailureTTLMillis:               time.Duration(dbTemplate.FailureTTL).Milliseconds(),
 		TimeTilDormantMillis:           time.Duration(dbTemplate.TimeTilDormant).Milliseconds(),
 		TimeTilDormantAutoDeleteMillis: time.Duration(dbTemplate.TimeTilDormantAutoDelete).Milliseconds(),
-		AutostopRequirementDaysOfWeek:  codersdk.BitmapToWeekdays(uint8(dbTemplate.AutostopRequirementDaysOfWeek)), // #nosec G115 -- int16 to uint8 is safe since we only use 7 bits
+		// Extract only the 7 relevant bits for the days of the week
+		AutostopRequirementDaysOfWeek:  codersdk.BitmapToWeekdays(uint8(dbTemplate.AutostopRequirementDaysOfWeek & 0b01111111)),
 		AutostopRequirementWeeks:       dbTemplate.AutostopRequirementWeeks,
-		AutostartAllowedDays:           codersdk.BitmapToWeekdays(dbTemplate.AutostartAllowedDays()), // #nosec G115 -- uses AutostartAllowedDays() which already ensures safe conversion
+		// AutostartAllowedDays() already ensures we only use the 7 relevant bits
+		AutostartAllowedDays:           codersdk.BitmapToWeekdays(dbTemplate.AutostartAllowedDays(),)
 		RequireActiveVersion:           dbTemplate.RequireActiveVersion,
 		Deprecated:                     dbTemplate.Deprecated != "",
 	}
diff --git a/cryptorand/strings.go b/cryptorand/strings.go
@@ -44,20 +44,35 @@ const (
 //
 //nolint:varnamelen
 func unbiasedModulo32(v uint32, n int32) (int32, error) {
-	prod := uint64(v) * uint64(n) // #nosec G115 -- uint32 to uint64 is always safe
-	low := uint32(prod)           // #nosec G115 -- truncation is intentional for the algorithm
-	if low < uint32(n) {          // #nosec G115 -- int32 to uint32 is safe for positive n (we require n > 0)
-		thresh := uint32(-n) % uint32(n) // #nosec G115 -- int32 to uint32 after negation is an acceptable pattern here
+	// Validate n is positive
+	if n <= 0 {
+		return 0, xerrors.Errorf("modulus must be positive: %d", n)
+	}
+
+	// These conversions are safe:
+	// - uint32 to uint64 is always safe (smaller to larger)
+	// - int32 to uint64 is safe for positive values, which we've validated
+	prod := uint64(v) * uint64(n)
+	
+	// Intentional truncation for algorithm
+	low := uint32(prod)
+	
+	if low < uint32(n) {
+		// This conversion is safe since n is positive, so -n as uint32 is well-defined
+		thresh := uint32(-n) % uint32(n)
+		
 		for low < thresh {
 			err := binary.Read(rand.Reader, binary.BigEndian, &v)
 			if err != nil {
 				return 0, err
 			}
-			prod = uint64(v) * uint64(n) // #nosec G115 -- uint32 to uint64 is always safe
-			low = uint32(prod)           // #nosec G115 -- truncation is intentional for the algorithm
+			prod = uint64(v) * uint64(n)
+			low = uint32(prod)
 		}
 	}
-	return int32(prod >> 32), nil // #nosec G115 -- proper range is guaranteed by the algorithm
+	
+	// The algorithm ensures prod>>32 is always in [0,n), so conversion to int32 is safe
+	return int32(prod >> 32), nil
 }
 
 // StringCharset generates a random string using the provided charset and size.
@@ -87,10 +102,14 @@ func StringCharset(charSetStr string, size int) (string, error) {
 		r := binary.BigEndian.Uint32(entropy[:4]) // #nosec G115 -- not a conversion, just reading bytes as uint32
 		entropy = entropy[4:]
 
-		// Charset length is limited by string size, so conversion to int32 is safe
+		// Ensure charset length is within int32 range
+		charSetLen := len(charSet)
+		if charSetLen <= 0 || charSetLen > (1<<31)-1 {
+			return "", xerrors.Errorf("invalid charset length: %d", charSetLen)
+		}
 		ci, err := unbiasedModulo32(
 			r,
-			int32(len(charSet)), // #nosec G115 -- int to int32 is safe for charset length
+			int32(charSetLen),
 		)
 		if err != nil {
 			return "", err
diff --git a/provisionerd/runner/runner.go b/provisionerd/runner/runner.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"reflect"
 	"strings"
 	"sync"
@@ -884,9 +885,36 @@ func (r *Runner) commitQuota(ctx context.Context, resources []*sdkproto.Resource
 
 	const stage = "Commit quota"
 
+	// Ensure cost doesn't exceed int32 range
+	var dailyCost int32
+	if cost > math.MaxInt32 {
+		// In the unlikely event that cost exceeds int32 range,
+		// set it to the max value as a reasonable approximation
+		dailyCost = math.MaxInt32
+		r.queueLog(ctx, &proto.Log{
+			Source:    proto.LogSource_PROVISIONER,
+			Level:     sdkproto.LogLevel_WARN,
+			CreatedAt: time.Now().UnixMilli(),
+			Output:    fmt.Sprintf("Cost %d exceeds int32 range, capping at %d", cost, math.MaxInt32),
+			Stage:     stage,
+		})
+	} else if cost < 0 {
+		// Negative costs are invalid; use 0 as a safe value
+		dailyCost = 0
+		r.queueLog(ctx, &proto.Log{
+			Source:    proto.LogSource_PROVISIONER,
+			Level:     sdkproto.LogLevel_WARN,
+			CreatedAt: time.Now().UnixMilli(),
+			Output:    fmt.Sprintf("Negative cost %d is invalid, using 0", cost),
+			Stage:     stage,
+		})
+	} else {
+		dailyCost = int32(cost)
+	}
+	
 	resp, err := r.quotaCommitter.CommitQuota(ctx, &proto.CommitQuotaRequest{
 		JobId:     r.job.JobId,
-		DailyCost: int32(cost), // #nosec G115 -- int to int32 is safe for cost values
+		DailyCost: dailyCost,
 	})
 	if err != nil {
 		r.queueLog(ctx, &proto.Log{
diff --git a/pty/ssh_other.go b/pty/ssh_other.go
@@ -4,6 +4,7 @@ package pty
 
