diff --git a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected
new file mode 100644
index 00000000000..8eaad5f4c9e
--- /dev/null
+++ b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected
@@ -0,0 +1,196 @@
+edges
+| IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectIntegerConversion.go:35:41:35:50 | type conversion |
+| IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:69:7:69:18 | type conversion |
+| IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:70:7:70:19 | type conversion |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:85:7:85:18 | type conversion |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:86:7:86:19 | type conversion |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:87:7:87:19 | type conversion |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:88:7:88:20 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:101:7:101:18 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:102:7:102:19 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:103:7:103:19 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:104:7:104:20 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:105:7:105:19 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:106:7:106:20 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:109:7:109:17 | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:110:7:110:18 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:117:7:117:18 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:118:7:118:19 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:119:7:119:19 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:120:7:120:20 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:121:7:121:19 | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:122:7:122:20 | type conversion |
+| IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:152:7:152:18 | type conversion |
+| IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:153:7:153:19 | type conversion |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:168:7:168:18 | type conversion |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:169:7:169:19 | type conversion |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:170:7:170:19 | type conversion |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:171:7:171:20 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:184:7:184:18 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:185:7:185:19 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:186:7:186:19 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:187:7:187:20 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:188:7:188:19 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:189:7:189:20 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:192:7:192:17 | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:193:7:193:18 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:200:7:200:18 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:201:7:201:19 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:202:7:202:19 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:203:7:203:20 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:204:7:204:19 | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:205:7:205:20 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:218:6:218:17 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:219:6:219:18 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:220:6:220:18 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:221:6:221:19 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:222:6:222:18 | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:223:6:223:19 | type conversion |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:240:7:240:18 | type conversion |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:241:7:241:23 | type conversion |
+| IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:261:8:261:19 | type conversion |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:282:8:282:21 | type conversion |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:287:7:287:19 | type conversion |
+| IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:307:7:307:18 | type conversion |
+| IncorrectIntegerConversion.go:313:2:313:47 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:317:7:317:19 | type conversion |
+nodes
+| IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectIntegerConversion.go:35:41:35:50 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:69:7:69:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:70:7:70:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:85:7:85:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:86:7:86:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:87:7:87:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:88:7:88:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:101:7:101:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:102:7:102:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:103:7:103:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:104:7:104:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:105:7:105:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:106:7:106:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:109:7:109:17 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:110:7:110:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:117:7:117:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:118:7:118:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:119:7:119:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:120:7:120:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:121:7:121:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:122:7:122:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:152:7:152:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:153:7:153:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:168:7:168:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:169:7:169:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:170:7:170:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:171:7:171:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:184:7:184:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:185:7:185:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:186:7:186:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:187:7:187:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:188:7:188:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:189:7:189:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:192:7:192:17 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:193:7:193:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:200:7:200:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:201:7:201:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:202:7:202:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:203:7:203:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:204:7:204:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:205:7:205:20 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectIntegerConversion.go:218:6:218:17 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:219:6:219:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:220:6:220:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:221:6:221:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:222:6:222:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:223:6:223:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:240:7:240:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:241:7:241:23 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectIntegerConversion.go:261:8:261:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectIntegerConversion.go:282:8:282:21 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:287:7:287:19 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:307:7:307:18 | type conversion | semmle.label | type conversion |
+| IncorrectIntegerConversion.go:313:2:313:47 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectIntegerConversion.go:317:7:317:19 | type conversion | semmle.label | type conversion |
+#select
+| IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] | IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectIntegerConversion.go:35:41:35:50 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:69:7:69:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:70:7:70:19 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:85:7:85:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:86:7:86:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:87:7:87:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:88:7:88:20 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:101:7:101:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:102:7:102:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:103:7:103:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:104:7:104:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:105:7:105:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:106:7:106:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint32 without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:109:7:109:17 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type int without an upper bound check. |
+| IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:110:7:110:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:117:7:117:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:118:7:118:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:119:7:119:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:120:7:120:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:121:7:121:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:122:7:122:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint32 without an upper bound check. |
+| IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:152:7:152:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseUint to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:153:7:153:19 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:168:7:168:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:169:7:169:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:170:7:170:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:171:7:171:20 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:184:7:184:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:185:7:185:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:186:7:186:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:187:7:187:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:188:7:188:19 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:189:7:189:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint32 without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:192:7:192:17 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type int without an upper bound check. |
+| IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:193:7:193:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:200:7:200:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:201:7:201:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:202:7:202:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:203:7:203:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:204:7:204:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:205:7:205:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint32 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:218:6:218:17 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:219:6:219:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:220:6:220:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:221:6:221:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:222:6:222:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int32 without an upper bound check. |
+| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:223:6:223:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint32 without an upper bound check. |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:240:7:240:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:241:7:241:23 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int16 without an upper bound check. |
+| IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] | IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:261:8:261:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int8 without an upper bound check. |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:282:8:282:21 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. |
+| IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:287:7:287:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] | IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:307:7:307:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |
+| IncorrectIntegerConversion.go:313:2:313:47 | ... := ...[0] | IncorrectIntegerConversion.go:313:2:313:47 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:317:7:317:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int16 without an upper bound check. |
diff --git a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go
new file mode 100644
index 00000000000..e4d7419759d
--- /dev/null
+++ b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go
@@ -0,0 +1,319 @@
+package main
+
+import (
+	"math"
+	"strconv"
+)
+
+func main() {
+
+}
+
+type something struct {
+}
+type config struct {
+}
+type registry struct {
+}
+
+func lookupTarget(conf *config, num int32) (int32, error) {
+	return 567, nil
+}
+func lookupNumberByName(reg *registry, name string) (int32, error) {
+	return 567, nil
+}
+func lab(s string) (*something, error) {
+	num, err := strconv.Atoi(s)
+
+	if err != nil {
+		number, err := lookupNumberByName(&registry{}, s)
+		if err != nil {
+			return nil, err
+		}
+		num = int(number)
+	}
+	target, err := lookupTarget(&config{}, int32(num)) // NOT OK
+	if err != nil {
+		return nil, err
+	}
+
+	// convert the resolved target number back to a string
+
+	s = strconv.Itoa(int(target))
+
+	return nil, nil
+}
+
+func testParseInt() {
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 8)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // OK
+		_ = uint8(parsed)  // OK
+		_ = int16(parsed)  // OK
+		_ = uint16(parsed) // OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 16)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // OK
+		_ = uint16(parsed) // OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 64)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // NOT OK
+		_ = uint32(parsed) // NOT OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // NOT OK
+		_ = uint(parsed)   // NOT OK
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 0)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // NOT OK
+		_ = uint32(parsed) // NOT OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+}
+
+func testParseUint() {
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 8)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // OK
+		_ = uint8(parsed)  // OK
+		_ = int16(parsed)  // OK
+		_ = uint16(parsed) // OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 16)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // OK
+		_ = uint16(parsed) // OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // OK
+		_ = uint32(parsed) // OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 64)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // NOT OK
+		_ = uint32(parsed) // NOT OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // NOT OK
+		_ = uint(parsed)   // NOT OK
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 0)
+		if err != nil {
+			panic(err)
+		}
+		_ = int8(parsed)   // NOT OK
+		_ = uint8(parsed)  // NOT OK
+		_ = int16(parsed)  // NOT OK
+		_ = uint16(parsed) // NOT OK
+		_ = int32(parsed)  // NOT OK
+		_ = uint32(parsed) // NOT OK
+		_ = int64(parsed)  // OK
+		_ = uint64(parsed) // OK
+		_ = int(parsed)    // OK
+		_ = uint(parsed)   // OK
+	}
+}
+
+func testAtoi() {
+	parsed, err := strconv.Atoi("3456")
+	if err != nil {
+		panic(err)
+	}
+	_ = int8(parsed)   // NOT OK
+	_ = uint8(parsed)  // NOT OK
+	_ = int16(parsed)  // NOT OK
+	_ = uint16(parsed) // NOT OK
+	_ = int32(parsed)  // NOT OK
+	_ = uint32(parsed) // NOT OK
+	_ = int64(parsed)  // OK
+	_ = uint64(parsed) // OK
+	_ = int(parsed)    // OK
+	_ = uint(parsed)   // OK
+}
+
+type customInt int16
+
+// these should be caught:
+func typeAliases(input string) {
+	{
+		parsed, err := strconv.ParseInt(input, 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		// NOTE: byte is uint8
+		_ = byte(parsed)      // NOT OK
+		_ = customInt(parsed) // NOT OK
+	}
+}
+
+func testBoundsChecking(input string) {
+	{
+		parsed, err := strconv.Atoi(input)
+		if err != nil {
+			panic(err)
+		}
+		if parsed <= math.MaxInt8 && parsed >= math.MinInt8 {
+			_ = int8(parsed) // OK
+		}
+		if parsed < math.MaxInt8 {
+			_ = int8(parsed) // OK (because we only check for upper bounds)
+			if parsed >= 0 {
+				_ = int16(parsed) // OK
+			}
+		}
+		if parsed >= math.MinInt8 {
+			_ = int8(parsed) // NOT OK
+			if parsed <= 0 {
+				_ = int16(parsed) // OK
+			}
+		}
+	}
+	{
+		parsed, err := strconv.ParseUint(input, 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		if parsed <= math.MaxInt8 {
+			_ = uint8(parsed) // OK
+		}
+		if parsed < 5 {
+			_ = uint16(parsed) // OK
+		}
+		if err == nil && 1 == 1 && parsed < math.MaxInt8 {
+			_ = int8(parsed) // OK
+		}
+		if parsed > 42 {
+			_ = uint16(parsed) // NOT OK
+		}
+		if parsed < 5 {
+			return
+		}
+		_ = uint8(parsed) // OK
+	}
+}
+
+func testRightShifted(input string) {
+	{
+		parsed, err := strconv.ParseInt(input, 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = byte(parsed) // OK
+		_ = byte(parsed >> 8)
+		_ = byte(parsed >> 16)
+		_ = byte(parsed >> 24)
+	}
+	{
+		parsed, err := strconv.ParseInt(input, 10, 16)
+		if err != nil {
+			panic(err)
+		}
+		_ = byte(parsed) // NOT OK
+		_ = byte(parsed << 8)
+	}
+}
+
+func testPathWithMoreThanOneSink(input string) {
+	parsed, err := strconv.ParseInt(input, 10, 32)
+	if err != nil {
+		panic(err)
+	}
+	v := int16(parsed) // NOT OK
+	_ = int8(v)        // OK
+}
diff --git a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref
new file mode 100644
index 00000000000..47d8c34c0ee
--- /dev/null
+++ b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref
@@ -0,0 +1 @@
+Security/CWE-681/IncorrectIntegerConversion.ql