Fix G115 false positive when going from parsed uint to larger int

Signed-off-by: Dave Henderson <[email protected]>
securego · Nov 26, 2024 · 9b13cd5 · 9b13cd5
1 parent 08ea2a5
commit 9b13cd5
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/analyzers/conversion_overflow.go b/analyzers/conversion_overflow.go
@@ -226,7 +226,12 @@ func isStringToIntConversion(instr *ssa.Convert, dstType string) bool {
 						if err != nil {
 							return false
 						}
-						isSafe := bitSizeValue <= dstInt.size && signed == dstInt.signed
+
+						// we're good if:
+						// - signs match and bit size is <= than destination
+						// - parsing unsigned and bit size is < than destination
+						isSafe := (bitSizeValue <= dstInt.size && signed == dstInt.signed) ||
+							(bitSizeValue < dstInt.size && !signed)
 						return isSafe
 					}
 				}

diff --git a/testutils/g115_samples.go b/testutils/g115_samples.go
@@ -426,6 +426,40 @@ import (
         "strconv"
 )
 
+func main() {
+        var a string = "13"
+        b, _ := strconv.ParseUint(a, 10, 16)
+        c := int(b)
+        fmt.Printf("%d\n", c)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "strconv"
+)
+
+func main() {
+        var a string = "13"
+        b, _ := strconv.ParseUint(a, 10, 31)
+        c := int32(b)
+        fmt.Printf("%d\n", c)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "strconv"
+)
+
 func main() {
         var a string = "13"
         b, _ := strconv.ParseInt(a, 10, 8)