feat: docker container handles PID / GID for alpine image #829
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if !userExists(username) { | ||
| // Create group if it doesn't exist | ||
| if !groupExists(groupname) { | ||
| if err := createGroup(groupname, int(pgid)); err != nil { |
Check failure
Code scanning / CodeQL
Incorrect conversion between integer types High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 days ago
To fix the problem, we should add explicit bounds checking after parsing the PGID value to ensure it fits within the valid range for a GID and for the int type. The typical valid range for a GID is 0 to math.MaxInt32 (2,147,483,647), since negative GIDs are not valid and the int type may be 32 bits on some systems. We should check that the parsed value is greater than 0 (or at least non-negative, depending on requirements) and less than or equal to math.MaxInt32. If the value is out of bounds, we should return an error. The same check should be applied to PUID for consistency and safety. This change should be made in the setupUserAndGroup function, after parsing puid and pgid but before converting them to int and passing them to createGroup and createUser. We will need to import the math package if it is not already imported.
| @@ -11,2 +11,3 @@ | ||
| "syscall" | ||
| "math" | ||
| ) | ||
| @@ -86,2 +87,5 @@ | ||
| } | ||
| if puid == 0 || puid > uint64(math.MaxInt32) { | ||
| return 0, 0, fmt.Errorf("PUID must be between 1 and %d", math.MaxInt32) | ||
| } | ||
|
|
||
| @@ -91,2 +95,5 @@ | ||
| } | ||
| if pgid == 0 || pgid > uint64(math.MaxInt32) { | ||
| return 0, 0, fmt.Errorf("PGID must be between 1 and %d", math.MaxInt32) | ||
| } | ||
|
|
| } | ||
|
|
||
| // Create user | ||
| if err := createUser(username, groupname, int(puid)); err != nil { |
Check failure
Code scanning / CodeQL
Incorrect conversion between integer types High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 days ago
To fix this issue, we must ensure that the value parsed from the environment variable fits within the range of a signed int before converting it. The best way is to check that the parsed value is less than or equal to math.MaxInt32 (and greater than zero, if negative values are not allowed), and only then perform the conversion. If the value is out of bounds, we should return an error or use a safe default. This check should be added before any conversion of puid or pgid to int in the setupUserAndGroup function. We also need to import the math package to access math.MaxInt32.
| @@ -11,2 +11,3 @@ | ||
| "syscall" | ||
| "math" | ||
| ) | ||
| @@ -86,2 +87,5 @@ | ||
| } | ||
| if puid > uint64(math.MaxInt32) { | ||
| return 0, 0, fmt.Errorf("PUID %d is out of range (must be <= %d)", puid, math.MaxInt32) | ||
| } | ||
|
|
||
| @@ -91,2 +95,5 @@ | ||
| } | ||
| if pgid > uint64(math.MaxInt32) { | ||
| return 0, 0, fmt.Errorf("PGID %d is out of range (must be <= %d)", pgid, math.MaxInt32) | ||
| } | ||
|
|
||
| @@ -112,3 +119,3 @@ | ||
|
|
||
| return puid, pgid, nil | ||
| return int(puid), int(pgid), nil | ||
| } |
No description provided.