From 53ded4b2db00a9b0de20a44d4c061cf0d812b2ba Mon Sep 17 00:00:00 2001 From: secwall Date: Fri, 5 Apr 2024 13:27:14 +0200 Subject: [PATCH 1/2] Add codeql workflow --- .github/workflows/codeql.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..71124ddf --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,36 @@ +name: CodeQL + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + schedule: + - cron: '30 06 * * 6' + +env: + GO_VERSION: 1.22.1 + +jobs: + analyze: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Check out code into the Go module directory + uses: actions/checkout@v4 + - name: Set up Go 1.x + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: go + build-mode: manual + - name: Build + run: go build -tags netgo,osusergo -o ./cmd/mysync/mysync ./cmd/mysync/... + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:go" From 1268674080263efe5e88f62394a436c1c531fa99 Mon Sep 17 00:00:00 2001 From: secwall Date: Fri, 5 Apr 2024 14:02:57 +0200 Subject: [PATCH 2/2] Check pid bounds when read from pidfile --- internal/mysql/node.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/mysql/node.go b/internal/mysql/node.go index 7f4cea0e..15f913aa 100644 --- a/internal/mysql/node.go +++ b/internal/mysql/node.go @@ -458,7 +458,7 @@ func (n *Node) GetDaemonStartTime() (time.Time, error) { } return time.Time{}, err } - pid, err := strconv.Atoi(strings.TrimSpace(string(pidB))) + pid, err := strconv.ParseInt(strings.TrimSpace(string(pidB)), 10, 32) if err != nil { return time.Time{}, err }