Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rules/sdk: G701 IntegerCast invalid warnings casting int to int64 #14

Open
odeke-em opened this issue Nov 24, 2021 · 0 comments
Open

rules/sdk: G701 IntegerCast invalid warnings casting int to int64 #14

odeke-em opened this issue Nov 24, 2021 · 0 comments
Assignees
@ebuchman @odeke-em
Labels
bug Something isn't working

Comments

@odeke-em
Copy link
Collaborator

I've just seen this report for G701 for code already in the rules themselbves

[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:39] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    38: 		issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
  > 39: 		", Severity: " + strconv.Itoa(int(issue.Severity)) +
    40: 		", CWE: " + issue.Cwe.ID + ")\n" + "> " + htmlLib.EscapeString(issue.Code)



[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:38] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    37: 		"[" + issue.File + ":" + issue.Line + "] - " +
  > 38: 		issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
    39: 		", Severity: " + strconv.Itoa(int(issue.Severity)) +



[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:77] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    76: 	if err != nil {
  > 77: 		return int64(len(data)), err
    78: 	}



[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:69] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    68: 	c.convertGlobals()
  > 69: 	return int64(len(data)), nil
    70: }



[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:66] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    65: 	if err = json.Unmarshal(data, &c); err != nil {
  > 66: 		return int64(len(data)), err
    67: 	}



[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:63] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
    62: 	if err != nil {
  > 63: 		return int64(len(data)), err
    64: 	}

notice the int64 cast from int. There isn't a way that a positive int(32, 64) can overflow when turned into an int64. As long as both are signed and the resultant is larger or equal to the source. Same for negative int(32, 64), no way that casting to an int64 can turn into anything else.
@odeke-em odeke-em added the bug Something isn't working label Nov 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ebuchman ebuchman

@odeke-em odeke-em

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ebuchman @odeke-em