chore(nodeadm): address gosec detections

awslabs · Oct 4, 2024 · cb7f891 · cb7f891
1 parent 9c6b810
commit cb7f891
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 15 deletions.
diff --git a/nodeadm/internal/kubelet/config.go b/nodeadm/internal/kubelet/config.go
@@ -262,11 +262,11 @@ func (ksc *kubeletConfig) withCloudProvider(kubeletVersion string, cfg *api.Node
 func (ksc *kubeletConfig) withDefaultReservedResources(cfg *api.NodeConfig) {
 	ksc.SystemReservedCgroup = ptr.String("/system")
 	ksc.KubeReservedCgroup = ptr.String("/runtime")
-	maxPods, ok := MaxPodsPerInstanceType[cfg.Status.Instance.Type]
-	if !ok {
-		ksc.MaxPods = CalcMaxPods(cfg.Status.Instance.Region, cfg.Status.Instance.Type)
-	} else {
+	if maxPods, ok := MaxPodsPerInstanceType[cfg.Status.Instance.Type]; ok {
+		// #nosec G115 // known source from ec2 apis within int32 range
 		ksc.MaxPods = int32(maxPods)
+	} else {
+		ksc.MaxPods = CalcMaxPods(cfg.Status.Instance.Region, cfg.Status.Instance.Type)
 	}
 	ksc.KubeReserved = map[string]string{
 		"cpu":               fmt.Sprintf("%dm", getCPUMillicoresToReserve()),

diff --git a/nodeadm/internal/system/resources.go b/nodeadm/internal/system/resources.go
@@ -27,9 +27,9 @@ const (
 )
 
 type core struct {
-	Id       int   `json:"core_id"`
-	Threads  []int `json:"thread_ids"`
-	SocketID int   `json:"socket_id"`
+	Id       int      `json:"core_id"`
+	Threads  []uint64 `json:"thread_ids"`
+	SocketID int      `json:"socket_id"`
 }
 
 func init() {
@@ -168,7 +168,7 @@ func getCoresInfo(cpuDirs []string) ([]core, error) {
 		desiredCore.SocketID = physicalPackageID
 
 		if len(desiredCore.Threads) == 0 {
-			desiredCore.Threads = []int{cpuID}
+			desiredCore.Threads = []uint64{cpuID}
 		} else {
 			desiredCore.Threads = append(desiredCore.Threads, cpuID)
 		}
@@ -177,12 +177,12 @@ func getCoresInfo(cpuDirs []string) ([]core, error) {
 	return cores, nil
 }
 
-func getCPUID(str string) (int, error) {
+func getCPUID(str string) (uint64, error) {
 	matches := cpuDirRegExp.FindStringSubmatch(str)
 	if len(matches) != 2 {
 		return 0, fmt.Errorf("failed to match regexp, str: %s", str)
 	}
-	valInt, err := strconv.Atoi(matches[1])
+	valInt, err := strconv.ParseUint(matches[1], 10, 16)
 	if err != nil {
 		return 0, err
 	}
@@ -199,7 +199,7 @@ func getCoreID(cpuPath string) (string, error) {
 	return strings.TrimSpace(string(coreID)), err
 }
 
-func IsCPUOnline(cpuID int) bool {
+func IsCPUOnline(cpuID uint64) bool {
 	cpuOnlinePath, err := filepath.Abs(cpusPath + "/online")
 	if err != nil {
 		zap.L().Info("Unable to get absolute path", zap.String("absolutPath", cpusPath+"/online"))
@@ -217,15 +217,15 @@ func IsCPUOnline(cpuID int) bool {
 			zap.Error(err))
 	}
 
-	isOnline, err := isCpuOnline(cpuOnlinePath, uint16(cpuID))
+	isOnline, err := isCpuOnline(cpuOnlinePath, cpuID)
 	if err != nil {
 		zap.L().Error("Unable to get online CPUs list", zap.Error(err))
 		return false
 	}
 	return isOnline
 }
 
-func isCpuOnline(path string, cpuID uint16) (bool, error) {
+func isCpuOnline(path string, cpuID uint64) (bool, error) {
 	// #nosec G304 // This path is cpuOnlinePath from isCPUOnline
 	fileContent, err := os.ReadFile(path)
 	if err != nil {
@@ -254,15 +254,15 @@ func isCpuOnline(path string, cpuID uint16) (bool, error) {
 				return false, fmt.Errorf("invalid values in %s", path)
 			}
 			// Return true, if the CPU under consideration is in the range of online CPUs.
-			if cpuID >= uint16(min) && cpuID <= uint16(max) {
+			if cpuID >= min && cpuID <= max {
 				return true, nil
 			}
 		case 1:
 			value, err := strconv.ParseUint(s, 10, 16)
 			if err != nil {
 				return false, err
 			}
-			if uint16(value) == cpuID {
+			if value == cpuID {
 				return true, nil
 			}
 		}