From a48cce82b9b235a0e844104a89453eb0bd4d4409 Mon Sep 17 00:00:00 2001 From: Markus Unterwaditzer Date: Wed, 16 Oct 2024 14:13:58 +0200 Subject: [PATCH] [chore] Upgrade golangci-lint, ignore existing int overflow warnings (#3420) * [chore] Bump tooling versions, bump go -> v1.23.0 * undo silly change * sign * bump go version in go.mod * allow overflow in imaging * goreleaser deprecation notices * [chore] Upgrade golangci-lint, ignore existing int overflow warnings There is a new lint for unchecked int casts. Integer overflows are bad, but the old code that triggers this lint seems to be perfectly fine. Instead of disabling the lint entirely for new code as well, grandfather in existing code. * fix golangci-lint documentation link * revert unrelated changes * revert another unrelated change * get rid of remaining nolint:gosec * swagger updates * apply review feedback * fix wrong formatting specifier thing * fix the linter for real --------- Co-authored-by: tobi --- CONTRIBUTING.md | 2 +- docs/api/swagger.yaml | 2 +- internal/api/client/admin/emojicreate.go | 4 +-- internal/api/client/admin/emojiupdate.go | 4 +-- internal/api/model/attachment.go | 2 +- internal/cache/domain/domain.go | 2 +- internal/db/bundb/bundb.go | 6 +++- internal/federation/dereferencing/emoji.go | 12 +++---- internal/federation/dereferencing/media.go | 8 ++--- internal/httpclient/client.go | 4 +-- internal/media/ffmpeg.go | 4 +-- internal/media/imaging.go | 40 +++++++++++----------- internal/media/refetch.go | 7 ++-- internal/media/util.go | 2 +- internal/middleware/logger.go | 2 +- internal/middleware/requestid.go | 2 +- internal/middleware/throttling.go | 6 +++- internal/processing/account/update.go | 10 +++--- internal/processing/admin/emoji.go | 14 ++++---- internal/processing/media/create.go | 5 +-- internal/transport/derefmedia.go | 2 +- internal/typeutils/internaltofrontend.go | 20 +++++------ 22 files changed, 86 insertions(+), 74 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a7a14544..6b52d6b59 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -385,7 +385,7 @@ We use [golangci-lint](https://golangci-lint.run/) for linting, which allows us If you make a PR that doesn't pass the linter, it will be rejected. As such, it's good practice to run the linter locally before pushing or opening a PR. -To do this, first install the linter following the instructions [here](https://golangci-lint.run/usage/install/#local-installation). +To do this, first install the linter following the instructions [here](https://golangci-lint.run/welcome/install/). Then, you can run the linter with: diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml index 1a5dd1fc3..ee2fb5974 100644 --- a/docs/api/swagger.yaml +++ b/docs/api/swagger.yaml @@ -2114,7 +2114,7 @@ definitions: bitrate: description: Bitrate of the media in bits per second. example: 1000000 - format: int64 + format: uint64 type: integer x-go-name: Bitrate duration: diff --git a/internal/api/client/admin/emojicreate.go b/internal/api/client/admin/emojicreate.go index 75661f1c3..9696200de 100644 --- a/internal/api/client/admin/emojicreate.go +++ b/internal/api/client/admin/emojicreate.go @@ -145,8 +145,8 @@ func validateCreateEmoji(form *apimodel.EmojiCreateRequest) error { return errors.New("no emoji given") } - maxSize := config.GetMediaEmojiLocalMaxSize() - if form.Image.Size > int64(maxSize) { + maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. + if form.Image.Size > maxSize { return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024) } diff --git a/internal/api/client/admin/emojiupdate.go b/internal/api/client/admin/emojiupdate.go index 37f67cabd..ec6987024 100644 --- a/internal/api/client/admin/emojiupdate.go +++ b/internal/api/client/admin/emojiupdate.go @@ -208,8 +208,8 @@ func validateUpdateEmoji(form *apimodel.EmojiUpdateRequest) error { } if hasImage { - maxSize := config.GetMediaEmojiLocalMaxSize() - if form.Image.Size > int64(maxSize) { + maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. + if form.Image.Size > maxSize { return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024) } } diff --git a/internal/api/model/attachment.go b/internal/api/model/attachment.go index 21523a58e..f037a09aa 100644 --- a/internal/api/model/attachment.go +++ b/internal/api/model/attachment.go @@ -160,7 +160,7 @@ type MediaDimensions struct { Duration float32 `json:"duration,omitempty"` // Bitrate