Potential fix for code scanning alert no. 25: Impossible interface nil check #374
Conversation
…l check Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
|
@copilot fix the syntax error |
Co-authored-by: NLstn <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR addresses a code scanning alert about an "impossible interface nil check" by refactoring how entity processing results are handled in the addNavigationLinks function. The original issue arose from wrapping a non-nil concrete type (map[string]interface{}) into an interface{} variable, which made the subsequent nil check always evaluate to true.
Key changes:
- Replaced a shared
interface{}variable with scoped concrete-type variables for each processing path - Added explicit nil checks for both
processMapEntityandprocessStructEntityOrderedreturn values - Entities that fail processing now leave
nilentries in the result array rather than being skipped
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Potential fix for https://github.com/NLstn/go-odata/security/code-scanning/25
In general, the problem is caused by wrapping a non-interface value (here, a
map[string]interface{}) into aninterface{}and then comparing that interface tonil. BecauseprocessMapEntityis declared to returnmap[string]interface{}, assigning its result directly to a variable of typeinterface{}ensures the resulting interface value is nevernil, makingif entityMap != nilalways true. To fix this, keep values in their concrete types as much as possible, and avoid unnecessary interface wrapping when your logic depends on distinguishing nil/non-nil.The best targeted fix here is to (1) change
addNavigationLinksso that it uses the same concrete type asprocessMapEntity—map[string]interface{}—for the processed entity, and (2) remove the impossible nil check. Specifically:entityMapinaddNavigationLinksfrominterface{}tomap[string]interface{}.processMapEntityalready match that type.processStructEntityOrderedcall, perform an explicit type assertion tomap[string]interface{}(which is what it presumably returns or is convertible to), and handle the “not ok” case by skipping the assignment.if entityMap != nilwrapper and instead unconditionally assign toresult[i]when the type assertion succeeds.These changes are confined to
internal/response/navigation_links.goand don’t require new imports or behavior changes; they only tighten the typing and make the control flow explicit.Suggested fixes powered by Copilot Autofix. Review carefully before merging.