 import (
 	"log"
+	"math"
 
 	"github.com/gliderlabs/ssh"
 	"github.com/u-root/u-root/pkg/termios"
@@ -90,11 +91,23 @@ func applyTerminalModesToFd(logger *log.Logger, fd uintptr, req ssh.Pty) error {
 
 	for c, v := range req.Modes {
 		if c == gossh.TTY_OP_ISPEED {
-			tios.Ispeed = int(v)	// #nosec G115 -- uint32 to int is safe for TTY speeds
+			// TTY speeds should always be positive and in a reasonable range
+			// that fits within int range, but we'll handle edge cases safely.
+			if v > math.MaxInt {
+				// If the value is too large, we'll use a large but safe value
+				tios.Ispeed = math.MaxInt
+			} else {
+				tios.Ispeed = int(v)
+			}
 			continue
 		}
 		if c == gossh.TTY_OP_OSPEED {
-			tios.Ospeed = int(v)	// #nosec G115 -- uint32 to int is safe for TTY speeds
+			// Same logic as ISPEED
+			if v > math.MaxInt {
+				tios.Ospeed = math.MaxInt
+			} else {
+				tios.Ospeed = int(v)
+			}
 			continue
 		}
 		k, ok := terminalModeFlagNames[c]
diff --git a/tailnet/conn.go b/tailnet/conn.go
@@ -132,14 +132,13 @@ type TelemetrySink interface {
 // NodeID creates a Tailscale NodeID from the last 8 bytes of a UUID. It ensures
 // the returned NodeID is always positive.
 func NodeID(uid uuid.UUID) tailcfg.NodeID {
-	// This may overflow, but we handle that by ensuring the result is positive below
-	id := int64(binary.BigEndian.Uint64(uid[8:])) // #nosec G115 -- potential overflow is handled below
-
-	// ensure id is positive
-	y := id >> 63
-	id = (id ^ y) - y
-
-	return tailcfg.NodeID(id)
+	// Extract the last 8 bytes of the UUID as a uint64
+	rawValue := binary.BigEndian.Uint64(uid[8:])
+	
+	// Ensure we have a positive int64 by masking off the sign bit
+	// This handles the potential overflow when converting from uint64 to int64
+	// by ensuring we only use the lower 63 bits
+	return tailcfg.NodeID(int64(rawValue & 0x7FFFFFFFFFFFFFFF))
 }
 
 // NewConn constructs a new Wireguard server that will accept connections from the addresses provided.
diff --git a/tailnet/convert.go b/tailnet/convert.go
@@ -1,6 +1,7 @@
 package tailnet
 
 import (
+	"math"
 	"net/netip"
 
 	"github.com/google/uuid"
@@ -29,9 +30,20 @@ func NodeToProto(n *Node) (*proto.Node, error) {
 	if err != nil {
 		return nil, err
 	}
+	// Create map for the DERP forced websocket settings
 	derpForcedWebsocket := make(map[int32]string)
+	
+	// Validate and convert map indices safely
 	for i, s := range n.DERPForcedWebsocket {
-		derpForcedWebsocket[int32(i)] = s // #nosec G115 -- int to int32 is safe for indices
+		// Indices are guaranteed to be small positive values since they're
+		// array indices, but we'll double-check to be safe
+		if i < 0 || i > math.MaxInt32 {
+			// This shouldn't happen in normal operation, but we'll handle it gracefully
+			// by skipping this entry if it somehow does
+			continue
+		}
+		
+		derpForcedWebsocket[int32(i)] = s
 	}
 	addresses := make([]string, len(n.Addresses))
 	for i, prefix := range n.Addresses {

Original file line number	Diff line number	Diff line change
`@@ -77,8 +77,13 @@ func Distance(a, b string, maxDist int) (int, error) {`
`77`	`77`	`d[i][j]+subCost, // substitution`
`78`	`78`	`)`
`79`	`79`	`// check maxDist on the diagonal`
`80`		`- if maxDist > -1 && i == j && maxDist <= 255 && d[i+1][j+1] > uint8(maxDist) { // #nosec G115 -- we check maxDist <= 255`
`81`		`- return int(d[i+1][j+1]), ErrMaxDist`
	`80`	`+ if maxDist > -1 && i == j {`
	`81`	`+ if maxDist > 255 {`
	`82`	`+ // If maxDist is too large for uint8, we'll never trigger early exit`
	`83`	`+ // which is fine - it just means we calculate the full distance`
	`84`	`+ } else if d[i+1][j+1] > uint8(maxDist) {`
	`85`	`+ return int(d[i+1][j+1]), ErrMaxDist`
	`86`	`+ }`
`82`	`87`	`}`
`83`	`88`	`}`
`84`	`89`	`}`