From 13624247d3e905f0d660448de236629d512049c1 Mon Sep 17 00:00:00 2001
From: BSdrop <bsdrop@tuta.io>
Date: Thu, 14 May 2026 13:07:23 +0000
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 5: Size
 computation for allocation may overflow

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 internal/scraper/modified.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/internal/scraper/modified.go b/internal/scraper/modified.go
index 9f52f4d..a4cfe40 100644
--- a/internal/scraper/modified.go
+++ b/internal/scraper/modified.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"math"
 	"os"
 	"path/filepath"
 	"sort"
@@ -55,8 +56,15 @@ func buildModifiedEvents(path string, newData []byte, kind, scopeKind string, sc
 	}
 	oldMap := mapRawByID(oldPage.Results)
 
-	ids := make([]int64, 0, len(oldMap)+len(newMap))
-	seen := make(map[int64]struct{}, len(oldMap)+len(newMap))
+	oldLen := len(oldMap)
+	newLen := len(newMap)
+	if oldLen > math.MaxInt-newLen {
+		return nil, fmt.Errorf("too many tracked items to build modified events")
+	}
+	combinedLen := oldLen + newLen
+
+	ids := make([]int64, 0, combinedLen)
+	seen := make(map[int64]struct{}, combinedLen)
 	for id := range oldMap {
 		seen[id] = struct{}{}
 		ids = append(ids, id)

From d35c4067047be52086b3b82e5e61a6deaabaab6f Mon Sep 17 00:00:00 2001
From: BSdrop <bsdrop@tuta.io>
Date: Thu, 14 May 2026 13:10:13 +0000
Subject: [PATCH 2/2] Potential fix for pull request finding 'CodeQL / Size
 computation for allocation may overflow'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 internal/scraper/modified.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/scraper/modified.go b/internal/scraper/modified.go
index a4cfe40..3a0e447 100644
--- a/internal/scraper/modified.go
+++ b/internal/scraper/modified.go
@@ -56,12 +56,20 @@ func buildModifiedEvents(path string, newData []byte, kind, scopeKind string, sc
 	}
 	oldMap := mapRawByID(oldPage.Results)
 
+	const maxTrackedItems = 1_000_000
+
 	oldLen := len(oldMap)
 	newLen := len(newMap)
+	if oldLen > maxTrackedItems || newLen > maxTrackedItems {
+		return nil, fmt.Errorf("too many tracked items to build modified events")
+	}
 	if oldLen > math.MaxInt-newLen {
 		return nil, fmt.Errorf("too many tracked items to build modified events")
 	}
 	combinedLen := oldLen + newLen
+	if combinedLen > maxTrackedItems {
+		return nil, fmt.Errorf("too many tracked items to build modified events")
+	}
 
 	ids := make([]int64, 0, combinedLen)
 	seen := make(map[int64]struct{}, combinedLen)