Compare commits

...

21 commits

Author SHA1 Message Date
Markus Unterwaditzer c00318cb77
Merge 8ccff37525 into 3e8c4951e1 2024-10-15 17:28:33 +02:00
tobi 3e8c4951e1
[docs] remove duplicate entry from supported platforms (#3442) 2024-10-15 13:37:16 +02:00
kim 3ad49f7718
updates exported interface types to match ncruces/go-sqlite3/driver methods (#3440) 2024-10-14 20:28:59 +00:00
Markus Unterwaditzer 8ccff37525
Merge branch 'main' into golangci-lint-upgrade 2024-10-14 14:12:48 +02:00
Markus Unterwaditzer 79fb292246 fix the linter for real 2024-10-12 13:10:01 +02:00
Markus Unterwaditzer 3d407b556e fix wrong formatting specifier thing 2024-10-12 13:03:28 +02:00
Markus Unterwaditzer 263ddf8128 apply review feedback 2024-10-12 12:59:19 +02:00
Markus Unterwaditzer 9b1683bee6 swagger updates 2024-10-12 12:06:59 +02:00
Markus Unterwaditzer bd9ce6638e get rid of remaining nolint:gosec 2024-10-12 11:01:15 +02:00
Markus Unterwaditzer 77736957ec revert another unrelated change 2024-10-12 10:43:27 +02:00
Markus Unterwaditzer a4f6f1474e revert unrelated changes 2024-10-12 10:41:55 +02:00
Markus Unterwaditzer 2693b8827d Merge branch 'go_123' into golangci-lint-upgrade 2024-10-12 10:41:29 +02:00
Markus Unterwaditzer fe5849fcf1 fix golangci-lint documentation link 2024-10-12 10:33:00 +02:00
Markus Unterwaditzer 275a3f8636 [chore] Upgrade golangci-lint, ignore existing int overflow warnings
There is a new lint for unchecked int casts. Integer overflows are bad,
but the old code that triggers this lint seems to be perfectly fine.
Instead of disabling the lint entirely for new code as well, grandfather
in existing code.
2024-10-12 10:30:08 +02:00
tobi 4be1f780a1 goreleaser deprecation notices 2024-09-02 15:14:27 +02:00
tobi 8db3d6b700 allow overflow in imaging 2024-09-02 15:08:07 +02:00
tobi 666b8bc4f2 Merge branch 'main' into go_123 2024-09-02 14:38:00 +02:00
tobi 7c6c74243b bump go version in go.mod 2024-09-01 17:44:54 +02:00
tobi 75d3fca08c sign 2024-09-01 17:42:45 +02:00
tobi bd4c4d79fe undo silly change 2024-09-01 17:37:17 +02:00
tobi c1543c029b [chore] Bump tooling versions, bump go -> v1.23.0 2024-09-01 17:35:31 +02:00
25 changed files with 88 additions and 76 deletions

View file

@ -474,7 +474,6 @@ release:
| Linux | x86-32/i386 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | [linux_386_moderncsqlite.tar.gz](https://github.com/superseriousbusiness/gotosocial/releases/download/{{ .Tag }}/gotosocial_{{ .Version }}_linux_386_moderncsqlite.tar.gz) | `superseriousbusiness/gotosocial:{{ .Version }}-moderncsqlite` |
| Linux | Armv7/ARM32 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | [linux_armv7_moderncsqlite.tar.gz](https://github.com/superseriousbusiness/gotosocial/releases/download/{{ .Tag }}/gotosocial_{{ .Version }}_linux_armv7_moderncsqlite.tar.gz) | `superseriousbusiness/gotosocial:{{ .Version }}-moderncsqlite` |
| Linux | Armv6/ARM32 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | [linux_armv6_moderncsqlite.tar.gz](https://github.com/superseriousbusiness/gotosocial/releases/download/{{ .Tag }}/gotosocial_{{ .Version }}_linux_armv7_moderncsqlite.tar.gz) | `superseriousbusiness/gotosocial:{{ .Version }}-moderncsqlite` |
| Linux | x86-32/i386 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | [linux_386_moderncsqlite.tar.gz](https://github.com/superseriousbusiness/gotosocial/releases/download/{{ .Tag }}/gotosocial_{{ .Version }}_linux_386_moderncsqlite.tar.gz) | `superseriousbusiness/gotosocial:{{ .Version }}-moderncsqlite` |
#### FreeBSD

