Merge pull request #185 from cfergeau/lint

Fix linting issues
crc-org · Aug 30, 2024 · 8207112 · 8207112
2 parents a638243 + 4454804
commit 8207112
Show file tree

Hide file tree

Showing 12 changed files with 151 additions and 142 deletions.
diff --git a/.github/workflows/compile.yml b/.github/workflows/compile.yml
@@ -14,9 +14,9 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: stable
+          go-version-file: go.mod
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        run: make lint
   build:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: stable
+          go-version-file: go.mod
       - name: Build
         run: make
       - name: Test

diff --git a/cmd/vfkit/timesync.go b/cmd/vfkit/timesync.go
@@ -33,7 +33,7 @@ func syncGuestTime(conn net.Conn) error {
 	return nil
 }
 
-func watchWakeupNotifications(vm *vf.VirtualMachine, vsockPort uint) {
+func watchWakeupNotifications(vm *vf.VirtualMachine, vsockPort uint32) {
 	var vsockConn net.Conn
 	defer func() {
 		if vsockConn != nil {

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"math"
 	"os"
 	"os/exec"
 	"strconv"
@@ -23,7 +24,7 @@ type VirtualMachine struct {
 // TimeSync enables synchronization of the host time to the linux guest after the host was suspended.
 // This requires qemu-guest-agent to be running in the guest, and to be listening on a vsock socket
 type TimeSync struct {
-	VsockPort uint `json:"vsockPort"`
+	VsockPort uint32 `json:"vsockPort"`
 }
 
 // The VMComponent interface represents a VM element (device, bootloader, ...)
@@ -180,8 +181,12 @@ func (vm *VirtualMachine) TimeSync() *TimeSync {
 }
 
 func TimeSyncNew(vsockPort uint) (VMComponent, error) {
+
+	if vsockPort > math.MaxUint32 {
+		return nil, fmt.Errorf("invalid vsock port: %d", vsockPort)
+	}
 	return &TimeSync{
-		VsockPort: vsockPort,
+		VsockPort: uint32(vsockPort), //#nosec G115 -- was compared to math.MaxUint32
 	}, nil
 }
 
@@ -197,11 +202,11 @@ func (ts *TimeSync) FromOptions(options []option) error {
 	for _, option := range options {
 		switch option.key {
 		case "vsockPort":
-			vsockPort, err := strconv.ParseUint(option.value, 10, 64)
+			vsockPort, err := strconv.ParseUint(option.value, 10, 32)
 			if err != nil {
 				return err
 			}
-			ts.VsockPort = uint(vsockPort)
+			ts.VsockPort = uint32(vsockPort) //#nosec G115 -- ParseUint(_, _, 32) guarantees no overflow
 		default:
 			return fmt.Errorf("unknown option for timesync parameter: %s", option.key)
 		}

diff --git a/pkg/config/json_test.go b/pkg/config/json_test.go
@@ -40,7 +40,7 @@ func fillStruct(t *testing.T, obj interface{}, skipFields []string) {
 		switch fieldVal.Kind() {
 		case reflect.Int, reflect.Int64:
 			fieldVal.SetInt(2)
-		case reflect.Uint, reflect.Uint64:
+		case reflect.Uint, reflect.Uint32, reflect.Uint64:
 			fieldVal.SetUint(3)
 		case reflect.Bool:
 			fieldVal.SetBool(true)

diff --git a/pkg/config/virtio.go b/pkg/config/virtio.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"math"
 	"net"
 	"os"
 	"strconv"
@@ -47,7 +48,7 @@ type VirtioGPU struct {
 type VirtioVsock struct {
 	// Port is the virtio-vsock port used for this device, see `man vsock` for more
 	// details.
-	Port uint `json:"port"`
+	Port uint32 `json:"port"`
 	// SocketURL is the path to a unix socket on the host to use for the virtio-vsock communication with the guest.
 	SocketURL string `json:"socketURL"`
 	// If true, vsock connections will have to be done from guest to host. If false, vsock connections will only be possible
@@ -270,7 +271,7 @@ func (dev *VirtioInput) FromOptions(options []option) error {
 		switch option.key {
 		case VirtioInputPointingDevice, VirtioInputKeyboardDevice:
 			if option.value != "" {
-				return fmt.Errorf(fmt.Sprintf("unexpected value for virtio-input %s option: %s", option.key, option.value))
+				return fmt.Errorf("unexpected value for virtio-input %s option: %s", option.key, option.value)
 			}
 			dev.InputType = option.key
 		default:
@@ -315,14 +316,14 @@ func (dev *VirtioGPU) FromOptions(options []option) error {
 		case VirtioGPUResolutionHeight:
 			height, err := strconv.Atoi(option.value)
 			if err != nil || height < 1 {
-				return fmt.Errorf(fmt.Sprintf("Invalid value for virtio-gpu %s: %s", option.key, option.value))
+				return fmt.Errorf("Invalid value for virtio-gpu %s: %s", option.key, option.value)
 			}
 
