From 0e2bc65758380b5a58b6691f544030804189e0c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=C3=B3rio=20G=2E?= <geyslan@gmail.com>
Date: Wed, 22 Jan 2025 11:00:17 -0300
Subject: [PATCH] fix(filters): int conversion without check (#4482)

This silences some CodeQL "Incorrect conversion between integer types"
warnings.
---
 pkg/filters/binary.go |  7 +++++++
 pkg/filters/data.go   | 30 ++++++++++++++++++++----------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/pkg/filters/binary.go b/pkg/filters/binary.go
index 79ac768052f5..e048bf54d4e5 100644
--- a/pkg/filters/binary.go
+++ b/pkg/filters/binary.go
@@ -1,6 +1,7 @@
 package filters
 
 import (
+	"math"
 	"strconv"
 	"strings"
 
@@ -33,6 +34,9 @@ func getHostMntNS() (uint32, error) {
 	if err != nil {
 		return 0, errfmt.WrapError(err)
 	}
+	if ns < 0 || ns > math.MaxUint32 {
+		return 0, errfmt.Errorf("invalid mnt namespace %d", ns)
+	}
 
 	return uint32(ns), nil
 }
@@ -84,6 +88,9 @@ func (f *BinaryFilter) Parse(operatorAndValues string) error {
 				if err != nil {
 					return InvalidValue(val)
 				}
+				if mntNS < 0 || mntNS > math.MaxUint32 {
+					return InvalidValue(val)
+				}
 				bin.MntNS = uint32(mntNS)
 			}
 		} else {
diff --git a/pkg/filters/data.go b/pkg/filters/data.go
index ea4f0e335ff9..a347d33a8939 100644
--- a/pkg/filters/data.go
+++ b/pkg/filters/data.go
@@ -2,6 +2,7 @@ package filters
 
 import (
 	"fmt"
+	"math"
 	"strconv"
 	"strings"
 
@@ -177,22 +178,31 @@ func (f *DataFilter) Parse(id events.ID, fieldName string, operatorAndValues str
 			events.StackPivot:
 			if fieldName == "syscall" { // handle either syscall name or syscall id
 				_, err := strconv.Atoi(val)
-				if err != nil {
-					// if val is a syscall name, then we need to convert it to a syscall id
-					syscallID, ok := events.Core.GetDefinitionIDByName(val)
-					if !ok {
-						return val, errfmt.Errorf("invalid syscall name: %s", val)
-					}
-					val = strconv.Itoa(int(syscallID))
+				if err == nil {
+					return val, nil // val might already be a syscall id
 				}
+
+				// val might be a syscall name, then we need to convert it to a syscall id
+				syscallID, ok := events.Core.GetDefinitionIDByName(val)
+				if !ok {
+					return val, errfmt.Errorf("invalid syscall name: %s", val)
+				}
+				val = strconv.Itoa(int(syscallID))
 			}
+
 		case events.HookedSyscall:
 			if fieldName == "syscall" { // handle either syscall name or syscall id
 				dataEventID, err := strconv.Atoi(val)
-				if err == nil {
-					// if val is a syscall id, then we need to convert it to a syscall name
-					val = events.Core.GetDefinitionByID(events.ID(dataEventID)).GetName()
+				// check if dataEventID is a syscall id
+				if err != nil {
+					return val, nil // val might already be a syscall name
 				}
+				if dataEventID < 0 || dataEventID > math.MaxInt32 {
+					return val, errfmt.Errorf("invalid syscall id: %s", val)
+				}
+
+				// val might be a syscall id, then we need to convert it to a syscall name
+				val = events.Core.GetDefinitionByID(events.ID(dataEventID)).GetName()
 			}
 		}