[security-fix] Fix integer overflow vulnerabilities in uint to int conversions (Alerts #413-418)

pkg/workflow/frontmatter_extraction_metadata.go

@@ -2,6 +2,7 @@ package workflow
 
 import (
 	"fmt"
+	"math"
 	"strings"
 )
 
@@ -143,6 +144,22 @@ func (c *Compiler) extractSafetyPromptSetting(tools map[string]any) bool {
 	return true
 }
 
+// safeUintToInt safely converts uint to int, returning 0 if overflow would occur
+func safeUintToInt(u uint) int {
+	if u > math.MaxInt {
+		return 0 // Return 0 (engine default) if value would overflow
+	}
+	return int(u)
+}
+
+// safeUint64ToInt safely converts uint64 to int, returning 0 if overflow would occur
+func safeUint64ToInt(u uint64) int {
+	if u > math.MaxInt {
+		return 0 // Return 0 (engine default) if value would overflow
+	}
+	return int(u)
+}
+
 // extractToolsTimeout extracts the timeout setting from tools
 // Returns 0 if not set (engines will use their own defaults)
 func (c *Compiler) extractToolsTimeout(tools map[string]any) int {
@@ -152,16 +169,16 @@ func (c *Compiler) extractToolsTimeout(tools map[string]any) int {
 
 	// Check if timeout is explicitly set in tools
 	if timeoutValue, exists := tools["timeout"]; exists {
-		// Handle different numeric types
+		// Handle different numeric types with safe conversions to prevent overflow
 		switch v := timeoutValue.(type) {
 		case int:
 			return v
 		case int64:
 			return int(v)
 		case uint:
-			return int(v)
+			return safeUintToInt(v) // Safe conversion to prevent overflow (alert #418)
 		case uint64:
-			return int(v)
+			return safeUint64ToInt(v) // Safe conversion to prevent overflow (alert #416)
 		case float64:
 			return int(v)
 		}
@@ -180,16 +197,16 @@ func (c *Compiler) extractToolsStartupTimeout(tools map[string]any) int {
 
 	// Check if startup-timeout is explicitly set in tools
 	if timeoutValue, exists := tools["startup-timeout"]; exists {
-		// Handle different numeric types
+		// Handle different numeric types with safe conversions to prevent overflow
 		switch v := timeoutValue.(type) {
 		case int:
 			return v
 		case int64:
 			return int(v)
 		case uint:
-			return int(v)
+			return safeUintToInt(v) // Safe conversion to prevent overflow (alert #417)
 		case uint64:
-			return int(v)
+			return safeUint64ToInt(v) // Safe conversion to prevent overflow (alert #415)
 		case float64:
 			return int(v)
 		}

pkg/workflow/safe_inputs_parser.go

@@ -3,13 +3,23 @@ package workflow
 import (
 	"encoding/json"
 	"fmt"
+	"math"
 	"strings"
 
 	"github.com/githubnext/gh-aw/pkg/logger"
 )
 
 var safeInputsLog = logger.New("workflow:safe_inputs")
 
+// safeUint64ToIntForTimeout safely converts uint64 to int for timeout values
+// Returns 0 (which signals to use engine defaults) if overflow would occur
+func safeUint64ToIntForTimeout(u uint64) int {
+	if u > math.MaxInt {
+		return 0 // Return 0 (engine default) if value would overflow
+	}
+	return int(u)
+}
+
 // SafeInputsConfig holds the configuration for safe-inputs custom tools
 type SafeInputsConfig struct {
 	Mode  string // Transport mode: "http" (default) or "stdio"
@@ -211,7 +221,7 @@ func parseSafeInputsMap(safeInputsMap map[string]any) (*SafeInputsConfig, bool)
 			case int:
 				toolConfig.Timeout = t
 			case uint64:
-				toolConfig.Timeout = int(t)
+				toolConfig.Timeout = safeUint64ToIntForTimeout(t) // Safe conversion to prevent overflow (alert #414)
 			case float64:
 				toolConfig.Timeout = int(t)
 			case string:
@@ -395,7 +405,7 @@ func (c *Compiler) mergeSafeInputs(main *SafeInputsConfig, importedConfigs []str
 				case int:
 					toolConfig.Timeout = t
 				case uint64:
-					toolConfig.Timeout = int(t)
+					toolConfig.Timeout = safeUint64ToIntForTimeout(t) // Safe conversion to prevent overflow (alert #413)
 				case float64:
 					toolConfig.Timeout = int(t)
 				case string: