From 848d2373191fc3e919c6798326ddf95bc0a9e844 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 08:30:38 +0000 Subject: [PATCH 1/3] =?UTF-8?q?fix(security):=20replace=20unsafe=20int64?= =?UTF-8?q?=E2=86=92int=20casts=20with=20strconv.Atoi=20(CWE-190)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit parsePositiveIntEnvVar previously parsed env vars as int64 and callers cast the result to int with int(parsed), risking integer overflow on 32-bit platforms when the supplied value exceeded math.MaxInt32 (CWE-190 / CWE-681, CodeQL rule go/incorrect-integer-conversion, alerts #634 and #609). Change parsePositiveIntEnvVar to return int directly via strconv.Atoi, which uses the platform-native integer width and rejects values that would overflow. Update callers accordingly: - ResolveDefaultMaxTurns: strconv.FormatInt → strconv.Itoa - ResolveDefaultTimeoutMinutes: remove int() cast - ResolveDefaultMaxTurnCacheMisses: remove int() cast Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- pkg/workflow/compilerenv/manager.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/workflow/compilerenv/manager.go b/pkg/workflow/compilerenv/manager.go index a349fb86a11..e63b8a359d4 100644 --- a/pkg/workflow/compilerenv/manager.go +++ b/pkg/workflow/compilerenv/manager.go @@ -53,7 +53,7 @@ const ( // otherwise returns the parsed override as a string. func ResolveDefaultMaxTurns(fallback string) string { if parsed, ok := parsePositiveIntEnvVar(DefaultMaxTurns); ok { - return strconv.FormatInt(parsed, 10) + return strconv.Itoa(parsed) } return fallback } @@ -62,7 +62,7 @@ func ResolveDefaultMaxTurns(fallback string) string { // otherwise returns the parsed override. func ResolveDefaultTimeoutMinutes(fallback int) int { if parsed, ok := parsePositiveIntEnvVar(DefaultTimeoutMinutes); ok { - return int(parsed) + return parsed } return fallback } @@ -71,7 +71,7 @@ func ResolveDefaultTimeoutMinutes(fallback int) int { // otherwise returns the parsed override. func ResolveDefaultMaxTurnCacheMisses(fallback int) int { if parsed, ok := parsePositiveIntEnvVar(DefaultMaxTurnCacheMisses); ok { - return int(parsed) + return parsed } return fallback } @@ -98,15 +98,15 @@ func ResolveDefaultUTC(fallback string) string { return raw } -// parsePositiveIntEnvVar parses an environment variable as a base-10 positive int64. +// parsePositiveIntEnvVar parses an environment variable as a base-10 positive int. // It returns (value, true) when the variable is set to a valid value > 0. // For unset, empty, non-numeric, or non-positive values, it returns (0, false). -func parsePositiveIntEnvVar(name string) (int64, bool) { +func parsePositiveIntEnvVar(name string) (int, bool) { raw := strings.TrimSpace(os.Getenv(name)) if raw == "" { return 0, false } - parsed, err := strconv.ParseInt(raw, 10, 64) + parsed, err := strconv.Atoi(raw) if err != nil || parsed <= 0 { return 0, false } From 171bafaee9dbcd95716f3434e4525e33caf1001a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 21 Jun 2026 14:37:58 +0000 Subject: [PATCH 2/3] test: add overflow regression test for parsePositiveIntEnvVar (CWE-190) Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/compilerenv/manager_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/workflow/compilerenv/manager_test.go b/pkg/workflow/compilerenv/manager_test.go index 75cbeb503f5..9d8c9acbff3 100644 --- a/pkg/workflow/compilerenv/manager_test.go +++ b/pkg/workflow/compilerenv/manager_test.go @@ -1,6 +1,7 @@ package compilerenv import ( + "strconv" "testing" "github.com/stretchr/testify/assert" @@ -106,6 +107,21 @@ func TestResolveDefaultMaxTurnCacheMisses(t *testing.T) { }) } +func TestParsePositiveIntEnvVar_OverflowRegression(t *testing.T) { + // 2^31 = 2147483648: fits in int64 but overflows int32. + // On 32-bit platforms (strconv.IntSize == 32) strconv.Atoi rejects this + // value, so the function must fall back to the default — the original + // CWE-190 silent-overflow scenario. On 64-bit platforms it parses + // successfully, proving no over-restriction. + const bigVal = "2147483648" + t.Setenv(DefaultTimeoutMinutes, bigVal) + if strconv.IntSize == 32 { + assert.Equal(t, 20, ResolveDefaultTimeoutMinutes(20), "overflow value must fall back on 32-bit") + } else { + assert.Equal(t, 2147483648, ResolveDefaultTimeoutMinutes(20), "value fits on 64-bit, must parse") + } +} + func TestResolveDefaultDetectionModel(t *testing.T) { t.Run("unset uses fallback", func(t *testing.T) { t.Setenv(DefaultDetectionModel, "") From 644792886960dd19d8cfa5f03f91f0a6d5efd70a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 21 Jun 2026 14:38:33 +0000 Subject: [PATCH 3/3] =?UTF-8?q?test:=20clarify=20overflow=20comment=20?= =?UTF-8?q?=E2=80=94=202^31=20is=20one=20above=20MaxInt32?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com> --- pkg/workflow/compilerenv/manager_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/workflow/compilerenv/manager_test.go b/pkg/workflow/compilerenv/manager_test.go index 9d8c9acbff3..cea6733c18b 100644 --- a/pkg/workflow/compilerenv/manager_test.go +++ b/pkg/workflow/compilerenv/manager_test.go @@ -108,7 +108,7 @@ func TestResolveDefaultMaxTurnCacheMisses(t *testing.T) { } func TestParsePositiveIntEnvVar_OverflowRegression(t *testing.T) { - // 2^31 = 2147483648: fits in int64 but overflows int32. + // 2^31 = 2147483648, one above MaxInt32 (2^31-1): fits in int64 but overflows int32. // On 32-bit platforms (strconv.IntSize == 32) strconv.Atoi rejects this // value, so the function must fall back to the default — the original // CWE-190 silent-overflow scenario. On 64-bit platforms it parses