View file

@ -385,7 +385,7 @@ We use [golangci-lint](https://golangci-lint.run/) for linting, which allows us
If you make a PR that doesn't pass the linter, it will be rejected. As such, it's good practice to run the linter locally before pushing or opening a PR.
To do this, first install the linter following the instructions [here](https://golangci-lint.run/usage/install/#local-installation).
To do this, first install the linter following the instructions [here](https://golangci-lint.run/welcome/install/).
Then, you can run the linter with:

View file

@ -283,7 +283,6 @@ This is the current status of support offered by GoToSocial for different platfo
| Linux | x86-32/i386 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | Yes | Yes |
| Linux | Armv7/ARM32 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | Yes | Yes |
| Linux | Armv6/ARM32 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | Yes | Yes |
| Linux | x86-32/i386 (32-bit) | 🟡 Partial<sup>[2](#32-bit)</sup> | Yes | Yes |
| OpenBSD | Any | 🔴 None<sup>[3](#openbsd)</sup> | No | No |
#### FreeBSD

View file

@ -2114,7 +2114,7 @@ definitions:
bitrate:
description: Bitrate of the media in bits per second.
example: 1000000
format: int64
format: uint64
type: integer
x-go-name: Bitrate
duration:

View file

@ -145,8 +145,8 @@ func validateCreateEmoji(form *apimodel.EmojiCreateRequest) error {
return errors.New("no emoji given")
}
maxSize := config.GetMediaEmojiLocalMaxSize()
if form.Image.Size > int64(maxSize) {
maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
if form.Image.Size > maxSize {
return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024)
}

View file

@ -208,8 +208,8 @@ func validateUpdateEmoji(form *apimodel.EmojiUpdateRequest) error {
}
if hasImage {
maxSize := config.GetMediaEmojiLocalMaxSize()
if form.Image.Size > int64(maxSize) {
maxSize := int64(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
if form.Image.Size > maxSize {
return fmt.Errorf("emoji image too large: image is %dKB but size limit for custom emojis is %dKB", form.Image.Size/1024, maxSize/1024)
}
}

View file

@ -160,7 +160,7 @@ type MediaDimensions struct {
Duration float32 `json:"duration,omitempty"`
// Bitrate of the media in bits per second.
// example: 1000000
Bitrate int `json:"bitrate,omitempty"`
Bitrate uint64 `json:"bitrate,omitempty"`
// Size of the media, in the format `[width]x[height]`.
// Not set for audio.
// example: 1920x1080

View file

@ -220,7 +220,7 @@ func (n *node) getChild(part string) *node {
for i < j {
// avoid overflow when computing h
h := int(uint(i+j) >> 1)
h := int(uint(i+j) >> 1) // #nosec G115
// i ≤ h < j
if n.child[h].part < part {

View file

@ -25,6 +25,7 @@
"encoding/pem"
"errors"
"fmt"
"math"
"net/url"
"os"
"runtime"
@ -489,7 +490,10 @@ func deriveBunDBPGOptions() (*pgx.ConnConfig, error) {
cfg.Host = address
}
if port := config.GetDbPort(); port > 0 {
cfg.Port = uint16(port)
if port > math.MaxUint16 {
return nil, errors.New("invalid port, must be in range 1-65535")
}
cfg.Port = uint16(port) // #nosec G115 -- Just validated above.
}
if u := config.GetDbUser(); u != "" {
cfg.User = u

View file

@ -198,6 +198,7 @@ type stmtIface interface {
driver.Stmt
driver.StmtExecContext
driver.StmtQueryContext
driver.NamedValueChecker
}
// RowsIface is the driver.Rows interface
@ -207,4 +208,5 @@ type stmtIface interface {
type rowsIface interface {
driver.Rows
driver.RowsColumnTypeDatabaseTypeName
driver.RowsColumnTypeNullable
}

