Skip to content

Commit

Permalink
doc: add a README to explain the project
Browse files Browse the repository at this point in the history
  • Loading branch information
ccoVeille committed Sep 6, 2024
1 parent b2232a1 commit 644df29
Showing 1 changed file with 73 additions and 0 deletions.
73 changes: 73 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# Go SafeCast

## Origin of this project

In Go, integer type conversion can lead to unexpected behavior and errors if not handled carefully.

Issues can happen when converting between signed and unsigned integers, or when converting to a smaller integer type.

The gosec project raised this to my attention when the gosec [G115 rule was added](https://github.com/securego/gosec/pull/1149)

> G115: Potential integer overflow when converting between integer types
This issue was way more complex than expected, and required multiple fixes.

## Example

This code seems OK

```go
package main

import (
"fmt"
)

func main() {
var a uint64
a = 42
b := int32(a)
fmt.Println(b) // 42
}
```

But the conversion to int32 will behave differently depending on the value

```go
package main

import (
"fmt"
)

func main() {
var a uint64
a = 2147483647
b := int32(a)
fmt.Println(b) // 2147483647

a = 2147483647 + 1
b = int32(a)
fmt.Println(b) // -2147483648 Stack overflow

c := -1
d := uint32(c)
fmt.Println(d) // 4294967295
}
```

GoPlay: [https://go.dev/play/p/9PRWI7e0x1T](https://go.dev/play/p/9PRWI7e0x1T)

## Motivation

The gosec G115 will now report issues in a lot of project.

Some libraries existed (See [alternatives](#alternatives) section), but they were not able to cover all the use cases.

## Alternatives

- [github.com/rung/go-safecast](https://github.com/rung/go-safecast):
Unmaintained, not architecture agnostic, do not support uint -> int conversion

- [github.com/cybergarage/go-safecast](https://github.com/cybergarage/go-safecast)
Work with pointer like json.Marshall

0 comments on commit 644df29

Please sign in to comment.