Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

G115: False positive int->uint16 with guard #1204

Closed
stephenc opened this issue Sep 3, 2024 · 2 comments
Closed

G115: False positive int->uint16 with guard #1204

stephenc opened this issue Sep 3, 2024 · 2 comments

Comments

@stephenc
Copy link

stephenc commented Sep 3, 2024

Summary

False positive when converting int to uint16 even with a guard

Steps to reproduce the behavior

	for i, port := range ports {
		if port < 0 || port > math.MaxUint16 {
			t.Fatalf("unexpected port %d returned, expecting range 0-%d", port, math.MaxUint16)
		}

		uports[i] = uint16(port) // #nosec G115
	}

gosec version

v2.20.1-0.20240822074752-ab3f6c1c83a0

Go version (output of 'go version')

go version go1.23.0 darwin/arm64

Operating system / Environment

OS-X

Expected behavior

I expect the range check to suppress the warning, I also expect an explicit bitmask to have the same effect, e.g. uports[i] = uint16(port & 0xffff)

Actual behavior

Both of these flag as G115 and require the // #nosec G115 comment to have the linter pass
@czechbol
Copy link
Contributor

czechbol commented Sep 4, 2024

This issue should've been resolved by #1194 which was merged just now.

@ccojocar
Copy link
Member

ccojocar commented Sep 4, 2024

fixed by #1194

@ccojocar ccojocar closed this as completed Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stephenc @ccojocar @czechbol