 			dev.Height = height
 		case VirtioGPUResolutionWidth:
 			width, err := strconv.Atoi(option.value)
 			if err != nil || width < 1 {
-				return fmt.Errorf(fmt.Sprintf("Invalid value for virtio-gpu %s: %s", option.key, option.value))
+				return fmt.Errorf("Invalid value for virtio-gpu %s: %s", option.key, option.value)
 			}
 
 			dev.Width = width
@@ -532,8 +533,11 @@ func (dev *VirtioBlk) ToCmdLine() ([]string, error) {
 // When listen is true, the host will be listening for connections over vsock.
 // When listen  is false, the guest will be listening for connections over vsock.
 func VirtioVsockNew(port uint, socketURL string, listen bool) (VirtioDevice, error) {
+	if port > math.MaxUint32 {
+		return nil, fmt.Errorf("invalid vsock port: %d", port)
+	}
 	return &VirtioVsock{
-		Port:      port,
+		Port:      uint32(port), //#nosec G115 -- was compared to math.MaxUint32
 		SocketURL: socketURL,
 		Listen:    listen,
 	}, nil
@@ -560,11 +564,11 @@ func (dev *VirtioVsock) FromOptions(options []option) error {
 		case "socketURL":
 			dev.SocketURL = option.value
 		case "port":
-			port, err := strconv.Atoi(option.value)
+			port, err := strconv.ParseUint(option.value, 10, 32)
 			if err != nil {
 				return err
 			}
-			dev.Port = uint(port)
+			dev.Port = uint32(port) //#nosec G115 -- ParseUint(_, _, 32) guarantees no overflow
 		case "listen":
 			dev.Listen = true
 		case "connect":

diff --git a/pkg/vf/virtio.go b/pkg/vf/virtio.go
@@ -211,10 +211,15 @@ func (dev *VirtioRng) AddToVirtualMachineConfig(vmConfig *VirtualMachineConfigur
 	return nil
 }
 
+func unixFd(fd uintptr) int {
+	// On unix the underlying fd is int, overflow is not possible.
+	return int(fd) //#nosec G115 -- potential integer overflow
+}
+
 // https://developer.apple.com/documentation/virtualization/running_linux_in_a_virtual_machine#3880009
 func setRawMode(f *os.File) error {
 	// Get settings for terminal
-	attr, _ := unix.IoctlGetTermios(int(f.Fd()), unix.TIOCGETA)
+	attr, _ := unix.IoctlGetTermios(unixFd(f.Fd()), unix.TIOCGETA)
 
 	// Put stdin into raw mode, disabling local echo, input canonicalization,
 	// and CR-NL mapping.
@@ -228,7 +233,7 @@ func setRawMode(f *os.File) error {
 	attr.Cc[syscall.VTIME] = 0
 
 	// reflects the changed settings
-	return unix.IoctlSetTermios(int(f.Fd()), unix.TIOCSETA, attr)
+	return unix.IoctlSetTermios(unixFd(f.Fd()), unix.TIOCSETA, attr)
 }
 
 func (dev *VirtioSerial) toVz() (*vz.VirtioConsoleDeviceSerialPortConfiguration, error) {

diff --git a/pkg/vf/virtionet.go b/pkg/vf/virtionet.go
@@ -64,10 +64,12 @@ func (dev *VirtioNet) connectUnixPath() error {
 		return err
 	}
 	err = rawConn.Control(func(fd uintptr) {
-		if err = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_SNDBUF, 1*1024*1024); err != nil {
+		err := syscall.SetsockoptInt(unixFd(fd), syscall.SOL_SOCKET, syscall.SO_SNDBUF, 1*1024*1024)
+		if err != nil {
 			return
 		}
-		if err = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_RCVBUF, 4*1024*1024); err != nil {
+		err = syscall.SetsockoptInt(unixFd(fd), syscall.SOL_SOCKET, syscall.SO_RCVBUF, 4*1024*1024)
+		if err != nil {
 			return
 		}
 	})

diff --git a/pkg/vf/vsock.go b/pkg/vf/vsock.go
@@ -11,21 +11,21 @@ import (
 	"inet.af/tcpproxy"
 )
 
