fix(filters): int conversion without check #4482
Conversation
This silences some CodeQL "Incorrect conversion between integer types" warnings.
| @@ -70,11 +71,16 @@ func attachSuspiciousSyscallSourceProbes(t *Tracee, eventParams []map[string]fil | |||
| if err != nil { | |||
| return err | |||
| } | |||
| if !events.Core.IsDefined(events.ID(syscallID)) { | |||
| if syscallID < 0 || syscallID > math.MaxInt32 { | |||
There was a problem hiding this comment.
Shouldn't this kind of check be resolved inside the IsDefined method? Is this the particular code which fixes the CodeQL issue?
There was a problem hiding this comment.
Shouldn't this kind of check be resolved inside the IsDefined method?
IsDefined only checks for the existence of a events.ID value, it's agnostic to the origin of that value, so I believe it's sane to check it right after the Atoi conversion, since we're truncating the output (int - 64) to events.ID (int32).
Is this the particular code which fixes the CodeQL issue?
Yep. It's an attempt. Let's see if the issue is closed automagically after this change.
There was a problem hiding this comment.
BTW, I would like to ask you if these conversions https://github.com/aquasecurity/tracee/security/code-scanning/2 are ok. I mean, if they are the full size of those values, why the API providing them uses int (or other larger types) instead?
There was a problem hiding this comment.
Related:
If there's difference of size between cgroup HID versions, the API should be explicit and provide appropriate getters.
Close: #4481
1. Explain what the PR does
4bef591 fix(filters): int conversion without check
2. Explain how to test it
3. Other comments