(gosec) Apply G115 fixes to internal/integration/unified package

Address gosec G115 integer overflow warnings in unified test runner:
- Add SafeConvertNumeric for test parameter conversions
- Use nolint for int32 to uint64 conversions (always safe)
- Add SafeConvertNumeric for event count and option conversions

Author: prestonvasquez

internal/integration/unified/client_entity.go

@@ -20,6 +20,7 @@ import (
 	"go.mongodb.org/mongo-driver/v2/internal/integration/mtest"
 	"go.mongodb.org/mongo-driver/v2/internal/integtest"
 	"go.mongodb.org/mongo-driver/v2/internal/logger"
+	"go.mongodb.org/mongo-driver/v2/internal/mathutil"
 	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/mongo/readconcern"
@@ -91,7 +92,12 @@ func awaitMinimumPoolSize(ctx context.Context, entity *clientEntity, minPoolSize
 		case <-awaitCtx.Done():
 			return fmt.Errorf("timed out waiting for client to reach minPoolSize")
 		case <-ticker.C:
-			if uint64(entity.eventsCount[connectionReadyEvent]) >= minPoolSize {
+			creCount, err := mathutil.SafeConvertNumeric[uint64](int(entity.eventsCount[connectionReadyEvent]))
+			if err != nil {
+				return fmt.Errorf("connectionReadyEvent count %d exceeds maximum uint64 size: %w", entity.eventsCount[connectionReadyEvent], err)
+			}
+
+			if creCount >= minPoolSize {
 				return nil
 			}
 		}
@@ -261,7 +267,7 @@ func (c *clientEntity) disconnect(ctx context.Context) error {
 		return nil
 	}
 
-	if err := c.Client.Disconnect(ctx); err != nil {
+	if err := c.Disconnect(ctx); err != nil {
 		return err
 	}
 
@@ -665,11 +671,26 @@ func setClientOptionsFromURIOptions(clientOpts *options.ClientOptions, uriOpts b
 		case "maxidletimems":
 			clientOpts.SetMaxConnIdleTime(time.Duration(value.(int32)) * time.Millisecond)
 		case "minpoolsize":
-			clientOpts.SetMinPoolSize(uint64(value.(int32)))
+			minPoolSize, err := mathutil.SafeConvertNumeric[uint64](int(value.(int32)))
+			if err != nil {
+				return fmt.Errorf("minPoolSize value %d is out of range: %w", value.(int32), err)
+			}
+
+			clientOpts.SetMinPoolSize(minPoolSize)
 		case "maxpoolsize":
-			clientOpts.SetMaxPoolSize(uint64(value.(int32)))
+			maxPoolSize, err := mathutil.SafeConvertNumeric[uint64](int(value.(int32)))
+			if err != nil {
+				return fmt.Errorf("maxPoolSize value %d is out of range: %w", value.(int32), err)
+			}
+
+			clientOpts.SetMaxPoolSize(maxPoolSize)
 		case "maxconnecting":
-			clientOpts.SetMaxConnecting(uint64(value.(int32)))
+			maxConnecting, err := mathutil.SafeConvertNumeric[uint64](int(value.(int32)))
+			if err != nil {
+				return fmt.Errorf("maxConnecting value %d is out of range: %w", value.(int32), err)
+			}
+
+			clientOpts.SetMaxConnecting(maxConnecting)
 		case "readconcernlevel":
 			clientOpts.SetReadConcern(&readconcern.ReadConcern{Level: value.(string)})
 		case "retryreads":

