refactor: fix gosec linter warnings

Signed-off-by: Christian Stewart <christian@aperture.us>

Author: paralin

cmd/kvfile/main.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"math"
 	"os"
 
 	"github.com/aperturerobotics/go-kvfile"
@@ -178,6 +179,10 @@ func main() {
 					return kvfile.Write(file, keys, func(wr io.Writer, key []byte) (uint64, error) {
 						val := data[string(key)]
 						n, err := wr.Write([]byte(val))
+						// Check non-negative before conversion
+						if n < 0 {
+							return 0, errors.Wrap(err, "writer returned negative bytes written")
+						}
 						return uint64(n), err
 					})
 				},
@@ -256,6 +261,10 @@ func printAll(reader *kvfile.Reader) error {
 		key := indexEntry.GetKey()
 		printData(key, binKeys)
 
+		// Check for overflow before converting i to int
+		if i > uint64(math.MaxInt) {
+			return errors.Errorf("key index %v overflows int", i)
+		}
 		val, err := reader.GetWithEntry(indexEntry, int(i))
 		if err != nil {
 			return err

compress/compress.go

@@ -6,6 +6,7 @@ import (
 	seekable "github.com/SaveTheRbtz/zstd-seekable-format-go"
 	kvfile "github.com/aperturerobotics/go-kvfile"
 	"github.com/klauspost/compress/zstd"
+	"github.com/pkg/errors"
 )
 
 // UseCompressedWriter builds a compressed writer and closes it after the
@@ -68,6 +69,12 @@ func BuildCompressReader(rd ReadSeekerAt) (*kvfile.Reader, func(), error) {
 		_ = r.Close()
 		return nil, nil, err
 	}
+	// Check non-negative before conversion
+	if size < 0 {
+		dec.Close()
+		_ = r.Close()
+		return nil, nil, errors.Errorf("seek returned negative size: %d", size)
+	}
 	kvReader, err := kvfile.BuildReader(r, uint64(size))
 	if err != nil {
 		dec.Close()

compress/compress_test.go

@@ -2,6 +2,7 @@ package kvfile_compress
 
 import (
 	"bytes"
+	"errors"
 	"io"
 	"testing"
 )
@@ -25,6 +26,10 @@ func TestKvCompress(t *testing.T) {
 		if err != nil {
 			return 0, err
 		}
+		// Check non-negative before conversion
+		if nw < 0 {
+			return 0, errors.New("writer returned negative bytes written")
+		}
 		index++
 		return uint64(nw), nil
 	})

errors.go

@@ -0,0 +1,21 @@
+package kvfile
+
+import "errors"
+
+// Predefined errors for the kvfile package.
+var (
+	// ErrFileSizeTooSmallForIndexCount indicates the file size is too small to contain the index count.
+	ErrFileSizeTooSmallForIndexCount = errors.New("file size too small for index count")
+	// ErrMaxIndexEntrySizeNegative indicates the configured maxIndexEntrySize is negative.
+	ErrMaxIndexEntrySizeNegative = errors.New("maxIndexEntrySize is negative")
+	// ErrBufferCapacityTooSmall indicates an internal buffer had insufficient capacity.
+	ErrBufferCapacityTooSmall = errors.New("buffer capacity less than 10")
+	// ErrNegativeIndexBinarySearch indicates a negative index was calculated during binary search.
+	ErrNegativeIndexBinarySearch = errors.New("negative index calculated in binary search")
+	// ErrNegativeIndexCalculated indicates a negative index was calculated.
+	ErrNegativeIndexCalculated = errors.New("negative index calculated")
+	// ErrEntryValueNotFound indicates the value for a given index entry could not be located.
+	ErrEntryValueNotFound = errors.New("entry value not found")
+	// ErrNegativeIndexScan indicates a negative index was encountered during a scan operation.
+	ErrNegativeIndexScan = errors.New("negative index in scan")
+)