View file

@ -97,11 +97,11 @@ func() (*media.ProcessingEmoji, error) {
}
// Get maximum supported remote emoji size.
maxsz := config.GetMediaEmojiRemoteMaxSize()
maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
// Prepare data function to dereference remote emoji media.
data := func(context.Context) (io.ReadCloser, error) {
return tsport.DereferenceMedia(ctx, url, int64(maxsz))
return tsport.DereferenceMedia(ctx, url, maxsz)
}
// Create new emoji with prepared info.
@ -189,11 +189,11 @@ func() (*media.ProcessingEmoji, error) {
}
// Get maximum supported remote emoji size.
maxsz := config.GetMediaEmojiRemoteMaxSize()
maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
// Prepare data function to dereference remote emoji media.
data := func(context.Context) (io.ReadCloser, error) {
return tsport.DereferenceMedia(ctx, url, int64(maxsz))
return tsport.DereferenceMedia(ctx, url, maxsz)
}
// Update emoji with prepared info.
@ -255,11 +255,11 @@ func() (*media.ProcessingEmoji, error) {
}
// Get maximum supported remote emoji size.
maxsz := config.GetMediaEmojiRemoteMaxSize()
maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
// Prepare data function to dereference remote emoji media.
data := func(context.Context) (io.ReadCloser, error) {
return tsport.DereferenceMedia(ctx, url, int64(maxsz))
return tsport.DereferenceMedia(ctx, url, maxsz)
}
// Recache emoji with prepared info.

View file

@ -77,14 +77,14 @@ func() (*media.ProcessingMedia, error) {
}
// Get maximum supported remote media size.
maxsz := config.GetMediaRemoteMaxSize()
maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
// Create media with prepared info.
return d.mediaManager.CreateMedia(
ctx,
accountID,
func(ctx context.Context) (io.ReadCloser, error) {
return tsport.DereferenceMedia(ctx, url, int64(maxsz))
return tsport.DereferenceMedia(ctx, url, maxsz)
},
info,
)
@ -168,14 +168,14 @@ func() (*media.ProcessingMedia, error) {
}
// Get maximum supported remote media size.
maxsz := config.GetMediaRemoteMaxSize()
maxsz := int64(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
// Recache media with prepared info,
// this will also update media in db.
return d.mediaManager.CacheMedia(
attach,
func(ctx context.Context) (io.ReadCloser, error) {
return tsport.DereferenceMedia(ctx, url, int64(maxsz))
return tsport.DereferenceMedia(ctx, url, maxsz)
},
), nil
},

View file

@ -340,14 +340,14 @@ func (c *Client) do(r *Request) (rsp *http.Response, retry bool, err error) {
if u, _ := strconv.ParseUint(after, 10, 32); u != 0 {
// An integer no. of backoff seconds was provided.
r.backoff = time.Duration(u) * time.Second
r.backoff = time.Duration(u) * time.Second // #nosec G115 -- We clamp backoff below.
} else if at, _ := http.ParseTime(after); !at.Before(now) {
// An HTTP formatted future date-time was provided.
r.backoff = at.Sub(now)
}
// Don't let their provided backoff exceed our max.
if max := baseBackoff * time.Duration(c.retries); //
if max := baseBackoff * time.Duration(c.retries); // #nosec G115 -- We control c.retries.
r.backoff > max {
r.backoff = max
}

View file

@ -556,10 +556,10 @@ func (res *ffprobeResult) Process() (*result, error) {
if p := strings.SplitN(str, "/", 2); len(p) == 2 {
n, _ := strconv.ParseUint(p[0], 10, 32)
d, _ := strconv.ParseUint(p[1], 10, 32)
num, den = uint32(n), uint32(d)
num, den = uint32(n), uint32(d) // #nosec G115 -- ParseUint is configured to check
} else {
n, _ := strconv.ParseUint(p[0], 10, 32)
num = uint32(n)
num = uint32(n) // #nosec G115 -- ParseUint is configured to check
}
// Set final divised framerate.

