Fix CodeQL code scanning alerts (#36858)
Fixes 10 CodeQL code scanning alerts: - Change `NewPagination`/`SetLinkHeader` to accept `int64` for total count, clamping internally to fix incorrect-integer-conversion alerts ([#110](https://github.com/go-gitea/gitea/security/code-scanning/110), [#114](https://github.com/go-gitea/gitea/security/code-scanning/114), [#115](https://github.com/go-gitea/gitea/security/code-scanning/115), [#116](https://github.com/go-gitea/gitea/security/code-scanning/116)) - Use `strconv.Atoi()` in `htmlrenderer.go` to avoid int64 intermediate ([#105](https://github.com/go-gitea/gitea/security/code-scanning/105), [#106](https://github.com/go-gitea/gitea/security/code-scanning/106)) - Clamp regex match indices in `escape_stream.go` to fix allocation-size-overflow ([#161](https://github.com/go-gitea/gitea/security/code-scanning/161), [#162](https://github.com/go-gitea/gitea/security/code-scanning/162), [#163](https://github.com/go-gitea/gitea/security/code-scanning/163)) - Cap slice pre-allocation in `GetIssueDependencies` ([#181](https://github.com/go-gitea/gitea/security/code-scanning/181)) --------- Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
@@ -163,7 +163,7 @@ func GetAPIContext(req *http.Request) *APIContext {
|
||||
return req.Context().Value(apiContextKey).(*APIContext)
|
||||
}
|
||||
|
||||
func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
|
||||
func genAPILinks(curURL *url.URL, total int64, pageSize, curPage int) []string {
|
||||
page := NewPagination(total, pageSize, curPage, 0)
|
||||
paginater := page.Paginater
|
||||
links := make([]string, 0, 4)
|
||||
@@ -204,7 +204,8 @@ func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
|
||||
}
|
||||
|
||||
// SetLinkHeader sets pagination link header by given total number and page size.
|
||||
func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
||||
// "count" is usually from database result "count int64", so it also uses int64,
|
||||
func (ctx *APIContext) SetLinkHeader(total int64, pageSize int) {
|
||||
links := genAPILinks(ctx.Req.URL, total, pageSize, ctx.FormInt("page"))
|
||||
|
||||
if len(links) > 0 {
|
||||
|
||||
@@ -6,6 +6,7 @@ package context
|
||||
import (
|
||||
"fmt"
|
||||
"html/template"
|
||||
"math"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"slices"
|
||||
@@ -22,11 +23,13 @@ type Pagination struct {
|
||||
}
|
||||
|
||||
// NewPagination creates a new instance of the Pagination struct.
|
||||
// "total" is usually from database result "count int64", so it also uses int64
|
||||
// "pagingNum" is "page size" or "limit", "current" is "page"
|
||||
// total=-1 means only showing prev/next
|
||||
func NewPagination(total, pagingNum, current, numPages int) *Pagination {
|
||||
func NewPagination(total int64, pagingNum, current, numPages int) *Pagination {
|
||||
totalInt := int(min(total, int64(math.MaxInt)))
|
||||
p := &Pagination{}
|
||||
p.Paginater = paginator.New(total, pagingNum, current, numPages)
|
||||
p.Paginater = paginator.New(totalInt, pagingNum, current, numPages)
|
||||
return p
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user