internal/integration/unified/collection_operation_execution.go

@@ -15,6 +15,7 @@ import (
 
 	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.mongodb.org/mongo-driver/v2/internal/bsonutil"
+	"go.mongodb.org/mongo-driver/v2/internal/mathutil"
 	"go.mongodb.org/mongo-driver/v2/internal/mongoutil"
 	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
@@ -1144,8 +1145,12 @@ func executeInsertMany(ctx context.Context, operation *operation) (*operationRes
 		// We return InsertedIDs as []any but the CRUD spec documents it as a map[int64]any, so
 		// comparisons will fail if we include it in the result document. This is marked as an optional field and is
 		// always surrounded in an $$unsetOrMatches assertion, so we leave it out of the document.
+		insertedCount, err := mathutil.SafeConvertNumeric[int32](len(res.InsertedIDs))
+		if err != nil {
+			return nil, err
+		}
 		raw = bsoncore.NewDocumentBuilder().
-			AppendInt32("insertedCount", int32(len(res.InsertedIDs))).
+			AppendInt32("insertedCount", insertedCount).
 			AppendInt32("deletedCount", 0).
 			AppendInt32("matchedCount", 0).
 			AppendInt32("modifiedCount", 0).

internal/integration/unified/entity.go

@@ -18,15 +18,14 @@ import (
 	"time"
 
 	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/internal/mathutil"
 	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/x/bsonx/bsoncore"
 )
 
-var (
-	// ErrEntityMapOpen is returned when a slice entity is accessed while the EntityMap is open
-	ErrEntityMapOpen = errors.New("slices cannot be accessed while EntityMap is open")
-)
+// ErrEntityMapOpen is returned when a slice entity is accessed while the EntityMap is open
+var ErrEntityMapOpen = errors.New("slices cannot be accessed while EntityMap is open")
 
 var (
 	tlsCAFile                   = os.Getenv("CSFLE_TLS_CA_FILE")
@@ -96,17 +95,23 @@ func (eo *entityOptions) setHeartbeatFrequencyMS(freq time.Duration) {
 	}
 
 	if _, ok := eo.URIOptions["heartbeatFrequencyMS"]; !ok {
+		freqMS, err := mathutil.SafeConvertNumeric[int32](int64(freq.Milliseconds()))
+		if err != nil {
+			panic(fmt.Sprintf("heartbeatFrequencyMS value %d overflows int32", freq.Milliseconds()))
+		}
+
 		// The UST values for heartbeatFrequencyMS are given as int32,
 		// so we need to cast the frequency as int32 before setting it
 		// on the URIOptions map.
-		eo.URIOptions["heartbeatFrequencyMS"] = int32(freq.Milliseconds())
+		eo.URIOptions["heartbeatFrequencyMS"] = freqMS
 	}
 }
 
 // newCollectionEntityOptions constructs an entity options object for a
 // collection.
 func newCollectionEntityOptions(id string, databaseID string, collectionName string,
-	opts *dbOrCollectionOptions) *entityOptions {
+	opts *dbOrCollectionOptions,
+) *entityOptions {
 	options := &entityOptions{
 		ID:                id,
 		DatabaseID:        databaseID,
@@ -598,7 +603,6 @@ func getKmsCredential(kmsDocument bson.Raw, credentialName string, envVar string
 		return "", fmt.Errorf("unable to get environment value for %v. Please set the CSFLE environment variable: %v", credentialName, envVar)
 	}
 	return os.Getenv(envVar), nil
-
 }
 
 func (em *EntityMap) addClientEncryptionEntity(entityOptions *entityOptions) error {

internal/integration/unified/error.go

@@ -13,6 +13,7 @@ import (
 	"strings"
 
 	"go.mongodb.org/mongo-driver/v2/bson"
+	"go.mongodb.org/mongo-driver/v2/internal/mathutil"
 	"go.mongodb.org/mongo-driver/v2/mongo"
 )
 
