fix: converstion issues found via gosec

Author: adamdecaf

Diff for: converters.go

@@ -32,8 +32,12 @@ func (c *converters) parseAlphaField(r string, max uint) string {
 	if ln > max {
 		return r[ln-max:]
 	}
-	if count := int(max - ln); validSize(count) {
-		r += strings.Repeat(" ", count)
+
+	rem := max - ln
+	if !validSizeUint(rem) {
+		return ""
+	} else {
+		r += strings.Repeat(" ", int(rem)) //nolint:gosec
 	}
 	return r
 }
@@ -44,8 +48,12 @@ func (c *converters) numericStringField(s string, max uint) string {
 	if ln > max {
 		return s[ln-max:]
 	}
-	if count := int(max - ln); validSize(count) {
-		s = strings.Repeat("0", count) + s
+
+	rem := max - ln
+	if !validSizeUint(rem) {
+		return ""
+	} else {
+		s = strings.Repeat("0", int(rem)) + s //nolint:gosec
 	}
 	return s
 }
@@ -65,8 +73,11 @@ func (c *converters) formatAlphaField(s string, max uint, options FormatOptions)
 		return s[:max]
 	}
 	if !options.VariableLengthFields {
-		if count := int(max - ln); validSize(count) {
-			s += strings.Repeat(" ", count)
+		rem := max - ln
+		if !validSizeUint(rem) {
+			return ""
+		} else {
+			s += strings.Repeat(" ", int(rem)) //nolint:gosec
 		}
 	}
 	return s

Diff for: unstructuredAddenda.go

@@ -74,7 +74,7 @@ func (ua *UnstructuredAddenda) String() string {
 	buf.WriteString(ua.tag)
 	buf.WriteString(ua.AddendaLengthField())
 
-	if size := ua.parseNumField(ua.AddendaLength); validSize(size) {
+	if size := ua.parseNumField(ua.AddendaLength); validSizeInt(size) {
 		buf.Grow(size)
 	}
 
@@ -123,5 +123,9 @@ func (ua *UnstructuredAddenda) AddendaLengthField() string {
 
 // AddendaField gets a string of the Addenda field
 func (ua *UnstructuredAddenda) AddendaField() string {
-	return ua.alphaField(ua.Addenda, uint(ua.parseNumField(ua.AddendaLength)))
+	max := ua.parseNumField(ua.AddendaLength)
+	if max < 0 || !validSizeInt(max) {
+		return ""
+	}
+	return ua.alphaField(ua.Addenda, uint(max))
 }

Diff for: validators.go

@@ -31,10 +31,14 @@ const (
 	maxBufferGrowth = 1e8
 )
 
-func validSize(n int) bool {
+func validSizeInt(n int) bool {
 	return n > 0 && n < maxBufferGrowth
 }
 
+func validSizeUint(n uint) bool {
+	return n < maxBufferGrowth
+}
+
 // validator is common validation and formatting of golang types to WIRE type strings
 type validator struct{}
 

Diff for: validators_test.go

@@ -13,19 +13,31 @@ import (
 )
 
 func TestValidSize(t *testing.T) {
-	require.True(t, validSize(10))
-	require.True(t, validSize(1e7))
+	require.True(t, validSizeInt(10))
+	require.True(t, validSizeInt(1e7))
 
-	require.False(t, validSize(1e8+1))
-	require.False(t, validSize(1e9))
-	require.False(t, validSize(math.MaxInt))
+	require.False(t, validSizeInt(1e8+1))
+	require.False(t, validSizeInt(1e9))
+	require.False(t, validSizeInt(math.MaxInt))
 
 	t.Run("don't grow", func(t *testing.T) {
 		ua := &UnstructuredAddenda{}
 		ua.AddendaLength = fmt.Sprintf("%0.0f", 1e9)
 		expected := "1000"
 		require.Equal(t, expected, ua.String())
 	})
+
+	t.Run("int", func(t *testing.T) {
+		require.False(t, validSizeInt(int(1e9)))
+	})
+
+	t.Run("uint", func(t *testing.T) {
+		a := uint(100)
+		b := uint(201)
+
+		require.False(t, validSizeUint(a-b))
+		require.True(t, validSizeUint(b-a))
+	})
 }
 
 func TestValidators__validateOptionFName(t *testing.T) {