of the media in bits per second. // example: 1000000 - Bitrate int `json:"bitrate,omitempty"` + Bitrate uint64 `json:"bitrate,omitempty"` // Size of the media, in the format `[width]x[height]`. // Not set for audio. // example: 1920x1080 diff --git a/internal/cache/domain/domain.go b/internal/cache/domain/domain.go index 274a244f7..c9a43b1e5 100644 --- a/internal/cache/domain/domain.go +++ b/internal/cache/domain/domain.go @@ -220,7 +220,7 @@ func (n *node) getChild(part string) *node { for i < j { // avoid overflow when computing h - h := int(uint(i+j) >> 1) + h := int(uint(i+j) >> 1) // #nosec G115 // i ≤ h < j if n.child[h].part < part { diff --git a/internal/db/bundb/bundb.go b/internal/db/bundb/bundb.go index b5d3ff003..d10f372fd 100644 --- a/internal/db/bundb/bundb.go +++ b/internal/db/bundb/bundb.go @@ -25,6 +25,7 @@ "encoding/pem" "errors" "fmt" + "math" "net/url" "os" "runtime" @@ -489,7 +490,10 @@ func deriveBunDBPGOptions() (*pgx.ConnConfig, error) { cfg.Host = address } if port := config.GetDbPort(); port > 0 { - cfg.Port = uint16(port) + if port > math.MaxUint16 { + return nil, errors.New("invalid port, must be in range 1-65535") + } + cfg.Port = uint16(port) // #nosec G115 -- Just validated above. } if u := config.GetDbUser(); u != "" { cfg.User = u diff --git a/internal/federation/dereferencing/emoji.go b/internal/federation/dereferencing/emoji.go index 12c648556..1ac27f2b2 100644 --- a/internal/federation/dereferencing/emoji.go +++ b/internal/federation/dereferencing/emoji.go @@ -97,11 +97,11 @@ func() (*media.ProcessingEmoji, error) { } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Create new emoji with prepared info. @@ -189,11 +189,11 @@ func() (*media.ProcessingEmoji, error) { } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Update emoji with prepared info. @@ -255,11 +255,11 @@ func() (*media.ProcessingEmoji, error) { } // Get maximum supported remote emoji size. - maxsz := config.GetMediaEmojiRemoteMaxSize() + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. // Prepare data function to dereference remote emoji media. data := func(context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) } // Recache emoji with prepared info. diff --git a/internal/federation/dereferencing/media.go b/internal/federation/dereferencing/media.go index 859e5603f..3bed4b198 100644 --- a/internal/federation/dereferencing/media.go +++ b/internal/federation/dereferencing/media.go @@ -77,14 +77,14 @@ func() (*media.ProcessingMedia, error) { } // Get maximum supported remote media size. - maxsz := config.GetMediaRemoteMaxSize() + maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. // Create media with prepared info. return d.mediaManager.CreateMedia( ctx, accountID, func(ctx context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) }, info, ) @@ -168,14 +168,14 @@ func() (*media.ProcessingMedia, error) { } // Get maximum supported remote media size. - maxsz := config.GetMediaRemoteMaxSize() + maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. // Recache media with prepared info, // this will also update media in db. return d.mediaManager.CacheMedia( attach, func(ctx context.Context) (io.ReadCloser, error) { - return tsport.DereferenceMedia(ctx, url, int64(maxsz)) + return tsport.DereferenceMedia(ctx, url, maxsz) }, ), nil }, diff --git a/internal/httpclient/client.go b/internal/httpclient/client.go index 8a5f51c21..10fba5d42 100644 --- a/internal/httpclient/client.go +++ b/internal/httpclient/client.go @@ -340,14 +340,14 @@ func (c *Client) do(r *Request) (rsp *http.Response, retry bool, err error) { if u, _ := strconv.ParseUint(after, 10, 32); u != 0 { // An integer no. of backoff seconds was provided. - r.backoff = time.Duration(u) * time.Second + r.backoff = time.Duration(u) * time.Second // #nosec G115 -- We clamp backoff below. } else if at, _ := http.ParseTime(after); !at.Before(now) { // An HTTP formatted future date-time was provided. r.backoff = at.Sub(now) } // Don't let their provided backoff exceed our max. - if max := baseBackoff * time.Duration(c.retries); // + if max := baseBackoff * time.Duration(c.retries); // #nosec G115 -- We control c.retries. r.backoff > max { r.backoff = max } diff --git a/internal/media/ffmpeg.go b/internal/media/ffmpeg.go index 4baa3dbe5..f1c277934 100644 --- a/internal/media/ffmpeg.go +++ b/internal/media/ffmpeg.go @@ -556,10 +556,10 @@ func (res *ffprobeResult) Process() (*result, error) { if p := strings.SplitN(str, "/", 2); len(p) == 2 { n, _ := strconv.ParseUint(p[0], 10, 32) d, _ := strconv.ParseUint(p[1], 10, 32) - num, den = uint32(n), uint32(d) + num, den = uint32(n), uint32(d) // #nosec G115 -- ParseUint is configured to check } else { n, _ := strconv.ParseUint(p[0], 10, 32) - num = uint32(n) + num = uint32(n) // #nosec G115 -- ParseUint is configured to check } // Set final divised framerate. diff --git a/internal/media/imaging.go b/internal/media/imaging.go index a9f73a066..6a0fa694c 100644 --- a/internal/media/imaging.go +++ b/internal/media/imaging.go @@ -399,9 +399,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { g16 := uint16(s[1]) b16 := uint16(s[2]) a16 := uint16(a) - d[0] = uint8(r16 * 0xff / a16) - d[1] = uint8(g16 * 0xff / a16) - d[2] = uint8(b16 * 0xff / a16) + d[0] = uint8(r16 * 0xff / a16) // #nosec G115 -- Overflow desired. + d[1] = uint8(g16 * 0xff / a16) // #nosec G115 -- Overflow desired. + d[2] = uint8(b16 * 0xff / a16) // #nosec G115 -- Overflow desired. d[3] = a } j += 4 @@ -431,9 +431,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { g32 := uint32(s[2])<<8 | uint32(s[3]) b32 := uint32(s[4])<<8 | uint32(s[5]) a32 := uint32(s[6])<<8 | uint32(s[7]) - d[0] = uint8((r32 * 0xffff / a32) >> 8) - d[1] = uint8((g32 * 0xffff / a32) >> 8) - d[2] = uint8((b32 * 0xffff / a32) >> 8) + d[0] = uint8((r32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8((g32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8((b32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired. } d[3] = a j += 4 @@ -509,30 +509,30 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { cr1 := int32(img.Cr[ic]) - 128 r := yy1 + 91881*cr1 - if uint32(r)&0xff000000 == 0 { + if uint32(r)&0xff000000 == 0 { //nolint:gosec r >>= 16 } else { r = ^(r >> 31) } g := yy1 - 22554*cb1 - 46802*cr1 - if uint32(g)&0xff000000 == 0 { + if uint32(g)&0xff000000 == 0 { //nolint:gosec g >>= 16 } else { g = ^(g >> 31) } b := yy1 + 116130*cb1 - if uint32(b)&0xff000000 == 0 { + if uint32(b)&0xff000000 == 0 { //nolint:gosec b >>= 16 } else { b = ^(b >> 31) } d := dst[j : j+4 : j+4] - d[0] = uint8(r) - d[1] = uint8(g) - d[2] = uint8(b) + d[0] = uint8(r) // #nosec G115 -- Overflow desired. + d[1] = uint8(g) // #nosec G115 -- Overflow desired. + d[2] = uint8(b) // #nosec G115 -- Overflow desired. d[3] = 0xff iy++ @@ -569,9 +569,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { d := dst[j : j+4 : j+4] switch a16 { case 0xffff: - d[0] = uint8(r16 >> 8) - d[1] = uint8(g16 >> 8) - d[2] = uint8(b16 >> 8) + d[0] = uint8(r16 >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8(g16 >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8(b16 >> 8) // #nosec G115 -- Overflow desired. d[3] = 0xff case 0: d[0] = 0 @@ -579,10 +579,10 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) { d[2] = 0 d[3] = 0 default: - d[0] = uint8(((r16 * 0xffff) / a16) >> 8) - d[1] = uint8(((g16 * 0xffff) / a16) >> 8) - d[2] = uint8(((b16 * 0xffff) / a16) >> 8) - d[3] = uint8(a16 >> 8) + d[0] = uint8(((r16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[1] = uint8(((g16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[2] = uint8(((b16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired. + d[3] = uint8(a16 >> 8) // #nosec G115 -- Overflow desired. } j += 4 } @@ -617,7 +617,7 @@ func clampFloat(x float64) uint8 { return 255 } if v > 0 { - return uint8(v) + return uint8(v) // #nosec G115 -- Just checked. } return 0 } diff --git a/internal/media/refetch.go b/internal/media/refetch.go index 5531f6d97..c467333c9 100644 --- a/internal/media/refetch.go +++ b/internal/media/refetch.go @@ -49,9 +49,6 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM refetchIDs []string ) - // Get max supported remote emoji media size. - maxsz := config.GetMediaEmojiRemoteMaxSize() - // page through emojis 20 at a time, looking for those with missing images for { // Fetch next block of emojis from database @@ -111,8 +108,10 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM continue } + // Get max supported remote emoji media size. + maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated. dataFunc := func(ctx context.Context) (reader io.ReadCloser, err error) { - return dereferenceMedia(ctx, emojiImageIRI, int64(maxsz)) + return dereferenceMedia(ctx, emojiImageIRI, maxsz) } processingEmoji, err := m.UpdateEmoji(ctx, emoji, dataFunc, AdditionalEmojiInfo{ diff --git a/internal/media/util.go b/internal/media/util.go index 538d6f572..f6bf06260 100644 --- a/internal/media/util.go +++ b/internal/media/util.go @@ -145,7 +145,7 @@ func drainToTmp(rc io.ReadCloser) (string, error) { // Check to see if limit was reached, // (produces more useful error messages). if lr != nil && lr.N <= 0 { - err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) + err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) // #nosec G115 -- Just logging return path, gtserror.SetLimitReached(err) } diff --git a/internal/middleware/logger.go b/internal/middleware/logger.go index 097c73cbd..da5be9dfa 100644 --- a/internal/middleware/logger.go +++ b/internal/middleware/logger.go @@ -123,7 +123,7 @@ func Logger(logClientIP bool) gin.HandlerFunc { } // Generate a nicer looking bytecount - size := bytesize.Size(c.Writer.Size()) + size := bytesize.Size(c.Writer.Size()) // #nosec G115 -- Just logging // Finally, write log entry with status text + body size. l.Logf(lvl, "%s: wrote %s", statusText, size) diff --git a/internal/middleware/requestid.go b/internal/middleware/requestid.go index 00b1ff299..7d98787a7 100644 --- a/internal/middleware/requestid.go +++ b/internal/middleware/requestid.go @@ -48,7 +48,7 @@ func NewRequestID() string { b := make([]byte, 12) // Get current time in milliseconds. - ms := uint64(time.Now().UnixMilli()) + ms := uint64(time.Now().UnixMilli()) // #nosec G115 -- Pre-1970 clock? // Store binary time data in byte buffer. binary.LittleEndian.PutUint64(b[0:8], ms) diff --git a/internal/middleware/throttling.go b/internal/middleware/throttling.go index 33f46f175..739189b79 100644 --- a/internal/middleware/throttling.go +++ b/internal/middleware/throttling.go @@ -82,12 +82,16 @@ func Throttle(cpuMultiplier int, retryAfter time.Duration) gin.HandlerFunc { return func(c *gin.Context) {} } + if retryAfter < 0 { + retryAfter = 0 + } + var ( limit = runtime.GOMAXPROCS(0) * cpuMultiplier queueLimit = limit * cpuMultiplier tokens = make(chan token, limit) requestCount = atomic.Int64{} - retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) + retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) // #nosec G115 -- Checked right above ) // prefill token channel diff --git a/internal/processing/account/update.go b/internal/processing/account/update.go index 58e52a992..2bdbf96f4 100644 --- a/internal/processing/account/update.go +++ b/internal/processing/account/update.go @@ -463,9 +463,10 @@ func (p *Processor) UpdateAvatar( ) { // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if avatar.Size > int64(maxsz) { + if avatar.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -478,7 +479,7 @@ func (p *Processor) UpdateAvatar( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Write to instance storage. return p.c.StoreLocalMedia(ctx, @@ -508,9 +509,10 @@ func (p *Processor) UpdateHeader( ) { // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if header.Size > int64(maxsz) { + if header.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -523,7 +525,7 @@ func (p *Processor) UpdateHeader( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Write to instance storage. return p.c.StoreLocalMedia(ctx, diff --git a/internal/processing/admin/emoji.go b/internal/processing/admin/emoji.go index 70e196b95..5a7da445e 100644 --- a/internal/processing/admin/emoji.go +++ b/internal/processing/admin/emoji.go @@ -25,7 +25,6 @@ "mime/multipart" "strings" - "codeberg.org/gruf/go-bytesize" "codeberg.org/gruf/go-iotools" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/config" @@ -46,9 +45,10 @@ func (p *Processor) EmojiCreate( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if form.Image.Size > int64(maxsz) { + if form.Image.Size > maxszInt64 { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -61,7 +61,7 @@ func (p *Processor) EmojiCreate( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) data := func(context.Context) (io.ReadCloser, error) { return rc, nil } @@ -301,9 +301,10 @@ func (p *Processor) emojiUpdateCopy( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt := int(maxsz) // #nosec G115 -- Already validated. // Ensure target emoji image within size bounds. - if bytesize.Size(target.ImageFileSize) > maxsz { + if target.ImageFileSize > maxszInt { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -442,9 +443,10 @@ func (p *Processor) emojiUpdateModify( // Get