toolz/goplt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(lint): use explicit safe type conversions for gosec
Some checks failed
CI / Test (pull_request) Successful in 51s
Details
CI / Lint (pull_request) Failing after 26s
Details
CI / Build (pull_request) Successful in 38s
Details
CI / Format Check (pull_request) Failing after 2s
Details

Browse Source 
Use separate variables with explicit else branches to make type
conversions safe and satisfy gosec integer overflow checks.
This commit is contained in:
0x1d
2025-11-07 09:37:53 +01:00
parent e673fcae6f
commit 31e8ca7ce9
6 changed files with 35 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
services/identity/internal/password/password.go
View File

@@ -82,7 +82,13 @@ func Verify(password, hash string) (bool, error) {
if hashLen < 0 || hashLen > math.MaxUint32 {
return false, fmt.Errorf("invalid hash length: %d", hashLen)
}
actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), uint32(hashLen))
var hashLenUint32 uint32
if hashLen > math.MaxUint32 {
hashLenUint32 = math.MaxUint32
} else {
hashLenUint32 = uint32(hashLen)
}
actualHash := argon2.IDKey([]byte(password), salt, uint32(t), uint32(m), uint8(p), hashLenUint32)
// Constant-time comparison
if subtle.ConstantTimeCompare(expectedHash, actualHash) == 1 {