rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive #56

odeke-em · 2022-10-13T23:11:03Z

This code flags overflows

package inttests

func it() {
        _  = uint64(uint32(0))
        _  = uint(uint32(0))
        _  = uint(uint16(0))
        _  = uint(uint8(0))
}

sadly per

$ gosec ./...
[/inttests/it.go:7] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    6:         _  = uint(uint16(0))
  > 7:         _  = uint(uint8(0))
    8: }

[/inttests/it.go:6] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    5:         _  = uint(uint32(0))
  > 6:         _  = uint(uint16(0))
    7:         _  = uint(uint8(0))

[/inttests/it.go:5] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    4:         _  = uint64(uint32(0))
  > 5:         _  = uint(uint32(0))
    6:         _  = uint(uint16(0))

[/inttests/it.go:4] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    3: func it() {
  > 4:         _  = uint64(uint32(0))
    5:         _  = uint(uint32(0))

Summary:
   Files: 1
   Lines: 8
   Nosec: 0
  Issues: 4

but it really shouldn't report that as an overflow because for every uint* values that's smaller in range , the bits can fit in e..g

max(uint8) < max(uint16) < max(uint32) < max(uint64)

odeke-em · 2022-10-13T23:54:53Z

The same thing happens for int to int conversions

…onversions Retrieve the underlying types to perform smarter conversions. More importantly, this change intelligently flags overflowing conversions for homogenous signedness aka: * int* -> int* * uint* -> uint* whereby for each same signedness, just check widths where: + 64-bit machines: uint64 == uint > uint32 > uint16 > uint8 int64 == int > int32 > int16 > int8 + 32-bit machines: uint64 > uint == uint32 > uint16 > uint8 int64 > int == int32 > int16 > int8 and this change only flags the offending non-fitting conversions. For an exhibit, this code ```go package inttests type in = int type uin = uint func it() { _ = uint64(uint32(0)) _ = uint(uint32(0)) _ = uint(uint16(0)) _ = uint(uint8(0)) _ = uint(uint64(0)) _ = uint32(uint64(0)) _ = uint16(uint64(0)) _ = uint8(uint64(0)) _ = uint8(uint(0)) _ = uint8(uint32(0)) _ = uint8(uint64(0)) _ = int(uint(0)) _ = in(uint(0)) _ = uin(uint(0)) _ = uin(uint32(0)) } ``` * Previously: + Could not catch the aliased int with overflowing potential from uint + Falsely flagged all the rest as overflowing so 12 issues * Currently: + Catches the aliased int with overflowing potential from uint + Only flags the actually overflowing conversions so only 8 issues Fixes #56 Fixes #57

odeke-em added the bug Something isn't working label Oct 13, 2022

odeke-em self-assigned this Oct 13, 2022

odeke-em mentioned this issue Oct 14, 2022

rules/sdk: intelligently flag overflowing uint*->uint* + int*->int* conversions #58

Merged

odeke-em closed this as completed in 9592313 Oct 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive #56

rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive #56

odeke-em commented Oct 13, 2022

odeke-em commented Oct 13, 2022

rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive #56

rules/sdk: a conversion of a smaller uint type to a larger uint type MUST NEVER report an overflow/false positive #56

Comments

odeke-em commented Oct 13, 2022

odeke-em commented Oct 13, 2022