Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-01-01 22:41:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

plugin: fix gosec G115 integer overflow warnings (#7799)

Browse Source 
Fix integer overflow conversion warnings (G115) by adding appropriate
suppressions where values are provably bounded.

Fixes: https://github.com/coredns/coredns/issues/7793

Changes:
- Updated 56 G115 annotations to use consistent // #nosec G115 format
- Added 2 //nolint:gosec suppressions for conditional expressions
- Removed G115 exclusion from golangci.yml (now explicitly handled per-line)

Suppressions justify why each conversion is safe (e.g., port numbers
are bounded 1-65535, DNS TTL limits, pool lengths, etc.)

Signed-off-by: Azeez Syed <syedazeez337@gmail.com>
This commit is contained in:
Syed Azeez
2026-01-01 13:50:29 +05:30
committed by GitHub
parent be934b2b06
commit 7b38eb8625
26 changed files with 58 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugin/dnstap/msg/msg.go
View File

@@ -23,7 +23,7 @@ func SetQueryAddress(t *tap.Message, addr net.Addr) error {
t.SocketProtocol = &protoTCP
t.QueryAddress = a.IP
p := uint32(a.Port)
p := uint32(a.Port) // #nosec G115 -- Port is inherently bounded (1-65535)
t.QueryPort = &p
if a.IP.To4() == nil {
@@ -34,7 +34,7 @@ func SetQueryAddress(t *tap.Message, addr net.Addr) error {
t.SocketProtocol = &protoUDP
t.QueryAddress = a.IP
p := uint32(a.Port)
p := uint32(a.Port) // #nosec G115 -- Port is inherently bounded (1-65535)
t.QueryPort = &p
if a.IP.To4() == nil {
@@ -54,7 +54,7 @@ func SetResponseAddress(t *tap.Message, addr net.Addr) error {
t.SocketProtocol = &protoTCP
t.ResponseAddress = a.IP
p := uint32(a.Port)
p := uint32(a.Port) // #nosec G115 -- Port is inherently bounded (1-65535)
t.ResponsePort = &p
if a.IP.To4() == nil {
@@ -65,7 +65,7 @@ func SetResponseAddress(t *tap.Message, addr net.Addr) error {
t.SocketProtocol = &protoUDP
t.ResponseAddress = a.IP
p := uint32(a.Port)
p := uint32(a.Port) // #nosec G115 -- Port is inherently bounded (1-65535)
t.ResponsePort = &p
if a.IP.To4() == nil {
@@ -79,16 +79,16 @@ func SetResponseAddress(t *tap.Message, addr net.Addr) error {
// SetQueryTime sets the time of the query in t.
func SetQueryTime(t *tap.Message, ti time.Time) {
qts := uint64(ti.Unix())
qtn := uint32(ti.Nanosecond())
qts := uint64(ti.Unix()) // #nosec G115 -- Unix time fits in uint64
qtn := uint32(ti.Nanosecond()) // #nosec G115 -- Nanoseconds (0-999999999) fit in uint32
t.QueryTimeSec = &qts
t.QueryTimeNsec = &qtn
}
// SetResponseTime sets the time of the response in t.
func SetResponseTime(t *tap.Message, ti time.Time) {
rts := uint64(ti.Unix())
rtn := uint32(ti.Nanosecond())
rts := uint64(ti.Unix()) // #nosec G115 -- Unix time fits in uint64
rtn := uint32(ti.Nanosecond()) // #nosec G115 -- Nanoseconds (0-999999999) fit in uint32
t.ResponseTimeSec = &rts
t.ResponseTimeNsec = &rtn
}