github-advanced-security[bot] commented on code in PR #594: URL: https://github.com/apache/syncope/pull/594#discussion_r1459001897
########## core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/CommandLogic.java: ########## @@ -61,14 +61,14 @@ @PreAuthorize("hasRole('" + IdRepoEntitlement.IMPLEMENTATION_LIST + "')") @Transactional(readOnly = true) - public Pair<Integer, List<CommandTO>> search(final int page, final int size, final String keyword) { + public Page<CommandTO> search(final String keyword, final Pageable pageable) { List<Implementation> result = implementationDAO.findByTypeAndKeyword(IdRepoImplementationType.COMMAND, keyword); - int count = result.size(); + long count = result.size(); List<CommandTO> commands = result.stream(). - skip((page - 1) * size). - limit(size). + skip(pageable.getPageSize() * pageable.getPageNumber()). Review Comment: ## Result of multiplication cast to wider type Potential overflow in [int multiplication](1) before it is converted to long by use in an invocation context. [Show more details](https://github.com/apache/syncope/security/code-scanning/1460) ########## core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/MfaTrusStorageLogic.java: ########## @@ -105,11 +100,11 @@ return builder.build(); }). filter(Objects::nonNull). - collect(Collectors.toList()); + toList(); List<MfaTrustedDevice> result = devices.stream(). - limit(itemsPerPage). - skip(itemsPerPage * (page <= 0 ? 0L : page.longValue() - 1L)). + limit(pageable.getPageSize()). + skip(pageable.getPageSize() * pageable.getPageNumber()). Review Comment: ## Result of multiplication cast to wider type Potential overflow in [int multiplication](1) before it is converted to long by use in an invocation context. [Show more details](https://github.com/apache/syncope/security/code-scanning/1459) ########## core/idm/logic/src/main/java/org/apache/syncope/core/logic/ReconciliationLogic.java: ########## @@ -620,16 +616,17 @@ if (spec.getIgnorePaging()) { matching = new ArrayList<>(); - int count = anySearchDAO.count(base, true, adminRealms, effectiveCond, anyType.getKind()); - int pages = (count / AnyDAO.DEFAULT_PAGE_SIZE) + 1; + long count = anySearchDAO.count(base, true, adminRealms, effectiveCond, anyType.getKind()); + long pages = (count / AnyDAO.DEFAULT_PAGE_SIZE) + 1; - for (int p = 1; p <= pages; p++) { - matching.addAll(anySearchDAO.search(base, true, adminRealms, effectiveCond, - p, AnyDAO.DEFAULT_PAGE_SIZE, orderBy, anyType.getKind())); + for (int page = 0; page < pages; page++) { Review Comment: ## Comparison of narrow type with wide type in loop condition Comparison between [expression](1) of type int and [expression](2) of wider type long. [Show more details](https://github.com/apache/syncope/security/code-scanning/1461) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org