Fixes SAST issues

--------- Co-authored-by: joe webster <[email protected]>
NetApp · Jun 14, 2024 · ad8b10a · ad8b10a
1 parent d99043d
commit ad8b10a
Show file tree

Hide file tree

Showing 12 changed files with 157 additions and 52 deletions.
diff --git a/frontend/docker/plugin.go b/frontend/docker/plugin.go
@@ -7,6 +7,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"math"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -289,6 +290,9 @@ func (p *Plugin) Create(request *volume.CreateRequest) error {
 	sizeBytes, err := utils.GetVolumeSizeBytes(ctx, request.Options, "0")
 	if err != nil {
 		return fmt.Errorf("error creating volume: %v", err)
+	} else if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithFields(fields).Error("Invalid volume size")
+		return errors.New("invalid volume size")
 	}
 	delete(request.Options, "size")
 

diff --git a/storage_drivers/azure/azure_anf.go b/storage_drivers/azure/azure_anf.go
@@ -202,10 +202,15 @@ func (d *NASStorageDriver) Initialize(
 
 	volumeCreateTimeout := d.defaultCreateTimeout()
 	if config.VolumeCreateTimeout != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.VolumeCreateTimeout, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.VolumeCreateTimeout, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(parseErr).Error(
 				"Invalid volume create timeout period.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(parseErr).Error(
+				"Unsupported volume create timeout period.")
+			return errors.UnsupportedError("unsupported volume create timeout period")
 		} else {
 			volumeCreateTimeout = time.Duration(i) * time.Second
 		}
@@ -545,21 +550,31 @@ func (d *NASStorageDriver) initializeAzureSDKClient(
 
 	sdkTimeout := api.DefaultSDKTimeout
 	if config.SDKTimeout != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.SDKTimeout, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.SDKTimeout, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.SDKTimeout).WithError(parseErr).Error(
 				"Invalid value for SDK timeout.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.SDKTimeout).WithError(parseErr).Error(
+				"Unsupported value for SDK timeout.")
+			return errors.UnsupportedError("unsupported SDK timeout")
 		} else {
 			sdkTimeout = time.Duration(i) * time.Second
 		}
 	}
 
 	maxCacheAge := api.DefaultMaxCacheAge
 	if config.MaxCacheAge != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.MaxCacheAge, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.MaxCacheAge, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.MaxCacheAge).WithError(parseErr).Error(
 				"Invalid value for max cache age.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.MaxCacheAge).WithError(parseErr).Error(
+				"Unsupported value for max cache age.")
+			return errors.UnsupportedError("unsupported max cache age")
 		} else {
 			maxCacheAge = time.Duration(i) * time.Second
 		}
@@ -1988,6 +2003,11 @@ func (d *NASStorageDriver) Resize(ctx context.Context, volConfig *storage.Volume
 	Logd(ctx, d.Name(), d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace(">>>> Resize")
 	defer Logd(ctx, d.Name(), d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace("<<<< Resize")
 
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithFields(fields).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
+
 	// Update resource cache as needed
 	if err := d.SDK.RefreshAzureResources(ctx); err != nil {
 		return fmt.Errorf("could not update ANF resource cache; %v", err)

diff --git a/storage_drivers/azure/azure_anf_subvolume.go b/storage_drivers/azure/azure_anf_subvolume.go
@@ -7,6 +7,7 @@ import (
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
+	"math"
 	"os"
 	"reflect"
 	"regexp"
@@ -274,10 +275,15 @@ func (d *NASBlockStorageDriver) Initialize(
 
 	volumeCreateTimeout := d.defaultCreateTimeout()
 	if config.VolumeCreateTimeout != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.VolumeCreateTimeout, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.VolumeCreateTimeout, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(parseErr).Error(
 				"Invalid volume create timeout period.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(parseErr).Error(
+				"Unsupported volume create timeout period.")
+			return errors.UnsupportedError("unsupported volume create timeout period")
 		} else {
 			volumeCreateTimeout = time.Duration(i) * time.Second
 		}
@@ -532,21 +538,31 @@ func (d *NASBlockStorageDriver) initializeAzureSDKClient(
 
 	sdkTimeout := api.DefaultSDKTimeout
 	if config.SDKTimeout != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.SDKTimeout, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.SDKTimeout, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.SDKTimeout).WithError(parseErr).Error(
 				"Invalid value for SDK timeout.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.SDKTimeout).WithError(parseErr).Error(
+				"Unsupported value for SDK timeout.")
+			return errors.UnsupportedError("unsupported SDK timeout")
 		} else {
 			sdkTimeout = time.Duration(i) * time.Second
 		}
 	}
 
 	maxCacheAge := api.DefaultMaxCacheAge
 	if config.MaxCacheAge != "" {
-		if i, parseErr := strconv.ParseUint(d.Config.MaxCacheAge, 10, 64); parseErr != nil {
+		i, parseErr := strconv.ParseInt(d.Config.MaxCacheAge, 10, 64)
+		if parseErr != nil {
 			Logc(ctx).WithField("interval", d.Config.MaxCacheAge).WithError(parseErr).Error(
 				"Invalid value for max cache age.")
 			return parseErr
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.MaxCacheAge).WithError(parseErr).Error(
+				"Unsupported value for max cache age.")
+			return errors.UnsupportedError("unsupported max cache age")
 		} else {
 			maxCacheAge = time.Duration(i) * time.Second
 		}
@@ -1691,6 +1707,11 @@ func (d *NASBlockStorageDriver) Resize(ctx context.Context, volConfig *storage.V
 	Logd(ctx, d.Name(), d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace(">>>> Resize")
 	defer Logd(ctx, d.Name(), d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace("<<<< Resize")
 
