chore: fix new gosec reported issues (#4259)

Fixing new reported `gosec` issues (false-positives).

cli/azd/pkg/input/console.go

@@ -932,13 +932,22 @@ func (c *AskerConsole) Handles() ConsoleHandles {
 }
 
 // consoleWidth the number of columns in the active console window
-func consoleWidth() int {
-	width, _ := consolesize.GetConsoleSize()
-	return width
+func consoleWidth() int32 {
+	widthInt, _ := consolesize.GetConsoleSize()
+
+	// Suppress G115: integer overflow conversion int -> int32 below.
+	// Explanation:
+	// consolesize.GetConsoleSize() returns an int, but the underlying implementation actually is a uint16 on both
+	// Windows and unix systems.
+	//
+	// In practice, console width is the number of columns (text) in the active console window.
+	// We don't ever expect this to be larger than math.MaxInt32, so we can safely cast to int32.
+	// nolint:gosec // G115
+	return int32(widthInt)
 }
 
-func (c *AskerConsole) handleResize(width int) {
-	c.consoleWidth.Store(int32(width))
+func (c *AskerConsole) handleResize(width int32) {
+	c.consoleWidth.Store(width)
 
 	c.spinnerLineMu.Lock()
 	if c.spinner.Status() == yacspin.SpinnerRunning {
@@ -1052,7 +1061,7 @@ func NewConsole(
 	c.spinner, _ = yacspin.New(spinnerConfig)
 	c.spinnerTerminalMode = spinnerConfig.TerminalMode
 	if isTerminal {
-		c.consoleWidth = atomic.NewInt32(int32(consoleWidth()))
+		c.consoleWidth = atomic.NewInt32(consoleWidth())
 		watchTerminalResize(c)
 		watchTerminalInterrupt(c)
 	}

cli/azd/pkg/ioc/container.go

@@ -9,7 +9,6 @@ import (
 	"fmt"
 	"reflect"
 	"regexp"
-	"unsafe"
 
 	"github.com/golobby/container/v3"
 )
@@ -90,11 +89,11 @@ func NewRegistrationsOnly(from *NestedContainer) *NestedContainer {
 }
 
 func getUnexportedField(field reflect.Value) interface{} {
-	return reflect.NewAt(field.Type(), unsafe.Pointer(field.UnsafeAddr())).Elem().Interface()
+	return reflect.NewAt(field.Type(), field.Addr().UnsafePointer()).Elem().Interface()
 }
 
 func setUnexportedField(field reflect.Value, value interface{}) {
-	reflect.NewAt(field.Type(), unsafe.Pointer(field.UnsafeAddr())).
+	reflect.NewAt(field.Type(), field.Addr().UnsafePointer()).
 		Elem().
 		Set(reflect.ValueOf(value))
 }

cli/azd/pkg/output/ux/list_as_text.go

@@ -17,14 +17,15 @@ import (
 func ListAsText(items []string) string {
 	count := len(items)
 	if count < 1 {
-		log.Panic("calling itemsCountAsText() with empty list.")
+		log.Panic("calling ListAsText() with empty list.")
 	}
 
 	if count == 1 {
 		return items[0]
 	}
 
 	if count == 2 {
+		//nolint:gosec // G602: slice index out of range - false positive, we know the slice has at least 2 elements
 		return fmt.Sprintf("%s and %s", items[0], items[1])
 	}
 

cli/azd/pkg/tools/github/github.go

@@ -517,7 +517,7 @@ func extractFromTar(src, dst string) (string, error) {
 		// cspell: disable-next-line `Typeflag` is comming fron *tar.Header
 		if fileHeader.Typeflag == tar.TypeReg && fileName == "gh" {
 			filePath := filepath.Join(dst, fileName)
-			ghCliFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(fileHeader.Mode))
+			ghCliFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fileHeader.FileInfo().Mode())
 			if err != nil {
 				return extractedAt, err
 			}

cli/azd/pkg/tools/pack/pack.go

@@ -322,7 +322,7 @@ func extractFromTar(
 		// cspell: disable-next-line `Typeflag` is comming fron *tar.Header
 		if fileHeader.Typeflag == tar.TypeReg && fileName == "pack" {
 			filePath := filepath.Join(out, fileName)
-			packCliFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(fileHeader.Mode))
+			packCliFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, fileHeader.FileInfo().Mode())
 			if err != nil {
 				return extractedAt, err
 			}