From a48cce82b9b235a0e844104a89453eb0bd4d4409 Mon Sep 17 00:00:00 2001 From: Markus Unterwaditzer Date: Wed, 16 Oct 2024 14:13:58 +0200 Subject: [PATCH] [chore] Upgrade golangci-lint, ignore existing int overflow warnings (#3420) * [chore] Bump tooling versions, bump go -> v1.23.0 * undo silly change * sign * bump go version in go.mod * allow overflow in imaging * goreleaser deprecation notices * [chore] Upgrade golangci-lint, ignore existing int overflow warnings There is a new lint for unchecked int casts. Integer overflows are bad, but the old code that triggers this lint seems to be perfectly fine. Instead of disabling the lint entirely for new code as well, grandfather in existing code. * fix golangci-lint documentation link * revert unrelated changes * revert another unrelated change * get rid of remaining nolint:gosec * swagger updates * apply review feedback * fix wrong formatting specifier thing * fix the linter for real --------- Co-authored-by: tobi --- CONTRIBUTING.md | 2 +- docs/api/swagger.yaml | 2 +- internal/api/client/admin/emojicreate.go | 4 +-- internal/api/client/admin/emojiupdate.go | 4 +-- internal/api/model/attachment.go | 2 +- internal/cache/domain/domain.go | 2 +- internal/db/bundb/bundb.go | 6 +++- internal/federation/dereferencing/emoji.go | 12 +++---- internal/federation/dereferencing/media.go | 8 ++--- internal/httpclient/client.go | 4 +-- internal/media/ffmpeg.go | 4 +-- internal/media/imaging.go | 40 +++++++++++----------- internal/media/refetch.go | 7 ++-- internal/media/util.go | 2 +- internal/middleware/logger.go | 2 +- internal/middleware/requestid.go | 2 +- internal/middleware/throttling.go | 6 +++- internal/processing/account/update.go | 10 +++--- internal/processing/admin/emoji.go | 14 ++++---- internal/processing/media/create.go | 5 +-- internal/transport/derefmedia.go | 2 +- internal/typeutils/internaltofrontend.go | 20 +++++------ 22 files changed, 86 insertions(+), 74 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a7a145440..6b52d6b599 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -385,7 +385,7 @@ We use [golangci-lint](https://golangci-lint.run/) for linting, which allows us If you make a PR that doesn't pass the linter, it will be rejected. As such, it's good practice to run the linter locally before pushing or opening a PR. -To do this, first install the linter following the instructions [here](https://golangci-lint.run/usage/install/#local-installation). +To do this, first install the linter following the instructions [here](https://golangci-lint.run/welcome/install/). Then, you can run the linter with: diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml index 1a5dd1fc3f..ee2fb59746 100644 --- a/docs/api/swagger.yaml +++ b/docs/api/swagger.yaml @@ -2114,7 +2114,7 @@ definitions: bitrate: description: Bitrate of the media in bits per second. example: 1000000 - format: int64 + format: uint64 type: integer x-go-name: Bitrate duration: diff --git a/internal/api/client/admin/emojicreate.go b/internal/api/client/admin/emojicreate.go index 75661f1c35..9696200de3 100644 --- a/internal/api/client/admin/emojicreate.go +++ b/internal/api/client/admin/emojicreate.go @@ -145,8 +145,8 @@ func validateCreateEmoji(form *apimodel.EmojiCreateRequest) error { return errors.New("no emoji given") } - maxSize := config.GetMediaEmojiLocalMaxSize() - if form.Image.Size > int64(maxSize) { + maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. + if form.Image.Size > maxSize { return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024) } diff --git a/internal/api/client/admin/emojiupdate.go b/internal/api/client/admin/emojiupdate.go index 37f67cabd4..ec69870244 100644 --- a/internal/api/client/admin/emojiupdate.go +++ b/internal/api/client/admin/emojiupdate.go @@ -208,8 +208,8 @@ func validateUpdateEmoji(form *apimodel.EmojiUpdateRequest) error { } if hasImage { - maxSize := config.GetMediaEmojiLocalMaxSize() - if form.Image.Size > int64(maxSize) { + maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. + if form.Image.Size > maxSize { return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024) } } diff --git a/internal/api/model/attachment.go b/internal/api/model/attachment.go index 