chore: globally disable gosec:G115

disbale "Potential integer overflow converting between integer types" linter warning since we do a lot of manually checked conversions between types removed inline `//nolint:gosec` directives
CrowdStrike · Oct 14, 2024 · 9e952a8 · 9e952a8
1 parent e7cc9a2
commit 9e952a8
Show file tree

Hide file tree

Showing 7 changed files with 7 additions and 28 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -60,3 +60,10 @@ linters-settings:
   revive:
     ignore-generated-header: true
     min-confidence: 0
+  gosec:
+    excludes:
+      # disable "Potential integer overflow when converting between integer types"
+      # - we have to do A LOT of conversions between integer types when encoding/decoding so there
+      #   are lots of _potential_ overflows
+      # - more efficient to disable this check globally than for each line
+      - G115
diff --git a/decoder.go b/decoder.go
@@ -139,7 +139,6 @@ func (d *Decoder) DecodeTag() (tag int, wireType WireType, err error) {
 		return 0, -1, fmt.Errorf("invalid tag value (%d) at byte %d: %w", v, d.offset, ErrInvalidFieldTag)
 	}
 	d.offset += n
-	//nolint: gosec // no overflow given the range check above
 	return int(v >> 3), WireType(v & 0x7), nil
 }
 
@@ -202,7 +201,6 @@ func (d *Decoder) DecodeBytes() ([]byte, error) {
 		// length is good
 	}
 
-	//nolint: gosec // no overflow, all values <= maxFieldLen will fit in an int
 	nb := int(l)
 	if d.offset+n+nb > len(d.p) {
 		return nil, io.ErrUnexpectedEOF
@@ -230,7 +228,6 @@ func (d *Decoder) DecodeUInt32() (uint32, error) {
 		return 0, ErrValueOverflow
 	}
 	d.offset += n
-	//nolint: gosec // no overflow given the range check above
 	return uint32(v), nil
 }
 
@@ -267,12 +264,10 @@ func (d *Decoder) DecodeInt32() (int32, error) {
 		return 0, fmt.Errorf("invalid data at byte %d: %w", d.offset, ErrInvalidVarintData)
 	}
 	// ensure the result is within [-math.MaxInt32, math.MaxInt32] when converted to a signed value
-	//nolint: gosec // overflow == error
 	if i64 := int64(v); i64 > math.MaxInt32 || i64 < math.MinInt32 {
 		return 0, ErrValueOverflow
 	}
 	d.offset += n
-	//nolint: gosec // no overflow given the range check above
 	return int32(v), nil
 }
 
@@ -291,7 +286,6 @@ func (d *Decoder) DecodeInt64() (int64, error) {
 		return 0, fmt.Errorf("invalid data at byte %d: %w", d.offset, ErrInvalidVarintData)
 	}
 	d.offset += n
-	//nolint: gosec // no overflow, intentionally converting from uint64 to int64
 	return int64(v), nil
 }
 
@@ -475,7 +469,6 @@ func (d *Decoder) DecodePackedInt32() ([]int32, error) { //nolint: dupl // FALSE
 		}
 		nRead += uint64(n)
 		d.offset += n
-		//nolint: gosec // no overflow given the range check above
 		res = append(res, int32(v))
 	}
 	if nRead != l {
@@ -522,7 +515,6 @@ func (d *Decoder) DecodePackedInt64() ([]int64, error) { //nolint: dupl // FALSE
 		}
 		nRead += uint64(n)
 		d.offset += n
-		//nolint: gosec // no overflow given the range check above
 		res = append(res, int64(v))
 	}
 	if nRead != l {
@@ -571,7 +563,6 @@ func (d *Decoder) DecodePackedUint32() ([]uint32, error) { //nolint: dupl // FAL
 		}
 		nRead += uint64(n)
 		d.offset += n
-		//nolint: gosec // no overflow given the range check above
 		res = append(res, uint32(v))
 	}
 	if nRead != l {
@@ -898,7 +889,6 @@ func (d *Decoder) DecodeNested(m interface{}) error {
 		// length is good
 	}
 
-	//nolint: gosec // no overflow, all values <= maxFieldLen fit into an int
 	nb := int(l)
 	if nb < 0 {
 		return fmt.Errorf("csproto: bad byte length %d at byte %d", nb, d.offset)
@@ -947,7 +937,6 @@ func (d *Decoder) Skip(tag int, wt WireType) ([]byte, error) {
 		if n != sz {
 			return nil, fmt.Errorf("invalid data at byte %d: %w", bof, ErrInvalidVarintData)
 		}
-		//nolint: gosec // no overflow, all valid tags fit into an int and *anything* & 0x7 fits into WireType
 		thisTag, thisWireType := int(v>>3), WireType(v&0x7)
 		if thisTag != tag || thisWireType != wt {
 			return nil, &DecoderSkipError{
@@ -981,7 +970,6 @@ func (d *Decoder) Skip(tag int, wt WireType) ([]byte, error) {
 			// length is good
 		}
 