maximum supported local emoji size. maxsz := config.GetMediaEmojiLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if image.Size > int64(maxsz) { + if image.Size > maxszInt64 { text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -457,7 +459,7 @@ func (p *Processor) emojiUpdateModify( } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) // #nosec G115 -- Already validated. data := func(context.Context) (io.ReadCloser, error) { return rc, nil } diff --git a/internal/processing/media/create.go b/internal/processing/media/create.go index b3a7d6052..ca1f1c3c6 100644 --- a/internal/processing/media/create.go +++ b/internal/processing/media/create.go @@ -36,9 +36,10 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form // Get maximum supported local media size. maxsz := config.GetMediaLocalMaxSize() + maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated. // Ensure media within size bounds. - if form.File.Size > int64(maxsz) { + if form.File.Size > maxszInt64 { text := fmt.Sprintf("media exceeds configured max size: %s", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } @@ -58,7 +59,7 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form } // Wrap the multipart file reader to ensure is limited to max. - rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) + rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64) // Create local media and write to instance storage. attachment, errWithCode := p.c.StoreLocalMedia(ctx, diff --git a/internal/transport/derefmedia.go b/internal/transport/derefmedia.go index 873032f39..3a05fcbd6 100644 --- a/internal/transport/derefmedia.go +++ b/internal/transport/derefmedia.go @@ -53,7 +53,7 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL, maxsz in // Check media within size limit. if rsp.ContentLength > maxsz { _ = rsp.Body.Close() // close early. - sz := bytesize.Size(maxsz) // nicer log format + sz := bytesize.Size(maxsz) //nolint:gosec return nil, gtserror.Newf("media body exceeds max size %s", sz) } diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go index 3b94687dc..1e20455c3 100644 --- a/internal/typeutils/internaltofrontend.go +++ b/internal/typeutils/internaltofrontend.go @@ -647,7 +647,7 @@ func (c *Converter) AttachmentToAPIAttachment(ctx context.Context, media *gtsmod Size: toAPISize(media.FileMeta.Original.Width, media.FileMeta.Original.Height), FrameRate: toAPIFrameRate(media.FileMeta.Original.Framerate), Duration: util.PtrOrZero(media.FileMeta.Original.Duration), - Bitrate: int(util.PtrOrZero(media.FileMeta.Original.Bitrate)), + Bitrate: util.PtrOrZero(media.FileMeta.Original.Bitrate), } // Copy over local file URL. @@ -1529,9 +1529,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins Version: config.GetSoftwareVersion(), Languages: config.GetInstanceLanguages().TagStrs(), Registrations: config.GetAccountsRegistrationOpen(), - ApprovalRequired: true, // approval always required - InvitesEnabled: false, // todo: not supported yet - MaxTootChars: uint(config.GetStatusesMaxChars()), + ApprovalRequired: true, // approval always required + InvitesEnabled: false, // todo: not supported yet + MaxTootChars: uint(config.GetStatusesMaxChars()), // #nosec G115 -- Already validated. Rules: c.InstanceRulesToAPIRules(i.Rules), Terms: i.Terms, TermsRaw: i.TermsText, @@ -1551,9 +1551,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes - instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit - instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions() @@ -1563,7 +1563,7 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS() instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields - instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) + instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.OIDCEnabled = config.GetOIDCEnabled() // URLs @@ -1695,9 +1695,9 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes - instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit - instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) + instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions() @@ -1707,7 +1707,7 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS() instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields - instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) + instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated. instance.Configuration.OIDCEnabled = config.GetOIDCEnabled() // registrations