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithFields(fields).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
+
 	// Get the subvolume
 	subvolumeWithMetadata, err := d.SDK.Subvolume(ctx, volConfig, true)
 	if err != nil {

diff --git a/storage_drivers/gcp/gcp_cvs.go b/storage_drivers/gcp/gcp_cvs.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"math"
 	"net"
 	"reflect"
 	"regexp"
@@ -281,11 +282,15 @@ func (d *NFSStorageDriver) populateConfigurationDefaults(
 	// VolumeCreateTimeoutSeconds is the timeout value in seconds.
 	volumeCreateTimeout := d.defaultCreateTimeout()
 	if config.VolumeCreateTimeout != "" {
-		i, err := strconv.ParseUint(d.Config.VolumeCreateTimeout, 10, 64)
+		i, err := strconv.ParseInt(d.Config.VolumeCreateTimeout, 10, 64)
 		if err != nil {
-			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).Errorf(
-				"Invalid volume create timeout period. %v", err)
+			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(err).Error(
+				"Invalid volume create timeout period.")
 			return err
+		} else if i < 0 {
+			Logc(ctx).WithField("interval", d.Config.VolumeCreateTimeout).WithError(err).Error(
+				"Unsupported volume create timeout period.")
+			return errors.UnsupportedError("unsupported volume create timeout period")
 		}
 		volumeCreateTimeout = time.Duration(i) * time.Second
 	}
@@ -697,6 +702,11 @@ func (d *NFSStorageDriver) Create(
 		sizeBytes = d.applyMinimumVolumeSizeHW(requestedSizeBytes)
 	}
 
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithFields(fields).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
+
 	if requestedSizeBytes < sizeBytes {
 		Logc(ctx).WithFields(LogFields{
 			"name":          name,
@@ -1739,6 +1749,11 @@ func (d *NFSStorageDriver) Resize(ctx context.Context, volConfig *storage.Volume
 	Logd(ctx, d.Config.StorageDriverName, d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace(">>>> Resize")
 	defer Logd(ctx, d.Config.StorageDriverName, d.Config.DebugTraceFlags["method"]).WithFields(fields).Trace("<<<< Resize")
 
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithFields(fields).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
+
 	// Get the volume
 	creationToken := name
 

diff --git a/storage_drivers/gcp/gcp_cvs_test.go b/storage_drivers/gcp/gcp_cvs_test.go
@@ -909,7 +909,7 @@ func TestInitialize_InvalidVolumeCreateTimeout(t *testing.T) {
 	d := newTestGCPDriver(nil)
 
 	err := d.Initialize(ctx(), tridentconfig.ContextCSI, configJSON, commonConfig, map[string]string{}, "abcd")
-	assert.ErrorContains(t, err, "strconv.ParseUint", "Valid volume create timeout")
+	assert.ErrorContains(t, err, "strconv.ParseInt", "Valid volume create timeout")
 	assert.False(t, d.initialized, "Driver initialized")
 }
 

diff --git a/storage_drivers/ontap/api/abstraction_rest.go b/storage_drivers/ontap/api/abstraction_rest.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"math"
 	"runtime/debug"
 	"sort"
 	"strconv"
@@ -2058,6 +2059,11 @@ func (d OntapAPIREST) LunCreate(ctx context.Context, lun Lun) error {
 
 	sizeBytesStr, _ := utils.ConvertSizeToBytes(lun.Size)
 	sizeBytes, _ := strconv.ParseUint(sizeBytesStr, 10, 64)
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithField("sizeInBytes", sizeBytes).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
+
 	creationErr := d.api.LunCreate(ctx, lun.Name, int64(sizeBytes), lun.OsType, lun.Qos, *lun.SpaceReserved,
 		*lun.SpaceAllocated)
 	if creationErr != nil {

diff --git a/storage_drivers/ontap/api/ontap_rest.go b/storage_drivers/ontap/api/ontap_rest.go
@@ -10,6 +10,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"math"
 	"net/http"
 	"net/url"
 	"os"
@@ -642,6 +643,10 @@ func (c RestClient) setVolumeSizeByNameAndStyle(ctx context.Context, volumeName,
 
 	sizeBytesStr, _ := utils.ConvertSizeToBytes(newSize)
 	sizeBytes, _ := strconv.ParseUint(sizeBytesStr, 10, 64)
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithField("sizeInBytes", sizeBytes).Error("Invalid volume size")
+		return errors.New("invalid volume size")
+	}
 
 	volumeInfo := &models.Volume{
 		Size: utils.Ptr(int64(sizeBytes)),
@@ -2923,6 +2928,11 @@ func (c RestClient) LunSetSize(
 
 	sizeBytesStr, _ := utils.ConvertSizeToBytes(newSize)
 	sizeBytes, _ := strconv.ParseUint(sizeBytesStr, 10, 64)
+	if sizeBytes > math.MaxInt64 {
+		Logc(ctx).WithField("sizeInBytes", sizeBytes).Error("Invalid volume size")
+		return 0, errors.New("invalid volume size")
+	}
+
 	spaceInfo := &models.LunInlineSpace{
 		Size: utils.Ptr(int64(sizeBytes)),
 	}
@@ -5740,6 +5750,10 @@ func (c RestClient) NVMeNamespaceCreate(ctx context.Context, ns NVMeNamespace) (
 
 	sizeBytesStr, _ := utils.ConvertSizeToBytes(ns.Size)
 	sizeInBytes, _ := strconv.ParseUint(sizeBytesStr, 10, 64)
+	if sizeInBytes > math.MaxInt64 {
+		Logc(ctx).WithField("sizeInBytes", sizeInBytes).Error("Invalid volume size")
+		return "", errors.New("invalid volume size")
+	}
 
 	nsInfo := &models.NvmeNamespace{
 		Name:   &ns.Name,