-		//nolint: gosec // no overflow, all values <= maxFieldLen fit into an int
 		skipped = n + int(l)
 
 	case WireTypeFixed32:
@@ -1049,9 +1037,7 @@ func DecodeZigZag32(p []byte) (v int32, n int, err error) {
 	if n == 0 {
 		return 0, 0, ErrInvalidVarintData
 	}
-	//nolint: gosec // no overflow, just undoing the zig-zag encoding
 	dv = uint64((uint32(dv) >> 1) ^ uint32((int32(dv&1)<<31)>>31))
-	//nolint: gosec // no overflow, see above
 	return int32(dv), n, nil
 }
 
@@ -1068,9 +1054,7 @@ func DecodeZigZag64(p []byte) (v int64, n int, err error) {
 	if n == 0 {
 		return 0, 0, ErrInvalidVarintData
 	}
-	//nolint: gosec // no overflow, just undoing the zig-zag encoding
 	dv = (dv >> 1) ^ uint64((int64(dv&1)<<63)>>63)
-	//nolint: gosec // no overflow, see above
 	return int64(dv), n, nil
 }
 

diff --git a/encoder.go b/encoder.go
@@ -406,12 +406,10 @@ func EncodeTag(dest []byte, tag int, wireType WireType) int {
 func EncodeVarint(dest []byte, v uint64) int {
 	n := 0
 	for v >= 1<<7 {
-		//nolint: gosec // v & 0x7f cannot overflow uint8
 		dest[n] = uint8(v&0x7f | 0x80)
 		v >>= 7
 		n++
 	}
-	//nolint: gosec // no overflow, the loop above ensures that v <= 2^7
 	dest[n] = uint8(v)
 	return n + 1
 }

diff --git a/helpers.go b/helpers.go
@@ -7,7 +7,6 @@ func Bool(v bool) *bool {
 
 // Int returns a pointer to v as an int32 value (for use when assigning pointer fields on Protobuf message types)
 func Int(v int) *int32 {
-	//nolint: gosec // intentionally converting from int to int32
 	p := int32(v)
 	return &p
 }

diff --git a/lazyproto/def.go b/lazyproto/def.go
@@ -88,7 +88,6 @@ func (d Def) validate(path ...int) error {
 		if n > math.MaxInt32 {
 			return fmt.Errorf("invalid field tag (%v) at path %v", k, path)
 		}
-		//nolint: gosec // no overflow given the range check above
 		if !protowire.Number(n).IsValid() {
 			return fmt.Errorf("invalid field tag (%v) at path %v", k, path)
 		}

diff --git a/lazyproto/fielddata.go b/lazyproto/fielddata.go
@@ -124,7 +124,6 @@ func (fd *FieldData) UInt32Value() (uint32, error) {
 		if value > math.MaxUint32 {
 			return 0, csproto.ErrValueOverflow
 		}
-		//nolint: gosec // no overflow given the range check above
 		return uint32(value), nil
 	})
 }
@@ -141,7 +140,6 @@ func (fd *FieldData) UInt32Values() ([]uint32, error) {
 		if value > math.MaxUint32 {
 			return 0, 0, csproto.ErrValueOverflow
 		}
-		//nolint: gosec // no overflow given the range check above
 		return uint32(value), n, nil
 	})
 }
@@ -162,11 +160,9 @@ func (fd *FieldData) Int32Value() (int32, error) {
 			return 0, err
 		}
 		// ensure the result is within [-math.MaxInt32, math.MaxInt32] when converted to a signed value
-		//nolint: gosec // overflow == error
 		if i64 := int64(value); i64 > math.MaxInt32 || i64 < math.MinInt32 {
 			return 0, csproto.ErrValueOverflow
 		}
-		//nolint: gosec // no overflow given the range check above
 		return int32(value), nil
 	})
 }
@@ -190,7 +186,6 @@ func (fd *FieldData) Int32Values() ([]int32, error) {
 		if value > math.MaxUint32 {
 			return 0, 0, csproto.ErrValueOverflow
 		}
-		//nolint: gosec // no overflow given the range check above
 		return int32(value), n, nil
 	})
 }
@@ -274,7 +269,6 @@ func (fd *FieldData) Int64Value() (int64, error) {
 		if err != nil {
 			return 0, err
 		}
-		//nolint: gosec // no overflow, intentionally converting from uint64 to int64
 		return int64(value), nil
 	})
 }
@@ -294,7 +288,6 @@ func (fd *FieldData) Int64Values() ([]int64, error) {
 		if err != nil {
 			return 0, 0, err
 		}
-		//nolint: gosec // no overflow, intentionally converting from uint64 to int64
 		return int64(value), n, nil
 	})
 }

diff --git a/sizeof.go b/sizeof.go
@@ -18,7 +18,6 @@ func SizeOfVarint(v uint64) int {
 
 // SizeOfZigZag returns the number of bytes required to hold the zig zag encoding of v.
 func SizeOfZigZag(v uint64) int {
-	//nolint: gosec // overflow is only theoretical
 	return SizeOfVarint((v << 1) ^ uint64((int64(v) >> 63)))
 }