-func ExposeVsock(vm *VirtualMachine, port uint, vsockPath string, listen bool) (io.Closer, error) {
+func ExposeVsock(vm *VirtualMachine, port uint32, vsockPath string, listen bool) (io.Closer, error) {
 	if listen {
 		return listenVsock(vm, port, vsockPath)
 	}
 	return connectVsock(vm, port, vsockPath)
 }
 
-func ConnectVsockSync(vm *VirtualMachine, port uint) (net.Conn, error) {
+func ConnectVsockSync(vm *VirtualMachine, port uint32) (net.Conn, error) {
 	socketDevices := vm.SocketDevices()
 	if len(socketDevices) != 1 {
 		return nil, fmt.Errorf("VM has too many/not enough virtio-vsock devices (%d)", len(socketDevices))
 	}
 	vsockDevice := socketDevices[0]
 
-	conn, err := vsockDevice.Connect(uint32(port))
+	conn, err := vsockDevice.Connect(port)
 	if err != nil {
 		// we can't `return vsockDevice.Connect()` directly, see https://go.dev/doc/faq#nil_error
 		// checking the return value for nil won't work as expected if we don't do this
@@ -36,7 +36,7 @@ func ConnectVsockSync(vm *VirtualMachine, port uint) (net.Conn, error) {
 
 // connectVsock proxies connections from a host unix socket to a vsock port
 // This allows the host to initiate connections to the guest over vsock
-func connectVsock(vm *VirtualMachine, port uint, vsockPath string) (io.Closer, error) {
+func connectVsock(vm *VirtualMachine, port uint32, vsockPath string) (io.Closer, error) {
 	var proxy tcpproxy.Proxy
 	// listen for connections on the host unix socket
 	proxy.ListenFunc = func(_, laddr string) (net.Listener, error) {
@@ -74,7 +74,7 @@ func connectVsock(vm *VirtualMachine, port uint, vsockPath string) (io.Closer, e
 
 // listenVsock proxies connections from a vsock port to a host unix socket.
 // This allows the guest to initiate connections to the host over vsock
-func listenVsock(vm *VirtualMachine, port uint, vsockPath string) (io.Closer, error) {
+func listenVsock(vm *VirtualMachine, port uint32, vsockPath string) (io.Closer, error) {
 	var proxy tcpproxy.Proxy
 	// listen for connections on the vsock port
 	proxy.ListenFunc = func(_, laddr string) (net.Listener, error) {
@@ -84,15 +84,15 @@ func listenVsock(vm *VirtualMachine, port uint, vsockPath string) (io.Closer, er
 		}
 		switch parsed.Scheme {
 		case "vsock":
-			port, err := strconv.Atoi(parsed.Port())
+			port, err := strconv.ParseUint(parsed.Port(), 10, 32)
 			if err != nil {
 				return nil, err
 			}
 			socketDevices := vm.SocketDevices()
 			if len(socketDevices) != 1 {
 				return nil, fmt.Errorf("VM has too many/not enough virtio-vsock devices (%d)", len(socketDevices))
 			}
-			return socketDevices[0].Listen(uint32(port))
+			return socketDevices[0].Listen(uint32(port)) //#nosec G115 -- strconv.ParseUint(_, _, 32) guarantees no overflow
 		default:
 			return nil, fmt.Errorf("unexpected scheme '%s'", parsed.Scheme)
 		}

diff --git a/test/osprovider.go b/test/osprovider.go
@@ -51,7 +51,7 @@ type OsProvider interface {
 
 type SSHAccessMethod struct {
 	network string
-	port    int
+	port    uint
 }
 
 type PuiPuiProvider struct {

diff --git a/test/vm_helpers.go b/test/vm_helpers.go
@@ -139,7 +139,7 @@ type testVM struct {
 
 	sshNetwork     string
 	macAddress     string // for SSH over TCP
-	port           int
+	port           uint
 	vsockPath      string // for SSH over vsock
 	sshClient      *ssh.Client
 	restSocketPath string
@@ -235,7 +235,7 @@ func (vm *testVM) WaitForSSH(t *testing.T) {
 	case "tcp":
 		ip, err := retryIPFromMAC(vm.vfkitCmd.errCh, vm.macAddress)
 		require.NoError(t, err)
-		sshClient, err = retrySSHDial(vm.vfkitCmd.errCh, "tcp", net.JoinHostPort(ip, strconv.Itoa(vm.port)), vm.provider.SSHConfig())
+		sshClient, err = retrySSHDial(vm.vfkitCmd.errCh, "tcp", net.JoinHostPort(ip, strconv.FormatUint(uint64(vm.port), 10)), vm.provider.SSHConfig())
 		require.NoError(t, err)
 	case "vsock":
 		sshClient, err = retrySSHDial(vm.vfkitCmd.errCh, "unix", vm.vsockPath, vm.provider.SSHConfig())