@@ -199,28 +200,38 @@ func extractErrorDetails(err error) (errorDetails, bool) {
 		details.raw = converted.Raw
 	case mongo.WriteException:
 		if converted.WriteConcernError != nil {
-			details.codes = append(details.codes, int32(converted.WriteConcernError.Code))
+			if code, err := mathutil.SafeConvertNumeric[int32](converted.WriteConcernError.Code); err == nil {
+				details.codes = append(details.codes, code)
+			}
 			details.codeNames = append(details.codeNames, converted.WriteConcernError.Name)
 		}
 		for _, we := range converted.WriteErrors {
-			details.codes = append(details.codes, int32(we.Code))
+			if code, err := mathutil.SafeConvertNumeric[int32](we.Code); err == nil {
+				details.codes = append(details.codes, code)
+			}
 		}
 		details.labels = converted.Labels
 		details.raw = converted.Raw
 	case mongo.BulkWriteException:
 		if converted.WriteConcernError != nil {
-			details.codes = append(details.codes, int32(converted.WriteConcernError.Code))
+			if code, err := mathutil.SafeConvertNumeric[int32](converted.WriteConcernError.Code); err == nil {
+				details.codes = append(details.codes, code)
+			}
 			details.codeNames = append(details.codeNames, converted.WriteConcernError.Name)
 		}
 		for _, we := range converted.WriteErrors {
-			details.codes = append(details.codes, int32(we.Code))
+			if code, err := mathutil.SafeConvertNumeric[int32](we.Code); err == nil {
+				details.codes = append(details.codes, code)
+			}
 			details.raw = we.Raw
 		}
 		details.labels = converted.Labels
 	case mongo.ClientBulkWriteException:
 		if converted.WriteError != nil {
 			details.raw = converted.WriteError.Raw
-			details.codes = append(details.codes, int32(converted.WriteError.Code))
+			if code, err := mathutil.SafeConvertNumeric[int32](converted.WriteError.Code); err == nil {
+				details.codes = append(details.codes, code)
+			}
 		}
 	default:
 		return errorDetails{}, false

internal/integration/unified/event_verification.go

@@ -429,22 +429,22 @@ func stringifyEventsForClient(client *clientEntity) string {
 
 	str.WriteString("\n\nStarted Events\n\n")
 	for _, evt := range client.startedEvents() {
-		str.WriteString(fmt.Sprintf("[%s] %s\n", evt.ConnectionID, evt.Command))
+		fmt.Fprintf(str, "[%s] %s\n", evt.ConnectionID, evt.Command)
 	}
 
 	str.WriteString("\nSucceeded Events\n\n")
 	for _, evt := range client.succeededEvents() {
-		str.WriteString(fmt.Sprintf("[%s] CommandName: %s, Reply: %s\n", evt.ConnectionID, evt.CommandName, evt.Reply))
+		fmt.Fprintf(str, "[%s] CommandName: %s, Reply: %s\n", evt.ConnectionID, evt.CommandName, evt.Reply)
 	}
 
 	str.WriteString("\nFailed Events\n\n")
 	for _, evt := range client.failedEvents() {
-		str.WriteString(fmt.Sprintf("[%s] CommandName: %s, Failure: %s\n", evt.ConnectionID, evt.CommandName, evt.Failure))
+		fmt.Fprintf(str, "[%s] CommandName: %s, Failure: %s\n", evt.ConnectionID, evt.CommandName, evt.Failure)
 	}
 
 	str.WriteString("\nPool Events\n\n")
 	for _, evt := range client.poolEvents() {
-		str.WriteString(fmt.Sprintf("[%s] Event Type: %q\n", evt.Address, evt.Type))
+		fmt.Fprintf(str, "[%s] Event Type: %q\n", evt.Address, evt.Type)
 	}
 
 	return str.String()

internal/integration/unified/testrunner_operation.go

@@ -14,6 +14,7 @@ import (
 
 	"go.mongodb.org/mongo-driver/v2/bson"
 	"go.mongodb.org/mongo-driver/v2/internal/integration/mtest"
+	"go.mongodb.org/mongo-driver/v2/internal/mathutil"
 	"go.mongodb.org/mongo-driver/v2/mongo"
 	"go.mongodb.org/mongo-driver/v2/x/bsonx/bsoncore"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/session"
@@ -205,7 +206,11 @@ func executeTestRunnerOperation(ctx context.Context, op *operation, loopDone <-c
 			return err
 		}
 
-		expected := int32(lookupInteger(args, "connections"))
+		expected, err := mathutil.SafeConvertNumeric[int32](lookupInteger(args, "connections"))
+		if err != nil {
+			return fmt.Errorf("'connections' argument is out of int32 range: %w", err)
+		}
+
 		actual := client.numberConnectionsCheckedOut()
 		if expected != actual {
 			return fmt.Errorf("expected %d connections to be checked out, got %d", expected, actual)