fix: resolve gosec integer overflow and unconvert issues

- Fix G115 integer overflow by converting uint32 to int comparison - Remove unnecessary int() conversions for syscall constants - syscall.Stdin/Stderr/Stdout are already int type
2025-06-20 09:50:00 -07:00 · 2025-06-20 09:50:00 -07:00 · abcc7b6c3a
commit abcc7b6c3a
parent 9e35bf21a3
4 changed files with 7 additions and 7 deletions
--- a/internal/secret/crypto.go
+++ b/internal/secret/crypto.go
@ -83,19 +83,19 @@ func DecryptWithPassphrase(encryptedData []byte, passphrase string) ([]byte, err
 // This version is for unlocking and doesn't require confirmation
 func ReadPassphrase(prompt string) (string, error) {
 	// Check if stdin is a terminal
-	if !term.IsTerminal(int(syscall.Stdin)) {
+	if !term.IsTerminal(syscall.Stdin) {
 		// Not a terminal - never read passphrases from piped input for security reasons
 		return "", fmt.Errorf("cannot read passphrase from non-terminal stdin (piped input or script). Please set the SB_UNLOCK_PASSPHRASE environment variable or run interactively")
 	}

 	// stdin is a terminal, check if stderr is also a terminal for interactive prompting
-	if !term.IsTerminal(int(syscall.Stderr)) {
+	if !term.IsTerminal(syscall.Stderr) {
 		return "", fmt.Errorf("cannot prompt for passphrase: stderr is not a terminal (running in non-interactive mode). Please set the SB_UNLOCK_PASSPHRASE environment variable")
 	}

 	// Both stdin and stderr are terminals - use secure password reading
 	fmt.Fprint(os.Stderr, prompt) // Write prompt to stderr, not stdout
-	passphrase, err := term.ReadPassword(int(syscall.Stdin))
+	passphrase, err := term.ReadPassword(syscall.Stdin)
 	if err != nil {
 		return "", fmt.Errorf("failed to read passphrase: %w", err)
 	}
--- a/internal/secret/debug.go
+++ b/internal/secret/debug.go
@ -36,7 +36,7 @@ func InitDebugLogging() {
 	_, _, _ = syscall.Syscall(syscall.SYS_FCNTL, os.Stderr.Fd(), syscall.F_SETFL, syscall.O_SYNC)

 	// Check if STDERR is a TTY
-	isTTY := term.IsTerminal(int(syscall.Stderr))
+	isTTY := term.IsTerminal(syscall.Stderr)

 	var handler slog.Handler
 	if isTTY {
--- a/internal/secret/debug_test.go
+++ b/internal/secret/debug_test.go
@ -64,7 +64,7 @@ func TestDebugLogging(t *testing.T) {

 				// Override the debug logger for testing
 				oldLogger := debugLogger
-				if term.IsTerminal(int(syscall.Stderr)) {
+				if term.IsTerminal(syscall.Stderr) {
 					// TTY: use colorized handler with our buffer
 					debugLogger = slog.New(newColorizedHandler(&buf))
 				} else {
--- a/pkg/bip85/bip85.go
+++ b/pkg/bip85/bip85.go
@ -308,7 +308,7 @@ func DeriveBase64Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint3
 	encodedStr = strings.TrimRight(encodedStr, "=")

 	// Slice to the desired password length
-	if uint32(len(encodedStr)) < pwdLen {
+	if len(encodedStr) < int(pwdLen) {
 		return "", fmt.Errorf("derived password length %d is shorter than requested length %d", len(encodedStr), pwdLen)
 	}

@ -332,7 +332,7 @@ func DeriveBase85Password(masterKey *hdkeychain.ExtendedKey, pwdLen, index uint3
 	encoded := encodeBase85WithRFC1924Charset(entropy)

 	// Slice to the desired password length
-	if uint32(len(encoded)) < pwdLen {
+	if len(encoded) < int(pwdLen) {
 		return "", fmt.Errorf("encoded length %d is less than requested length %d", len(encoded), pwdLen)
 	}