fix(security): prevent integer overflow in uint64 to int64 conversions

Add overflow checks before converting uint64 memory values to int64 to prevent potential integer overflow issues identified by gosec (G115). - Add math.MaxInt64 checks in fileproc/backpressure.go - Add math.MaxInt64 checks in fileproc/resource_monitor_validation.go - Add math.MaxInt64 checks in fileproc/resource_monitor_metrics.go - Add math.MaxInt64 check in benchmark/benchmark.go with nosec annotation Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>
2026-02-06 23:46:46 +00:00 · 2025-10-04 23:17:02 +00:00
parent dfda38ded4
commit e9bd694685
40 changed files with 331 additions and 328 deletions
--- a/config/constants.go
+++ b/config/constants.go
@@ -58,4 +58,4 @@ const (
 	MinHardMemoryLimitMB = 64
 	// MaxHardMemoryLimitMB is the maximum hard memory limit (8192MB = 8GB).
 	MaxHardMemoryLimitMB = 8192
-)
+)
--- a/config/getters.go
+++ b/config/getters.go
@@ -154,4 +154,4 @@ func GetEnableGracefulDegradation() bool {
 // GetEnableResourceMonitoring returns whether resource monitoring is enabled.
 func GetEnableResourceMonitoring() bool {
 	return viper.GetBool("resourceLimits.enableResourceMonitoring")
-}
+}
--- a/config/loader.go
+++ b/config/loader.go
@@ -87,4 +87,4 @@ func setDefaultConfig() {
 	viper.SetDefault("resourceLimits.hardMemoryLimitMB", DefaultHardMemoryLimitMB)
 	viper.SetDefault("resourceLimits.enableGracefulDegradation", true)
 	viper.SetDefault("resourceLimits.enableResourceMonitoring", true)
-}
+}
--- a/config/loader_test.go
+++ b/config/loader_test.go
@@ -117,4 +117,4 @@ func containsString(slice []string, item string) bool {
 		}
 	}
 	return false
-}
+}
--- a/config/validation.go
+++ b/config/validation.go
@@ -304,4 +304,4 @@ func ValidateConcurrency(concurrency int) error {
 	}

 	return nil
-}
+}
--- a/config/validation_test.go
+++ b/config/validation_test.go
@@ -242,4 +242,4 @@ func errorAs(err error, target interface{}) bool {
 		}
 	}
 	return false
-}
+}