fix more

Author: wxiaoguang

cmd/admin_user_create.go

@@ -151,6 +151,7 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 		if err != nil {
 			return err
 		}
+		// codeql[disable-next-line=go/clear-text-logging]
 		fmt.Printf("generated random password is '%s'\n", password)
 	} else if userType == user_model.UserTypeIndividual {
 		return errors.New("must set either password or random-password flag")

cmd/admin_user_must_change_password.go

@@ -58,6 +58,7 @@ func runMustChangePassword(ctx context.Context, c *cli.Command) error {
 		return err
 	}
 
+	// codeql[disable-next-line=go/clear-text-logging]
 	fmt.Printf("Updated %d users setting MustChangePassword to %t\n", n, mustChangePassword)
 	return nil
 }

cmd/generate.go

@@ -91,6 +91,7 @@ func runGenerateSecretKey(_ context.Context, c *cli.Command) error {
 		return err
 	}
 
+	// codeql[disable-next-line=go/clear-text-logging]
 	fmt.Printf("%s", secretKey)
 
 	if isatty.IsTerminal(os.Stdout.Fd()) {

cmd/hook.go

@@ -186,7 +186,7 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
-	actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64)
+	actionPerm, _ := strconv.Atoi(os.Getenv(repo_module.EnvActionPerm))
 
 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -196,7 +196,7 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
-		ActionPerm:                      int(actionPerm),
+		ActionPerm:                      actionPerm,
 	}
 
 	scanner := bufio.NewScanner(os.Stdin)

modules/auth/password/pwn/pwn.go

@@ -72,7 +72,7 @@ func newRequest(ctx context.Context, method, url string, body io.ReadCloser) (*h
 // Adding padding will make requests more secure, however is also slower
 // because artificial responses will be added to the response
 // For more information, see https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/
-func (c *Client) CheckPassword(pw string, padding bool) (int, error) {
+func (c *Client) CheckPassword(pw string, padding bool) (int64, error) {
 	if pw == "" {
 		return -1, ErrEmptyPassword
 	}
@@ -111,7 +111,7 @@ func (c *Client) CheckPassword(pw string, padding bool) (int, error) {
 			if err != nil {
 				return -1, err
 			}
-			return int(count), nil
+			return count, nil
 		}
 	}
 	return 0, nil

modules/auth/password/pwn/pwn_test.go

@@ -37,25 +37,25 @@ func TestPassword(t *testing.T) {
 
 	count, err := client.CheckPassword("", false)
 	assert.ErrorIs(t, err, ErrEmptyPassword, "blank input should return ErrEmptyPassword")
-	assert.Equal(t, -1, count)
+	assert.EqualValues(t, -1, count)
 
 	count, err = client.CheckPassword("pwned", false)
 	assert.NoError(t, err)
-	assert.Equal(t, 1, count)
+	assert.EqualValues(t, 1, count)
 
 	count, err = client.CheckPassword("notpwned", false)
 	assert.NoError(t, err)
-	assert.Equal(t, 0, count)
+	assert.EqualValues(t, 0, count)
 
 	count, err = client.CheckPassword("paddedpwned", true)
 	assert.NoError(t, err)
-	assert.Equal(t, 1, count)
+	assert.EqualValues(t, 1, count)
 
 	count, err = client.CheckPassword("paddednotpwned", true)
 	assert.NoError(t, err)
-	assert.Equal(t, 0, count)
+	assert.EqualValues(t, 0, count)
 
 	count, err = client.CheckPassword("paddednotpwnedzero", true)
 	assert.NoError(t, err)
-	assert.Equal(t, 0, count)
+	assert.EqualValues(t, 0, count)
 }

modules/log/logger_global.go

@@ -18,6 +18,7 @@ func GetLevel() Level {
 }
 
 func Log(skip int, level Level, format string, v ...any) {
+	// codeql[disable-next-line=go/clear-text-logging]
 	GetLogger(DEFAULT).Log(skip+1, &Event{Level: level}, format, v...)
 }
 

modules/log/misc.go

@@ -20,6 +20,7 @@ func BaseLoggerToGeneralLogger(b BaseLogger) Logger {
 var _ Logger = (*baseToLogger)(nil)
 
 func (s *baseToLogger) Log(skip int, event *Event, format string, v ...any) {
+	// codeql[disable-next-line=go/clear-text-logging]
 	s.base.Log(skip+1, event, format, v...)
 }
 

modules/translation/i18n/i18n_test.go

@@ -62,6 +62,9 @@ sub = Changed Sub String
 	found := lang1.HasKey("no-such")
 	assert.False(t, found)
 	assert.NoError(t, ls.Close())
+
+	res := lang1.TrHTML("<no-such>")
+	assert.Equal(t, "&lt;no-such&gt;", string(res))
 }
 
 func TestLocaleStoreMoreSource(t *testing.T) {

modules/translation/i18n/localestore.go

@@ -6,6 +6,7 @@ package i18n
 import (
 	"errors"
 	"fmt"
+	"html"
 	"html/template"
 	"slices"
 
@@ -109,8 +110,7 @@ func (store *localeStore) Close() error {
 }
 
 func (l *locale) TrString(trKey string, trArgs ...any) string {
-	format := trKey
-
+	var format string
 	idx, ok := l.store.trKeyToIdxMap[trKey]
 	if ok {
 		if msg, ok := l.idxToMsgMap[idx]; ok {
@@ -122,7 +122,9 @@ func (l *locale) TrString(trKey string, trArgs ...any) string {
 			}
 		}
 	}
-
+	if format == "" {
+		format = html.EscapeString(trKey)
+	}
 	msg, err := Format(format, trArgs...)
 	if err != nil {
 		log.Error("Error whilst formatting %q in %s: %v", trKey, l.langName, err)