View file

@ -399,9 +399,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
g16 := uint16(s[1])
b16 := uint16(s[2])
a16 := uint16(a)
d[0] = uint8(r16 * 0xff / a16)
d[1] = uint8(g16 * 0xff / a16)
d[2] = uint8(b16 * 0xff / a16)
d[0] = uint8(r16 * 0xff / a16) // #nosec G115 -- Overflow desired.
d[1] = uint8(g16 * 0xff / a16) // #nosec G115 -- Overflow desired.
d[2] = uint8(b16 * 0xff / a16) // #nosec G115 -- Overflow desired.
d[3] = a
}
j += 4
@ -431,9 +431,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
g32 := uint32(s[2])<<8 | uint32(s[3])
b32 := uint32(s[4])<<8 | uint32(s[5])
a32 := uint32(s[6])<<8 | uint32(s[7])
d[0] = uint8((r32 * 0xffff / a32) >> 8)
d[1] = uint8((g32 * 0xffff / a32) >> 8)
d[2] = uint8((b32 * 0xffff / a32) >> 8)
d[0] = uint8((r32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
d[1] = uint8((g32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
d[2] = uint8((b32 * 0xffff / a32) >> 8) // #nosec G115 -- Overflow desired.
}
d[3] = a
j += 4
@ -509,30 +509,30 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
cr1 := int32(img.Cr[ic]) - 128
r := yy1 + 91881*cr1
if uint32(r)&0xff000000 == 0 {
if uint32(r)&0xff000000 == 0 { //nolint:gosec
r >>= 16
} else {
r = ^(r >> 31)
}
g := yy1 - 22554*cb1 - 46802*cr1
if uint32(g)&0xff000000 == 0 {
if uint32(g)&0xff000000 == 0 { //nolint:gosec
g >>= 16
} else {
g = ^(g >> 31)
}
b := yy1 + 116130*cb1
if uint32(b)&0xff000000 == 0 {
if uint32(b)&0xff000000 == 0 { //nolint:gosec
b >>= 16
} else {
b = ^(b >> 31)
}
d := dst[j : j+4 : j+4]
d[0] = uint8(r)
d[1] = uint8(g)
d[2] = uint8(b)
d[0] = uint8(r) // #nosec G115 -- Overflow desired.
d[1] = uint8(g) // #nosec G115 -- Overflow desired.
d[2] = uint8(b) // #nosec G115 -- Overflow desired.
d[3] = 0xff
iy++
@ -569,9 +569,9 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
d := dst[j : j+4 : j+4]
switch a16 {
case 0xffff:
d[0] = uint8(r16 >> 8)
d[1] = uint8(g16 >> 8)
d[2] = uint8(b16 >> 8)
d[0] = uint8(r16 >> 8) // #nosec G115 -- Overflow desired.
d[1] = uint8(g16 >> 8) // #nosec G115 -- Overflow desired.
d[2] = uint8(b16 >> 8) // #nosec G115 -- Overflow desired.
d[3] = 0xff
case 0:
d[0] = 0
@ -579,10 +579,10 @@ func (s *scanner) scan(x1, y1, x2, y2 int, dst []uint8) {
d[2] = 0
d[3] = 0
default:
d[0] = uint8(((r16 * 0xffff) / a16) >> 8)
d[1] = uint8(((g16 * 0xffff) / a16) >> 8)
d[2] = uint8(((b16 * 0xffff) / a16) >> 8)
d[3] = uint8(a16 >> 8)
d[0] = uint8(((r16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
d[1] = uint8(((g16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
d[2] = uint8(((b16 * 0xffff) / a16) >> 8) // #nosec G115 -- Overflow desired.
d[3] = uint8(a16 >> 8) // #nosec G115 -- Overflow desired.
}
j += 4
}
@ -617,7 +617,7 @@ func clampFloat(x float64) uint8 {
return 255
}
if v > 0 {
return uint8(v)
return uint8(v) // #nosec G115 -- Just checked.
}
return 0
}

View file

@ -49,9 +49,6 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM
refetchIDs []string
)
// Get max supported remote emoji media size.
maxsz := config.GetMediaEmojiRemoteMaxSize()
// page through emojis 20 at a time, looking for those with missing images
for {
// Fetch next block of emojis from database
@ -111,8 +108,10 @@ func (m *Manager) RefetchEmojis(ctx context.Context, domain string, dereferenceM
continue
}
// Get max supported remote emoji media size.
maxsz := int64(config.GetMediaEmojiRemoteMaxSize()) // #nosec G115 -- Already validated.
dataFunc := func(ctx context.Context) (reader io.ReadCloser, err error) {
return dereferenceMedia(ctx, emojiImageIRI, int64(maxsz))
return dereferenceMedia(ctx, emojiImageIRI, maxsz)
}
processingEmoji, err := m.UpdateEmoji(ctx, emoji, dataFunc, AdditionalEmojiInfo{

View file

@ -145,7 +145,7 @@ func drainToTmp(rc io.ReadCloser) (string, error) {
// Check to see if limit was reached,
// (produces more useful error messages).
if lr != nil && lr.N <= 0 {
err := fmt.Errorf("reached read limit %s", bytesize.Size(limit))
err := fmt.Errorf("reached read limit %s", bytesize.Size(limit)) // #nosec G115 -- Just logging
return path, gtserror.SetLimitReached(err)
}