21523a58e9..f037a09aaa 100644 --- a/internal/api/model/attachment.go +++ b/internal/api/model/attachment.go @@ -160,7 +160,7 @@ type MediaDimensions struct { Duration float32 `json:"duration,omitempty"` // Bitrate of the media in bits per second. // example: 1000000 - Bitrate int `json:"bitrate,omitempty"` + Bitrate uint64 `json:"bitrate,omitempty"` // Size of the media, in the format `[width]x[height]`. // Not set for audio. // example: 1920x1080 diff --git a/internal/cache/domain/domain.go b/internal/cache/domain/domain.go index 274a244f73..c9a43b1e54 100644 --- a/internal/cache/domain/domain.go +++ b/internal/cache/domain/domain.go @@ -220,7 +220,7 @@ func (n *node) getChild(part string) *node { for i < j { // avoid overflow when computing h - h := int(uint(i+j) >> 1) + h := int(uint(i+j) >> 1) // #nosec G115 // i ≤ h < j if n.child[h].part < part { diff --git a/internal/db/bundb/bundb.go b/internal/db/bundb/bundb.go index b5d3ff0035..d10f372fd7 100644 --- a/internal/db/bundb/bundb.go +++ b/internal/db/bundb/bundb.go @@ -25,6 +25,7 @@ import ( "encoding/pem" "errors" "fmt" + "math" "net/url" "os" "runtime" @@ -489,7 +490,10 @@ func deriveBunDBPGOptions() (*pgx.ConnConfig, error) { cfg.Host = address } if port := config.GetDbPort(); port > 0 { - cfg.Port = uint16(port) + if port > math.MaxUint16 { + return nil, errors.New("invalid port, must be in range 1-65535") + } + cfg.Port = uint16(port) // #nosec G115 -- Just validated above. } if u := config.GetDbUser(); u != "" { cfg.User = u diff --git a/internal/federation/dereferencing/emoji.go b/internal/federation/dereferencing/emoji.go index 12c6485566..1ac27f2b2c 100644 --- a/internal/federation/dereferencing/emoji.go +++ b/internal/federation/dereferencing/emoji.go @@ -97,11 +97,11 @@ func (d *Dereferencer) GetEmoji( } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Create new emoji with prepared info. @@ -189,11 +189,11 @@ func (d *Dereferencer) RefreshEmoji( } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Update emoji with prepared info. @@ -255,11 +255,11 @@ func (d *Dereferencer) RecacheEmoji( } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Recache emoji with prepared info. diff --git a/internal/federation/dereferencing/media.go b/internal/federation/dereferencing/media.go index 859e5603fb..3bed4b198d 100644 --- a/internal/federation/dereferencing/media.go +++ b/internal/federation/dereferencing/media.go @@ -77,14 +77,14 @@ func (d *Dereferencer) GetMedia( } // Get maximum supported remote media size. - maxsz := config.GetMediaRemoteMaxSize() + maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. // Create media with prepared info. return d.mediaManager.CreateMedia( ctx, accountID, func(ctx context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) }, info, ) @@ -168,14 +168,14 @@ func (d *Dereferencer) RefreshMedia( } // Get maximum supported remote media size. - maxsz := config.GetMediaRemoteMaxSize() + maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. // Recache media with prepared info, // this will also update media in db. return d.mediaManager.CacheMedia( attach, func(ctx context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) }, ), nil }, diff --git a/internal/httpclient/client.go b/internal/httpclient/client.go index 8a5f51c218..10fba5d42e 100644 --- a/internal/httpclient/client.go +++ b/internal/httpclient/client.go @@ -340,14 +340,14 @@ func (c *Client) do(r *Request) (rsp *http.Response, retry bool, err error) { if u, _ := strconv.ParseUint(after, 10, 32); u != 0 { // An integer no. of backoff seconds was provided. - r.backoff = time.Duration(u) * time.Second + r.backoff = time.Duration(u) * time.Second // #nosec G115 -- We clamp backoff below. } else if at, _ := http.ParseTime(after); !at.Before(now) { // An HTTP formatted future date-time was provided. r.backoff = at.Sub(now) } // Don't let their provided backoff exceed our max. - if max := baseBackoff * time.Duration(c.retries); // + if max := baseBackoff * time.Duration(c.retries); // #nosec G115 -- We control c.retries. r.backoff > max { r.backoff = max } diff --git a/internal/media/ffmpeg.go b/internal/media/ffmpeg.go index 4baa3dbe54..f1c277934e 100644 --- a/internal/media/ffmpeg.go +++ b/internal/media/ffmpeg.go @@ -556,10 +556,10 @@ func (res *ffprobeResult) Process() (*result, error) { if p := strings.SplitN(str, "/", 2); len(p) == 2 { n, _ := strconv.ParseUint(p[0], 10, 32) d, _ := strconv.ParseUint(p[1], 10, 32) - num, den = uint32(n), uint32(d) + num, den = uint32(n), uint32(d) // #nosec G115 -- ParseUint is configured to check } else { n, _ := strconv.ParseUint(p[0], 10, 32) - num = uint32(n) + num = uint32(n) // #nosec G115 -- ParseUint is configured to check } // Set final divised framerate. diff --git a/internal/media/imaging.go b/internal/media/imaging.go index a9f73a0661..6a0fa694cd 100644 --- a/internal/media/imaging.go +++ b/internal/media/imaging.go @@ -399,9 +399,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { g16 := uint16(s[1]) b16 := uint16(s[2]) a16 := uint16(a) - d[0] = uint8(r16 * 0xff / a16) - d[1] = uint8(g16 * 0xff / a16) - d[2] = uint8(b16 * 0xff / a16) + d[0] = uint8(r16 * 0xff / a16) // #nosec G115 -- Overflow desired. + d[1] = uint8(g16 * 0xff / a16) // #nosec G115 -- Overflow desired. + d[2] = uint8(b16 * 0xff / a16) // #nosec G115 -- Overflow desired. d[3] = a } j += 4 @@ -431,9 +431,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { g32 := uint32(s[2])<<8 | uint32(s[3]) b32 := uint32(s[4])<<8 | uint32(s[5]) a32 := uint32(s[6])<<8 | uint32(s[7]) - d[0] = uint8((r32 * 0xffff / a32) >> 8) - d[1] = uint8((g32 * 0xffff / a32) >> 8) - d[2] = uint8((b32 * 0xffff / a32) >> 8) + d[0] = uint8((r32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8((g32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8((b32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. } d[3] = a j += 4 @@ -509,30 +509,30 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { cr1 := int32(img.Cr[ic]) - 128 r := yy1 + 91881*cr1 - if uint32(r)&0xff000000 == 0 { + if uint32(r)&0xff000000 == 0 { //nolint:gosec r >>= 16 } else { r = ^(r >> 31) } g := yy1 - 22554*cb1 - 46802*cr1 - if uint32(g)&0xff000000 == 0 { + if uint32(g)&0xff000000 == 0 { //nolint:gosec g >>= 16 } else { g = ^(g >> 31) } b := yy1 + 116130*cb1 - if uint32(b)&0xff000000 == 0 { + if uint32(b)&0xff000000 == 0 { //nolint:gosec b >>= 16 } else { b = ^(b >> 31) } d := dst[j : j+4 : j+4] - d[0] = uint8(r) - d[1] = uint8(g) - d[2] = uint8(b) + d[0] = uint8(r) // #nosec G115 -- Overflow desired. + d[1] = uint8(g) // #nosec G115 -- Overflow desired. + d[2] = uint8(b) // #nosec G115 -- Overflow desired. d[3] = 0xff iy++ @@ -569,9 +569,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { d := dst[j : j+4 : j+4] switch a16 { case 0xffff: - d[0] = uint8(r16 >> 8) - d[1] = uint8(g16 >> 8) - d[2] = uint8(b16 >> 8) + d[0] = uint8(r16 >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8(g16 >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8(b16 >> 8) // #nosec G115 -- Overflow desired. d[3] = 0xff case 0: d[0] = 0 @@ -579,10 +579,10 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { d[2] = 0 d[3] = 0 default: - d[0] = uint8(((r16 * 0xffff) / a16) >> 8) - d[1] = uint8(((g16 * 0xffff) / a16) >> 8) - d[2] = uint8(((b16 * 0xffff) / a16) >> 8) - d[3] = uint8(a16 >> 8) + d[0] = uint8(((r16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8(((g16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8(((b16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[3] = uint8(a16 >> 8) // #nosec G115 -- Overflow desired. } j += 4 } @@ -617,7 +617,7 @@ func clampFloat(x float64) uint8 { return 255 } if v > 0 { - return uint8(v) + return uint8(v) // #nosec G115 -- Just checked. } return 0 } diff --git a/internal/media/refetch.go b/internal/media/refetch.go index 5531f6d972..c467333c98 100644 --- a/internal/media/refetch.go +++ b/internal/media/refetch.go @@ -49,9 +49,6 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM refetchIDs []string ) - // Get max supported remote emoji media size. - maxsz := config.GetMediaEmojiRemoteMaxSize() - // page through emojis 20 at a time, looking for those with missing images for { // Fetch next block of emojis from database @@ -111,8 +108,10 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM continue } + // Get max supported remote emoji media size. + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. dataFunc := func(ctx