🐛 Fix loop aliasing errors causing linter to fail. (#3414)

Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-09-11 08:55:27 +03:00 · 2023-08-22 17:48:21 -07:00 · 2023-08-22 17:48:21 -07:00 · 93875dd11c
commit 93875dd11c
parent 44bed387e1
5 changed files with 23 additions and 12 deletions
--- a/checks/evaluation/permissions/permissions.go
+++ b/checks/evaluation/permissions/permissions.go
@ -63,6 +63,16 @@ func TokenPermissions(name string, c *checker.CheckRequest, r *checker.TokenPerm
 		"GitHub workflow tokens follow principle of least privilege")
 }

+// avoid memory aliasing by returning a new copy.
+func newUint(u uint) *uint {
+	return &u
+}
+
+// avoid memory aliasing by returning a new copy.
+func newStr(s string) *string {
+	return &s
+}
+
 func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckRequest) (int, error) {
 	// See list https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/.
 	// Note: there are legitimate reasons to use some of the permissions like checks, deployments, etc.
@ -83,10 +93,10 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq
 			loc = &finding.Location{
 				Type:      r.File.Type,
 				Path:      r.File.Path,
-				LineStart: &r.File.Offset,
+				LineStart: newUint(r.File.Offset),
 			}
 			if r.File.Snippet != "" {
-				loc.Snippet = &r.File.Snippet
+				loc.Snippet = newStr(r.File.Snippet)
 			}
 		}

--- a/clients/git/client_test.go
+++ b/clients/git/client_test.go
@ -77,7 +77,7 @@ func createTestRepo(t *testing.T) (path string) {
 	return dir
 }

-//nolint:testparallel
+//nolint:paralleltest
 func TestInitRepo(t *testing.T) {
 	tests := []struct { //nolint:govet
 		name        string
@ -147,7 +147,7 @@ func TestListCommits(t *testing.T) {
 	}
 }

-//nolint:testparallel
+//nolint:paralleltest
 func TestSearch(t *testing.T) {
 	testCases := []struct {
 		name     string
--- a/clients/gitlabrepo/issues_test.go
+++ b/clients/gitlabrepo/issues_test.go
@ -50,10 +50,6 @@ func (s suffixStubTripper) RoundTrip(r *http.Request) (*http.Response, error) {
 	}, nil
 }

-func strptr(s string) *string {
-	return &s
-}
-
 func associationptr(r clients.RepoAssociation) *clients.RepoAssociation {
 	return &r
 }
--- a/clients/gitlabrepo/workflows.go
+++ b/clients/gitlabrepo/workflows.go
@ -44,6 +44,11 @@ func (handler *workflowsHandler) listSuccessfulWorkflowRuns(filename string) ([]
 	return workflowsRunsFrom(jobs, filename), nil
 }

+// avoid memory aliasing by returning a new copy.
+func strptr(s string) *string {
+	return &s
+}
+
 func workflowsRunsFrom(data []*gitlab.Job, filename string) []clients.WorkflowRun {
 	var workflowRuns []clients.WorkflowRun
 	for _, job := range data {
@ -51,7 +56,7 @@ func workflowsRunsFrom(data []*gitlab.Job, filename string) []clients.WorkflowRu
 		for _, artifact := range job.Artifacts {
 			if strings.EqualFold(artifact.Filename, filename) {
 				workflowRuns = append(workflowRuns, clients.WorkflowRun{
-					HeadSHA: &job.Pipeline.Sha,
+					HeadSHA: strptr(job.Pipeline.Sha),
 					URL:     job.WebURL,
 				})
 				continue
--- a/pkg/json_raw_results.go
+++ b/pkg/json_raw_results.go
@ -331,7 +331,7 @@ func (r *jsonScorecardRawResult) addTokenPermissionsRawResults(tp *checker.Token
 				Offset: t.File.Offset,
 			}
 			if t.File.Snippet != "" {
-				p.File.Snippet = &t.File.Snippet
+				p.File.Snippet = asPointer(t.File.Snippet)
 			}
 		}

@ -361,7 +361,7 @@ func (r *jsonScorecardRawResult) addPackagingRawResults(pk *checker.PackagingDat
 		}

 		if p.File.Snippet != "" {
-			jpk.File.Snippet = &p.File.Snippet
+			jpk.File.Snippet = asPointer(p.File.Snippet)
 		}

 		for _, run := range p.Runs {
@ -419,7 +419,7 @@ func (r *jsonScorecardRawResult) addDangerousWorkflowRawResults(df *checker.Dang
 			Type: string(e.Type),
 		}
 		if e.File.Snippet != "" {
-			v.File.Snippet = &e.File.Snippet
+			v.File.Snippet = asPointer(e.File.Snippet)
 		}
 		if e.Job != nil {
 			v.Job = &jsonWorkflowJob{