View file

@ -123,7 +123,7 @@ func Logger(logClientIP bool) gin.HandlerFunc {
}
// Generate a nicer looking bytecount
size := bytesize.Size(c.Writer.Size())
size := bytesize.Size(c.Writer.Size()) // #nosec G115 -- Just logging
// Finally, write log entry with status text + body size.
l.Logf(lvl, "%s: wrote %s", statusText, size)

View file

@ -48,7 +48,7 @@ func NewRequestID() string {
b := make([]byte, 12)
// Get current time in milliseconds.
ms := uint64(time.Now().UnixMilli())
ms := uint64(time.Now().UnixMilli()) // #nosec G115 -- Pre-1970 clock?
// Store binary time data in byte buffer.
binary.LittleEndian.PutUint64(b[0:8], ms)

View file

@ -82,12 +82,16 @@ func Throttle(cpuMultiplier int, retryAfter time.Duration) gin.HandlerFunc {
return func(c *gin.Context) {}
}
if retryAfter < 0 {
retryAfter = 0
}
var (
limit = runtime.GOMAXPROCS(0) * cpuMultiplier
queueLimit = limit * cpuMultiplier
tokens = make(chan token, limit)
requestCount = atomic.Int64{}
retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10)
retryAfterStr = strconv.FormatUint(uint64(retryAfter/time.Second), 10) // #nosec G115 -- Checked right above
)
// prefill token channel

View file

@ -463,9 +463,10 @@ func (p *Processor) UpdateAvatar(
) {
// Get maximum supported local media size.
maxsz := config.GetMediaLocalMaxSize()
maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
// Ensure media within size bounds.
if avatar.Size > int64(maxsz) {
if avatar.Size > maxszInt64 {
text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -478,7 +479,7 @@ func (p *Processor) UpdateAvatar(
}
// Wrap the multipart file reader to ensure is limited to max.
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
// Write to instance storage.
return p.c.StoreLocalMedia(ctx,
@ -508,9 +509,10 @@ func (p *Processor) UpdateHeader(
) {
// Get maximum supported local media size.
maxsz := config.GetMediaLocalMaxSize()
maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
// Ensure media within size bounds.
if header.Size > int64(maxsz) {
if header.Size > maxszInt64 {
text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -523,7 +525,7 @@ func (p *Processor) UpdateHeader(
}
// Wrap the multipart file reader to ensure is limited to max.
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
// Write to instance storage.
return p.c.StoreLocalMedia(ctx,

View file

@ -25,7 +25,6 @@
"mime/multipart"
"strings"
"codeberg.org/gruf/go-bytesize"
"codeberg.org/gruf/go-iotools"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/config"
@ -46,9 +45,10 @@ func (p *Processor) EmojiCreate(
// Get maximum supported local emoji size.
maxsz := config.GetMediaEmojiLocalMaxSize()
maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
// Ensure media within size bounds.
if form.Image.Size > int64(maxsz) {
if form.Image.Size > maxszInt64 {
text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -61,7 +61,7 @@ func (p *Processor) EmojiCreate(
}
// Wrap the multipart file reader to ensure is limited to max.
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
data := func(context.Context) (io.ReadCloser, error) {
return rc, nil
}
@ -301,9 +301,10 @@ func (p *Processor) emojiUpdateCopy(
// Get maximum supported local emoji size.
maxsz := config.GetMediaEmojiLocalMaxSize()
maxszInt := int(maxsz) // #nosec G115 -- Already validated.
// Ensure target emoji image within size bounds.
if bytesize.Size(target.ImageFileSize) > maxsz {
if target.ImageFileSize > maxszInt {
text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -442,9 +443,10 @@ func (p *Processor) emojiUpdateModify(
// Get maximum supported local emoji size.
maxsz := config.GetMediaEmojiLocalMaxSize()
maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
// Ensure media within size bounds.
if image.Size > int64(maxsz) {
if image.Size > maxszInt64 {
text := fmt.Sprintf("emoji exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -457,7 +459,7 @@ func (p *Processor) emojiUpdateModify(
}
// Wrap the multipart file reader to ensure is limited to max.
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz)) // #nosec G115 -- Already validated.
data := func(context.Context) (io.ReadCloser, error) {
return rc, nil
}

