Fix gosec errors

pingidentity · Jan 15, 2025 · 9568952 · 9568952
1 parent e3548c1
commit 9568952
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/dvgenerate/generate.go b/dvgenerate/generate.go
@@ -105,6 +105,7 @@ func writeTemplateFile(t *template.Template, fileName string, overwrite bool, da
 		return fmt.Errorf("failed to check if file exists: %v", err)
 	}
 
+	fileName = filepath.Clean(fileName)
 	outputFile, err := os.Create(fileName)
 	if err != nil {
 		return err

diff --git a/internal/service/davinci/resource_variable.go b/internal/service/davinci/resource_variable.go
@@ -754,20 +754,30 @@ func (p *VariableResourceModel) toState(apiObject map[string]davinci.Variable) d
 			}
 			value = string(bytes)
 		}
-		
+
 		p.ValueService = framework.StringToTF(value)
 	} else {
 		p.ValueService = types.StringNull()
 	}
 
 	if v := variableObject.Min; v != nil {
-		p.Min = framework.Int32ToTF(int32(*v))
+		safeInt, err := utils.SafeIntToInt32(*v)
+		if err != nil {
+			diags.AddError("Error converting min value", err.Error())
+		} else {
+			p.Min = framework.Int32ToTF(safeInt)
+		}
 	} else {
 		p.Min = types.Int64Null()
 	}
 
 	if v := variableObject.Max; v != nil {
-		p.Max = framework.Int32ToTF(int32(*v))
+		safeInt, err := utils.SafeIntToInt32(*v)
+		if err != nil {
+			diags.AddError("Error converting max value", err.Error())
+		} else {
+			p.Max = framework.Int32ToTF(safeInt)
+		}
 	} else {
 		p.Max = types.Int64Null()
 	}

diff --git a/internal/utils/int.go b/internal/utils/int.go
@@ -0,0 +1,13 @@
+package utils
+
+import (
+	"errors"
+	"math"
+)
+
+func SafeIntToInt32(value int) (int32, error) {
+	if value > math.MaxInt32 || value < math.MinInt32 {
+		return 0, errors.New("value out of range for int32")
+	}
+	return int32(value), nil
+}