context.Context) (reader io.ReadCloser, err error) { - return dereferenceMedia(ctx, emojiImageIRI, int64(maxsz)) + return dereferenceMedia(ctx, emojiImageIRI, maxsz) } processingEmoji, err := m.UpdateEmoji(ctx, emoji, dataFunc, AdditionalEmojiInfo{ diff --git a/internal/media/util.go b/internal/media/util.go index 538d6f572d..f6bf062604 100644 --- a/internal/media/util.go +++ b/internal/media/util.go @@ -145,7 +145,7 @@ func drainToTmp(rc io.ReadCloser) (string, error) { // Check to see if limit was reached, // (produces more useful error messages). if lr != nil && lr.N <= 0 { - err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) + err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) // #nosec G115 -- Just logging return path, gtserror.SetLimitReached(err) } diff --git a/internal/middleware/logger.go b/internal/middleware/logger.go index 097c73cbdb..da5be9dfaa 100644 --- a/internal/middleware/logger.go +++ b/internal/middleware/logger.go @@ -123,7 +123,7 @@ func Logger(logClientIP bool) gin.HandlerFunc { } // Generate a nicer looking bytecount - size := bytesize.Size(c.Writer.Size()) + size := bytesize.Size(c.Writer.Size()) // #nosec G115 -- Just logging // Finally, write log entry with status text + body size. l.Logf(lvl, "%s: wrote %s", statusText, size) diff --git a/internal/middleware/requestid.go b/internal/middleware/requestid.go index 00b1ff2999..7d98787a7e 100644 --- a/internal/middleware/requestid.go +++ b/internal/middleware/requestid.go @@ -48,7 +48,7 @@ func NewRequestID() string { b := make([]byte, 12) // Get current time in milliseconds. - ms := uint64(time.Now().UnixMilli()) + ms := uint64(time.Now().UnixMilli()) // #nosec G115 -- Pre-1970 clock? // Store binary time data in byte buffer. binary.LittleEndian.PutUint64(b[0:8], ms) diff --git a/internal/middleware/throttling.go b/internal/middleware/throttling.go index 33f46f1752..739189b792 100644 --- a/internal/middleware/throttling.go +++ b/internal/middleware/throttling.go @@ -82,12 +82,16 @@ func Throttle(cpuMultiplier int, retryAfter time.Duration) gin.HandlerFunc { return func(c *gin.Context) {} } + if retryAfter < 0 { + retryAfter = 0 + } + var ( limit = runtime.GOMAXPROCS(0) * cpuMultiplier queueLimit = limit * cpuMultiplier tokens = make(chan token, limit) requestCount = atomic.Int64{} - retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) + retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) // #nosec G115 -- Checked right above ) // prefill token channel diff --git a/internal/processing/account/update.go b/internal/processing/account/update.go index 58e52a9924..2bdbf96f41 100644 --- a/internal/processing/account/update.go +++ b/internal/processing/account/update.go @@ -463,9 +463,10 @@ func (p *Processor) UpdateAvatar( ) { // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if avatar.Size > int64(maxsz) { + if avatar.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -478,7 +479,7 @@ func (p *Processor) UpdateAvatar( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Write to instance storage. return p.c.StoreLocalMedia(ctx, @@ -508,9 +509,10 @@ func (p *Processor) UpdateHeader( ) { // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if header.Size > int64(maxsz) { + if header.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -523,7 +525,7 @@ func (p *Processor) UpdateHeader( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Write to instance storage. return p.c.StoreLocalMedia(ctx, diff --git a/internal/processing/admin/emoji.go b/internal/processing/admin/emoji.go index 70e196b951..5a7da445ee 100644 --- a/internal/processing/admin/emoji.go +++ b/internal/processing/admin/emoji.go @@ -25,7 +25,6 @@ import ( "mime/multipart" "strings" - "codeberg.org/gruf/go-bytesize" "codeberg.org/gruf/go-iotools" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/config" @@ -46,9 +45,10 @@ func (p *Processor) EmojiCreate( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if form.Image.Size > int64(maxsz) { + if form.Image.Size > maxszInt64 { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -61,7 +61,7 @@ func (p *Processor) EmojiCreate( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) data := func(context.Context) (io.ReadCloser, error) { return