From e570a9a8777f88d9e2a739c8ed9c2f091a4435e8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 30 Dec 2025 04:22:21 +0000 Subject: [PATCH] Fix unhandled error in schedule parser hash computation (Alert #393) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added error handling for h.Write([]byte(s)) in stableHash() function to satisfy gosec G104 security scanner. While hash.Hash.Write never returns errors in practice, proper error handling follows Go best practices. - Added error check for h.Write() with safe fallback to 0 - Logs warning if hash write fails (extremely unlikely) - No breaking changes to schedule parsing behavior - Maintains consistent error handling pattern across codebase Fixes security alert #393 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- pkg/parser/schedule_parser.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/parser/schedule_parser.go b/pkg/parser/schedule_parser.go index 876baade7b3..77b990cb16b 100644 --- a/pkg/parser/schedule_parser.go +++ b/pkg/parser/schedule_parser.go @@ -169,7 +169,12 @@ func IsFuzzyCron(cron string) bool { // using FNV-1a hash algorithm, which is stable across platforms and Go versions. func stableHash(s string, modulo int) int { h := fnv.New32a() - h.Write([]byte(s)) + // hash.Hash.Write never returns an error in practice, but check to satisfy gosec G104 + if _, err := h.Write([]byte(s)); err != nil { + // Return 0 (safe fallback) if write somehow fails + scheduleLog.Printf("Warning: hash write failed: %v", err) + return 0 + } return int(h.Sum32() % uint32(modulo)) }