From d968382d04ec1aa8610d718c2ce4825e4a1f32c5 Mon Sep 17 00:00:00 2001 From: Luke Bakken Date: Tue, 5 Mar 2024 11:35:24 -0800 Subject: [PATCH] Address CodeQL warning https://github.com/rabbitmq/amqp091-go/security/code-scanning/1 --- .github/workflows/codeql-analysis.yml | 8 +++---- .github/workflows/golangci-lint.yml | 6 ++--- .github/workflows/tests.yml | 8 +++---- connection.go | 32 ++++++++++++++++++++++----- integration_test.go | 2 +- 5 files changed, 39 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e2b7352..48d29e1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,9 +38,9 @@ jobs: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -51,7 +51,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -65,4 +65,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index a510ef7..717de9e 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -14,12 +14,12 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: go-version: 'stable' check-latest: true - - uses: actions/checkout@v3 - - uses: golangci/golangci-lint-action@v3 + - uses: actions/checkout@v4 + - uses: golangci/golangci-lint-action@v4 with: version: latest only-new-issues: false diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 672125b..ef55ec5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,8 +15,8 @@ jobs: matrix: go-version: ['oldstable', 'stable'] steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} check-latest: true @@ -43,8 +43,8 @@ jobs: ports: - 5672:5672 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} check-latest: true diff --git a/connection.go b/connection.go index c8bb820..0f3f6a4 100644 --- a/connection.go +++ b/connection.go @@ -32,7 +32,7 @@ const ( platform = "golang" // Safer default that makes channel leaks a lot easier to spot // before they create operational headaches. See https://github.com/rabbitmq/rabbitmq-server/issues/1593. - defaultChannelMax = (2 << 10) - 1 + defaultChannelMax = uint16((2 << 10) - 1) defaultLocale = "en_US" ) @@ -49,7 +49,7 @@ type Config struct { // bindings on the server. Dial sets this to the path parsed from the URL. Vhost string - ChannelMax int // 0 max channels means 2^16 - 1 + ChannelMax uint16 // 0 max channels means 2^16 - 1 FrameSize int // 0 max bytes means unlimited Heartbeat time.Duration // less than 1s uses the server's interval @@ -991,13 +991,13 @@ func (c *Connection) openTune(config Config, auth Authentication) error { // When the server and client both use default 0, then the max channel is // only limited by uint16. - c.Config.ChannelMax = pick(config.ChannelMax, int(tune.ChannelMax)) + c.Config.ChannelMax = pickUInt16(config.ChannelMax, tune.ChannelMax) if c.Config.ChannelMax == 0 { c.Config.ChannelMax = defaultChannelMax } - c.Config.ChannelMax = min(c.Config.ChannelMax, maxChannelMax) + c.Config.ChannelMax = minUInt16(c.Config.ChannelMax, maxChannelMax) - c.allocator = newAllocator(1, c.Config.ChannelMax) + c.allocator = newAllocator(1, int(c.Config.ChannelMax)) c.m.Unlock() @@ -1104,6 +1104,13 @@ func max(a, b int) int { return b } +func maxUInt16(a, b uint16) uint16 { + if a > b { + return a + } + return b +} + func min(a, b int) int { if a < b { return a @@ -1111,6 +1118,21 @@ func min(a, b int) int { return b } +func minUInt16(a, b uint16) uint16 { + if a < b { + return a + } + return b +} + +func pickUInt16(client, server uint16) uint16 { + if client == 0 || server == 0 { + return maxUInt16(client, server) + } else { + return minUInt16(client, server) + } +} + func pick(client, server int) int { if client == 0 || server == 0 { return max(client, server) diff --git a/integration_test.go b/integration_test.go index 50c6507..b600d59 100644 --- a/integration_test.go +++ b/integration_test.go @@ -478,7 +478,7 @@ func TestIntegrationChannelIDsExhausted(t *testing.T) { } defer c.Close() - for i := 1; i <= c.Config.ChannelMax; i++ { + for i := uint16(1); i <= c.Config.ChannelMax; i++ { if _, err := c.Channel(); err != nil { t.Fatalf("expected allocating all channel ids to succed, failed on %d with %v", i, err) }