G115 go sec fix

Author: SivaanandM

spectrocloud/common/safe_conversions.go

@@ -0,0 +1,19 @@
+package common
+
+// SafeUint32 converts int to uint32 with bounds checking to prevent overflow
+func SafeUint32(value int) uint32 {
+	if value < 0 {
+		return 0
+	}
+	// On 32-bit systems, int max is smaller than uint32 max, so no overflow possible
+	// On 64-bit systems, we need to check against uint32 max
+	if ^uint(0)>>32 == 0 {
+		// 32-bit system: int and uint32 have same size, no overflow possible
+		return uint32(value)
+	}
+	// 64-bit system: check against uint32 max
+	if uint64(value) > 0xFFFFFFFF {
+		return 0xFFFFFFFF
+	}
+	return uint32(value)
+}

spectrocloud/kubevirt/schema/virtualmachineinstance/domain_spec.go

@@ -9,6 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	kubevirtapiv1 "kubevirt.io/api/core/v1"
 
+	"github.com/spectrocloud/terraform-provider-spectrocloud/spectrocloud/common"
 	"github.com/spectrocloud/terraform-provider-spectrocloud/spectrocloud/kubevirt/utils"
 )
 
@@ -295,7 +296,7 @@ func expandCPU(cpu map[string]interface{}) (kubevirtapiv1.CPU, error) {
 		if v > math.MaxInt { // Cap to max representable int on this architecture
 			return result, fmt.Errorf("cores value %d is out of range for uint32", v)
 		}
-		result.Cores = uint32(v)
+		result.Cores = common.SafeUint32(v)
 	}
 	if v, ok := cpu["sockets"].(int); ok {
 		if v < 0 {
@@ -304,7 +305,7 @@ func expandCPU(cpu map[string]interface{}) (kubevirtapiv1.CPU, error) {
 		if v > math.MaxInt { // Cap to max representable int on this architecture
 			return result, fmt.Errorf("sockets value %d is out of range for uint32", v)
 		}
-		result.Sockets = uint32(v)
+		result.Sockets = common.SafeUint32(v)
 	}
 	if v, ok := cpu["threads"].(int); ok {
 		if v < 0 {
@@ -313,7 +314,7 @@ func expandCPU(cpu map[string]interface{}) (kubevirtapiv1.CPU, error) {
 		if v > math.MaxInt { // Cap to max representable int on this architecture
 			return result, fmt.Errorf("threads value %d is out of range for uint32", v)
 		}
-		result.Threads = uint32(v)
+		result.Threads = common.SafeUint32(v)
 	}
 
 	return result, nil

spectrocloud/utils.go

@@ -3,6 +3,8 @@ package spectrocloud
 import (
 	"math"
 	"time"
+
+	"github.com/spectrocloud/terraform-provider-spectrocloud/spectrocloud/common"
 )
 
 // SafeInt32 converts int to int32 with bounds checking to prevent overflow
@@ -24,13 +26,7 @@ func SafeInt64(value int) int64 {
 
 // SafeUint32 converts int to uint32 with bounds checking to prevent overflow
 func SafeUint32(value int) uint32 {
-	if value < 0 {
-		return 0
-	}
-	if value > math.MaxInt {
-		return math.MaxUint32
-	}
-	return uint32(value)
+	return common.SafeUint32(value)
 }
 
 func expandStringList(configured []interface{}) []string {