rc, nil } @@ -301,9 +301,10 @@ func (p *Processor) emojiUpdateCopy( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt := int(maxsz) // #nosec G115 -- Already validated. // Ensure target emoji image within size bounds. - if bytesize.Size(target.ImageFileSize) > maxsz { + if target.ImageFileSize > maxszInt { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -442,9 +443,10 @@ func (p *Processor) emojiUpdateModify( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if image.Size > int64(maxsz) { + if image.Size > maxszInt64 { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -457,7 +459,7 @@ func (p *Processor) emojiUpdateModify( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) // #nosec G115 -- Already validated. data := func(context.Context) (io.ReadCloser, error) { return rc, nil } diff --git a/internal/processing/media/create.go b/internal/processing/media/create.go index b3a7d60529..ca1f1c3c6c 100644 --- a/internal/processing/media/create.go +++ b/internal/processing/media/create.go @@ -36,9 +36,10 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if form.File.Size > int64(maxsz) { + if form.File.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -58,7 +59,7 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Create local media and write to instance storage. attachment, errWithCode := p.c.StoreLocalMedia(ctx, diff --git a/internal/transport/derefmedia.go b/internal/transport/derefmedia.go index 873032f397..3a05fcbd68 100644 --- a/internal/transport/derefmedia.go +++ b/internal/transport/derefmedia.go @@ -53,7 +53,7 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL, maxsz in // Check media within size limit. if rsp.ContentLength > maxsz { _ = rsp.Body.Close() // close early. - sz := bytesize.Size(maxsz) // nicer log format + sz := bytesize.Size(maxsz) //nolint:gosec return nil, gtserror.Newf("media body exceeds max size %s", sz) } diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go index 3b94687dca..1e20455c34 100644 --- a/internal/typeutils/internaltofrontend.go +++ b/internal/typeutils/internaltofrontend.go @@ -647,7 +647,7 @@ func (c *Converter) AttachmentToAPIAttachment(ctx context.Context, media *gtsmod Size: toAPISize(media.FileMeta.Original.Width, media.FileMeta.Original.Height), FrameRate: toAPIFrameRate(media.FileMeta.Original.Framerate), Duration: util.PtrOrZero(media.FileMeta.Original.Duration), - Bitrate: int(util.PtrOrZero(media.FileMeta.Original.Bitrate)), + Bitrate: util.PtrOrZero(media.FileMeta.Original.Bitrate), } // Copy over local file URL. @@ -1529,9 +1529,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins Version: config.GetSoftwareVersion(), Languages: config.GetInstanceLanguages().TagStrs(), Registrations: config.GetAccountsRegistrationOpen(), - ApprovalRequired: true, // approval always required - InvitesEnabled: false, // todo: not supported yet - MaxTootChars: uint(config.GetStatusesMaxChars()), + ApprovalRequired: true, // approval always required + InvitesEnabled: false, // todo: not supported yet + MaxTootChars: uint(config.GetStatusesMaxChars()), // #nosec G115 -- Already validated. Rules: c.InstanceRulesToAPIRules(i.Rules), Terms: i.Terms, TermsRaw: i.TermsText, @@ -1551,9 +1551,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes - instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit - instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions() @@ -1563,7 +1563,7 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS() instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields - instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) + instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.OIDCEnabled = config.GetOIDCEnabled() // URLs @@ -1695,9 +1695,9 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes - instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit - instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions() @@ -1707,7 +1707,7 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS() instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields - instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) + instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.OIDCEnabled = config.GetOIDCEnabled() // registrations