security: fix CodeQL warnings for integer overflow and workflow permissions

- handlers_tower.go: add bounds checks before int-to-int16 and int-to-uint16 conversions to prevent overflow/wraparound (CodeQL #7, #8) - go-improved.yml, go.yml: add top-level `permissions: contents: read` to restrict workflow token scope (CodeQL #15, #16, #17)
2026-03-22 07:32:32 +01:00 · 2026-02-16 19:14:14 +01:00
parent 5e0d578670
commit b1c8b2848f
3 changed files with 15 additions and 1 deletions
--- a/.github/workflows/go-improved.yml
+++ b/.github/workflows/go-improved.yml
@@ -20,6 +20,9 @@ on:
      - main
      - develop

+permissions:
+  contents: read
+
 jobs:
  test:
    name: Test
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -12,6 +12,9 @@ on:
      - 'main.go'
      - '.github/workflows/go.yml'

+permissions:
+  contents: read
+
 jobs:
  build:
    runs-on: ubuntu-latest