CodeQL analysis: fix some security warnings

They are related to logging user-input.
2022-06-16 17:13:15 +02:00 · 2022-06-16 17:13:15 +02:00 · d23240f6c8
commit d23240f6c8
parent b9a4578f0b
3 changed files with 7 additions and 4 deletions
--- a/adder/adder.go
+++ b/adder/adder.go
@ -10,9 +10,9 @@ import (
 	"mime/multipart"
 	"strings"
 	"github.com/ipfs/go-unixfs"
 	"github.com/ipfs-cluster/ipfs-cluster/adder/ipfsadd"
 	"github.com/ipfs-cluster/ipfs-cluster/api"
 	"github.com/ipfs/go-unixfs"
 	"github.com/ipld/go-car"
 	peer "github.com/libp2p/go-libp2p-core/peer"
@ -210,7 +210,7 @@ func newIpfsAdder(ctx context.Context, dgs ClusterDAGService, params api.AddPara
 	hashFunCode, ok := multihash.Names[strings.ToLower(params.HashFun)]
 	if !ok {
-		return nil, fmt.Errorf("unrecognized hash function: %s", params.HashFun)
+		return nil, errors.New("hash function name not known")
 	}
 	prefix.MhType = hashFunCode
 	prefix.MhLength = -1
--- a/api/pinsvcapi/pinsvc/pinsvc.go
+++ b/api/pinsvcapi/pinsvc/pinsvc.go
@ -288,10 +288,13 @@ func (lo *ListOptions) FromQuery(q url.Values) error {
 	}
 	if v := q.Get("limit"); v != "" {
-		lim, err := strconv.ParseUint(v, 10, 64)
+		lim, err := strconv.ParseInt(v, 10, 64)
 		if err != nil {
 			return fmt.Errorf("error parsing 'limit' query param: %s: %w", v, err)
 		}
 		if lim < 0 {
 			return errors.New("'limit' cannot be negative")
 		}
 		lo.Limit = int(lim)
 	}
--- a/api/types.go
+++ b/api/types.go
@ -692,7 +692,7 @@ func PinModeFromString(s string) PinMode {
 	case "direct":
 		return PinModeDirect
 	default:
-		logger.Warnf("unknown pin mode %s. Defaulting to recursive", s)
+		logger.Warn("unknown pin mode string. Defaulting to recursive")
 		return PinModeRecursive
 	}
 }