fix(backend): Fix parsing user ID to uint32

The error was introduced in fc48ea6 which addressed the CodeQL finding that casting int64 to int32 was bad.
marekful · May 4, 2023 · 40188f3 · 40188f3
1 parent b8dee9b
commit 40188f3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/backend/cmd/users.go b/backend/cmd/users.go
@@ -52,12 +52,12 @@ func printUsers(usrs []*users.User) {
 	w.Flush()
 }
 
-func parseUsernameOrID(arg string) (username string, id uint64) {
-	id64, err := strconv.ParseUint(arg, 10, 64)
+func parseUsernameOrID(arg string) (username string, id uint) {
+	rawID, err := strconv.Atoi(arg)
 	if err != nil {
 		return arg, 0
 	}
-	return "", id64
+	return "", uint(rawID)
 }
 
 func addUserFlags(flags *pflag.FlagSet) {

diff --git a/backend/http/agents.go b/backend/http/agents.go
@@ -116,13 +116,17 @@ func withAgentUser(fn handleFunc) handleFunc {
 
 		// Fetch the user referred to in query params
 		vars := mux.Vars(r)
-		userID := vars["user_id"]
-		id64, err := strconv.ParseUint(userID, 10, 64)
+		userID, set := vars["user_id"]
+		if !set {
+			return http.StatusUnauthorized, nil
+		}
+
+		rawID, err := strconv.Atoi(userID)
 		if err != nil {
 			return http.StatusUnauthorized, nil
 		}
 
-		user, dErr := d.store.Users.Get(d.server.Root, id64)
+		user, dErr := d.store.Users.Get(d.server.Root, uint(rawID))
 		if dErr != nil {
 			return http.StatusUnauthorized, nil
 		}