Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add detection of overflow during integer conversion #1130

Closed
findmyhappy opened this issue Apr 25, 2024 · 1 comment · Fixed by #1149
Closed

Add detection of overflow during integer conversion #1130

findmyhappy opened this issue Apr 25, 2024 · 1 comment · Fixed by #1149
Labels
help wanted rule

Comments

@findmyhappy
Copy link

Summary

G109 provides detection of overflow during strconv.Atoi, but there seems to be no good way to detect the more common conversions between integers, such as uint32 to int32.

Steps to reproduce the behavior

gosec version

Go version (output of 'go version')

Operating system / Environment

Expected behavior

Actual behavior
@ccojocar ccojocar changed the title Hope to add detection of overflow during integer conversion Add detection of overflow during integer conversion May 2, 2024
@ccojocar
Copy link
Member

ccojocar commented May 2, 2024

This is a good addition. I was also thinking about a rule to detect this conversions which can lead to overflows.

@ccojocar ccojocar added rule and removed enhancement labels May 25, 2024
@ccojocar ccojocar mentioned this issue May 27, 2024
Merged
@FairlySadPanda FairlySadPanda mentioned this issue Aug 21, 2024
Closed
adamdecaf added a commit to moov-io/infra that referenced this issue Aug 21, 2024
@adamdecaf
go/lint: hold golangci-lint to v1.60.1
5138aa2 
Until gosec fixes their buggy release we need to hold off on sending
false positives to folks.

See: securego/gosec#1130
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted rule
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a new rule to detect integer overflow when converting between integer types ccojocar/gosec
2 participants
@ccojocar @findmyhappy