Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Create decoder for HTML entities #44

Closed
wants to merge 1 commit into from
Closed

Create decoder for HTML entities #44

wants to merge 1 commit into from

Conversation

rgmz
Copy link
Owner

@rgmz rgmz commented Dec 25, 2024

Description:

Motivation: trufflesecurity#2231

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 25, 2024
View reviewed changes
pkg/decoders/html_entity.go
}

// Append the decoded byte
decoded = append(decoded, byte(num))

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types

Incorrect conversion of an integer with architecture-dependent bit size from [strconv.Atoi](1) to a lower bit size type uint8 without an upper bound check. Incorrect conversion of an integer with architecture-dependent bit size from [strconv.Atoi](1) to a lower bit size type uint8 without an upper bound check.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the integer value parsed from the string is within the valid range for a byte (0-255) before performing the conversion. This can be done by adding a bounds check after parsing the integer and before converting it to a byte.

  1. Parse the integer using strconv.Atoi.
  2. Check if the parsed integer is within the range of 0 to 255.
  3. If the integer is within the valid range, convert it to a byte.
  4. If the integer is outside the valid range, handle the error appropriately (e.g., skip the conversion or use a default value).
Suggested changeset 1
pkg/decoders/html_entity.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/decoders/html_entity.go b/pkg/decoders/html_entity.go
--- a/pkg/decoders/html_entity.go
+++ b/pkg/decoders/html_entity.go
@@ -110,4 +110,7 @@
 
-		// Append the decoded byte
-		decoded = append(decoded, byte(num))
+		// Check if the parsed number is within the valid range for a byte
+		if num >= 0 && num <= 255 {
+			// Append the decoded byte
+			decoded = append(decoded, byte(num))
+		}
 
EOF
@@ -110,4 +110,7 @@

// Append the decoded byte
decoded = append(decoded, byte(num))
// Check if the parsed number is within the valid range for a byte
if num >= 0 && num <= 255 {
// Append the decoded byte
decoded = append(decoded, byte(num))
}

Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
pkg/decoders/html_entity.go
}

// Append the decoded byte
decoded = append(decoded, byte(num))

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types

Incorrect conversion of a signed 32-bit integer from [strconv.ParseInt](1) to a lower bit size type uint8 without an upper bound check.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the parsed integer value is within the valid range for a byte (0 to 255) before performing the conversion. This can be done by adding a bounds check after parsing the integer and before converting it to a byte.

  • We will add a check to ensure that the parsed integer is within the range of 0 to 255.
  • If the parsed integer is outside this range, we will skip the conversion and continue with the next match.
  • This change will be made in the decodeHtmlHex function in the file pkg/decoders/html_entity.go.
Suggested changeset 1
pkg/decoders/html_entity.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/decoders/html_entity.go b/pkg/decoders/html_entity.go
--- a/pkg/decoders/html_entity.go
+++ b/pkg/decoders/html_entity.go
@@ -144,2 +144,7 @@
 
+		// Check if the parsed number is within the valid range for a byte
+		if num < 0 || num > 255 {
+			continue
+		}
+
 		// Append the decoded byte
EOF
@@ -144,2 +144,7 @@

// Check if the parsed number is within the valid range for a byte
if num < 0 || num > 255 {
continue
}

// Append the decoded byte
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@rgmz rgmz force-pushed the feat/html-decoder branch from cb4c962 to 6083804 Compare December 25, 2024 16:22
@rgmz rgmz closed this Dec 25, 2024
@rgmz rgmz mentioned this pull request Dec 25, 2024
Merged
2 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rgmz