Re: [PR] [SYNCOPE-1799] Spring Data JPA drives the persistence layer [syncope]

Fri, 19 Jan 2024 05:25:40 -0800 


github-advanced-security[bot] commented on code in PR #594:
URL: https://github.com/apache/syncope/pull/594#discussion_r1459001897


##########
core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/CommandLogic.java:
##########
@@ -61,14 +61,14 @@
 
     @PreAuthorize("hasRole('" + IdRepoEntitlement.IMPLEMENTATION_LIST + "')")
     @Transactional(readOnly = true)
-    public Pair<Integer, List<CommandTO>> search(final int page, final int 
size, final String keyword) {
+    public Page<CommandTO> search(final String keyword, final Pageable 
pageable) {
         List<Implementation> result = 
implementationDAO.findByTypeAndKeyword(IdRepoImplementationType.COMMAND, 
keyword);
 
-        int count = result.size();
+        long count = result.size();
 
         List<CommandTO> commands = result.stream().
-                skip((page - 1) * size).
-                limit(size).
+                skip(pageable.getPageSize() * pageable.getPageNumber()).

Review Comment:
   ## Result of multiplication cast to wider type
   
   Potential overflow in [int multiplication](1) before it is converted to long 
by use in an invocation context.
   
   [Show more 
details](https://github.com/apache/syncope/security/code-scanning/1460)



##########
core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/MfaTrusStorageLogic.java:
##########
@@ -105,11 +100,11 @@
                     return builder.build();
                 }).
                 filter(Objects::nonNull).
-                collect(Collectors.toList());
+                toList();
 
         List<MfaTrustedDevice> result = devices.stream().
-                limit(itemsPerPage).
-                skip(itemsPerPage * (page <= 0 ? 0L : page.longValue() - 1L)).
+                limit(pageable.getPageSize()).
+                skip(pageable.getPageSize() * pageable.getPageNumber()).

Review Comment:
   ## Result of multiplication cast to wider type
   
   Potential overflow in [int multiplication](1) before it is converted to long 
by use in an invocation context.
   
   [Show more 
details](https://github.com/apache/syncope/security/code-scanning/1459)



##########
core/idm/logic/src/main/java/org/apache/syncope/core/logic/ReconciliationLogic.java:
##########
@@ -620,16 +616,17 @@
         if (spec.getIgnorePaging()) {
             matching = new ArrayList<>();
 
-            int count = anySearchDAO.count(base, true, adminRealms, 
effectiveCond, anyType.getKind());
-            int pages = (count / AnyDAO.DEFAULT_PAGE_SIZE) + 1;
+            long count = anySearchDAO.count(base, true, adminRealms, 
effectiveCond, anyType.getKind());
+            long pages = (count / AnyDAO.DEFAULT_PAGE_SIZE) + 1;
 
-            for (int p = 1; p <= pages; p++) {
-                matching.addAll(anySearchDAO.search(base, true, adminRealms, 
effectiveCond,
-                        p, AnyDAO.DEFAULT_PAGE_SIZE, orderBy, 
anyType.getKind()));
+            for (int page = 0; page < pages; page++) {

Review Comment:
   ## Comparison of narrow type with wide type in loop condition
   
   Comparison between [expression](1) of type int and [expression](2) of wider 
type long.
   
   [Show more 
details](https://github.com/apache/syncope/security/code-scanning/1461)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to