sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: resolve gosec integer overflow and unconvert issues

Browse Source 
- Fix G115 integer overflow by converting uint32 to int comparison
- Remove unnecessary int() conversions for syscall constants
- syscall.Stdin/Stderr/Stdout are already int type
This commit is contained in:
Jeffrey Paul
2025-06-20 09:50:00 -07:00
parent 9e35bf21a3
commit abcc7b6c3a
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/secret/crypto.go
View File

@@ -83,19 +83,19 @@ func DecryptWithPassphrase(encryptedData []byte, passphrase string) ([]byte, err
// This version is for unlocking and doesn't require confirmation
func ReadPassphrase(prompt string) (string, error) {
// Check if stdin is a terminal
if !term.IsTerminal(int(syscall.Stdin)) {
if !term.IsTerminal(syscall.Stdin) {
// Not a terminal - never read passphrases from piped input for security reasons
return "", fmt.Errorf("cannot read passphrase from non-terminal stdin (piped input or script). Please set the SB_UNLOCK_PASSPHRASE environment variable or run interactively")
}
// stdin is a terminal, check if stderr is also a terminal for interactive prompting
if !term.IsTerminal(int(syscall.Stderr)) {
if !term.IsTerminal(syscall.Stderr) {
return "", fmt.Errorf("cannot prompt for passphrase: stderr is not a terminal (running in non-interactive mode). Please set the SB_UNLOCK_PASSPHRASE environment variable")
}
// Both stdin and stderr are terminals - use secure password reading
fmt.Fprint(os.Stderr, prompt) // Write prompt to stderr, not stdout
passphrase, err := term.ReadPassword(int(syscall.Stdin))
passphrase, err := term.ReadPassword(syscall.Stdin)
if err != nil {
return "", fmt.Errorf("failed to read passphrase: %w", err)
}