From 934f5ffb2815229d41e4bc557a15d70dfc060704 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 16 Oct 2024 14:37:06 +0900 Subject: [PATCH] Fix code scanning alert no. 42: Incorrect conversion between integer types This is not a security issue, as the port number is limited to 16-bit anyway. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Akihiro Suda --- pkg/guestagent/guestagent_linux.go | 2 +- pkg/guestagent/iptables/iptables.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/guestagent/guestagent_linux.go b/pkg/guestagent/guestagent_linux.go index e092d4915a3..141d8d9f0f2 100644 --- a/pkg/guestagent/guestagent_linux.go +++ b/pkg/guestagent/guestagent_linux.go @@ -279,7 +279,7 @@ func (a *agent) LocalPorts(_ context.Context) ([]*api.IPPort, error) { res = append(res, &api.IPPort{ Ip: ipt.IP.String(), - Port: int32(ipt.Port), + Port: int32(ipt.Port), // The port value is already ensured to be within int32 bounds in iptables.go Protocol: "tcp", }) } diff --git a/pkg/guestagent/iptables/iptables.go b/pkg/guestagent/iptables/iptables.go index 0f4fe1adb5e..a997a80defd 100644 --- a/pkg/guestagent/iptables/iptables.go +++ b/pkg/guestagent/iptables/iptables.go @@ -67,10 +67,11 @@ func parsePortsFromRules(rules []string) ([]Entry, error) { for _, rule := range rules { if found := findPortRegex.FindStringSubmatch(rule); found != nil { if len(found) == 4 { - port, err := strconv.Atoi(found[3]) + port64, err := strconv.ParseInt(found[3], 10, 32) if err != nil { return nil, err } + port := int(port64) istcp := found[2] == "tcp"