View file

@ -36,9 +36,10 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form
// Get maximum supported local media size.
maxsz := config.GetMediaLocalMaxSize()
maxszInt64 := int64(maxsz) // #nosec G115 -- Already validated.
// Ensure media within size bounds.
if form.File.Size > int64(maxsz) {
if form.File.Size > maxszInt64 {
text := fmt.Sprintf("media exceeds configured max size: %s", maxsz)
return nil, gtserror.NewErrorBadRequest(errors.New(text), text)
}
@ -58,7 +59,7 @@ func (p *Processor) Create(ctx context.Context, account *gtsmodel.Account, form
}
// Wrap the multipart file reader to ensure is limited to max.
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, int64(maxsz))
rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxszInt64)
// Create local media and write to instance storage.
attachment, errWithCode := p.c.StoreLocalMedia(ctx,

View file

@ -53,7 +53,7 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL, maxsz in
// Check media within size limit.
if rsp.ContentLength > maxsz {
_ = rsp.Body.Close() // close early.
sz := bytesize.Size(maxsz) // nicer log format
sz := bytesize.Size(maxsz) //nolint:gosec
return nil, gtserror.Newf("media body exceeds max size %s", sz)
}

View file

@ -647,7 +647,7 @@ func (c *Converter) AttachmentToAPIAttachment(ctx context.Context, media *gtsmod
Size: toAPISize(media.FileMeta.Original.Width, media.FileMeta.Original.Height),
FrameRate: toAPIFrameRate(media.FileMeta.Original.Framerate),
Duration: util.PtrOrZero(media.FileMeta.Original.Duration),
Bitrate: int(util.PtrOrZero(media.FileMeta.Original.Bitrate)),
Bitrate: util.PtrOrZero(media.FileMeta.Original.Bitrate),
}
// Copy over local file URL.
@ -1529,9 +1529,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
Version: config.GetSoftwareVersion(),
Languages: config.GetInstanceLanguages().TagStrs(),
Registrations: config.GetAccountsRegistrationOpen(),
ApprovalRequired: true, // approval always required
InvitesEnabled: false, // todo: not supported yet
MaxTootChars: uint(config.GetStatusesMaxChars()),
ApprovalRequired: true, // approval always required
InvitesEnabled: false, // todo: not supported yet
MaxTootChars: uint(config.GetStatusesMaxChars()), // #nosec G115 -- Already validated.
Rules: c.InstanceRulesToAPIRules(i.Rules),
Terms: i.Terms,
TermsRaw: i.TermsText,
@ -1551,9 +1551,9 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL
instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes
instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes
instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize())
instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit
instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize())
instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit
instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit
instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions()
@ -1563,7 +1563,7 @@ func (c *Converter) InstanceToAPIV1Instance(ctx context.Context, i *gtsmodel.Ins
instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS()
instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags
instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields
instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize())
instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()
// URLs
@ -1695,9 +1695,9 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
instance.Configuration.Statuses.CharactersReservedPerURL = instanceStatusesCharactersReservedPerURL
instance.Configuration.Statuses.SupportedMimeTypes = instanceStatusesSupportedMimeTypes
instance.Configuration.MediaAttachments.SupportedMimeTypes = media.SupportedMIMETypes
instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize())
instance.Configuration.MediaAttachments.ImageSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.MediaAttachments.ImageMatrixLimit = instanceMediaAttachmentsImageMatrixLimit
instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize())
instance.Configuration.MediaAttachments.VideoSizeLimit = int(config.GetMediaRemoteMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.MediaAttachments.VideoFrameRateLimit = instanceMediaAttachmentsVideoFrameRateLimit
instance.Configuration.MediaAttachments.VideoMatrixLimit = instanceMediaAttachmentsVideoMatrixLimit
instance.Configuration.Polls.MaxOptions = config.GetStatusesPollMaxOptions()
@ -1707,7 +1707,7 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
instance.Configuration.Accounts.AllowCustomCSS = config.GetAccountsAllowCustomCSS()
instance.Configuration.Accounts.MaxFeaturedTags = instanceAccountsMaxFeaturedTags
instance.Configuration.Accounts.MaxProfileFields = instanceAccountsMaxProfileFields
instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize())
instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()
// registrations