From 5f3fad6e9c7436be8a1ece540c4ece8e0e53236a Mon Sep 17 00:00:00 2001 From: pschork <354473+pschork@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:17:50 -0800 Subject: [PATCH 1/2] Fix code scanning alert no. 16: Incorrect conversion between integer types Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- disperser/dataapi/server.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/disperser/dataapi/server.go b/disperser/dataapi/server.go index 804ed5fd57..a718ea97ad 100644 --- a/disperser/dataapi/server.go +++ b/disperser/dataapi/server.go @@ -898,18 +898,20 @@ func (s *server) FetchOperatorEjections(c *gin.Context) { operatorId := c.DefaultQuery("operator_id", "") // If not specified, defaults to all operators days := c.DefaultQuery("days", "1") // If not specified, defaults to 1 - daysInt, err := strconv.Atoi(days) - if err != nil { + parsedDays, err := strconv.ParseInt(days, 10, 32) + if err != nil || parsedDays < math.MinInt32 || parsedDays > math.MaxInt32 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'days' parameter"}) return } + daysInt := int32(parsedDays) first := c.DefaultQuery("first", "1000") // If not specified, defaults to 1000 - firstInt, err := strconv.Atoi(first) - if err != nil { + parsedFirst, err := strconv.ParseInt(first, 10, 32) + if err != nil || parsedFirst < 1 || parsedFirst > 10000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'first' parameter"}) return } + firstInt := int32(parsedFirst) if firstInt < 1 || firstInt > 10000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'first' parameter. Value must be between 1..10000"}) @@ -917,11 +919,12 @@ func (s *server) FetchOperatorEjections(c *gin.Context) { } skip := c.DefaultQuery("skip", "0") // If not specified, defaults to 0 - skipInt, err := strconv.Atoi(skip) - if err != nil { + parsedSkip, err := strconv.ParseInt(skip, 10, 32) + if err != nil || parsedSkip < 0 || parsedSkip > 1000000000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'skip' parameter"}) return } + skipInt := int32(parsedSkip) if skipInt < 0 || skipInt > 1000000000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'skip' parameter. Value must be between 0..1000000000"}) From e873d78aecfc5ee30c2fcef96dc6cc1ef1d8a2fc Mon Sep 17 00:00:00 2001 From: Patrick Schork <354473+pschork@users.noreply.github.com> Date: Thu, 7 Nov 2024 11:34:47 -0800 Subject: [PATCH 2/2] Lint --- disperser/dataapi/server.go | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/disperser/dataapi/server.go b/disperser/dataapi/server.go index a718ea97ad..abed52e39b 100644 --- a/disperser/dataapi/server.go +++ b/disperser/dataapi/server.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "math" "math/big" "net/http" "os" @@ -908,28 +909,18 @@ func (s *server) FetchOperatorEjections(c *gin.Context) { first := c.DefaultQuery("first", "1000") // If not specified, defaults to 1000 parsedFirst, err := strconv.ParseInt(first, 10, 32) if err != nil || parsedFirst < 1 || parsedFirst > 10000 { - c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'first' parameter"}) - return - } - firstInt := int32(parsedFirst) - - if firstInt < 1 || firstInt > 10000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'first' parameter. Value must be between 1..10000"}) return } + firstInt := int32(parsedFirst) skip := c.DefaultQuery("skip", "0") // If not specified, defaults to 0 parsedSkip, err := strconv.ParseInt(skip, 10, 32) if err != nil || parsedSkip < 0 || parsedSkip > 1000000000 { - c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'skip' parameter"}) - return - } - skipInt := int32(parsedSkip) - - if skipInt < 0 || skipInt > 1000000000 { c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'skip' parameter. Value must be between 0..1000000000"}) return } + skipInt := int32(parsedSkip) operatorEjections, err := s.getOperatorEjections(c.Request.Context(), int32(daysInt), operatorId, uint(firstInt), uint(skipInt)) if err != nil {