From 127cd3d003e9ea1d5b3cd8dbd944038fd2835164 Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Thu, 30 Apr 2020 16:45:34 +0300
Subject: [PATCH] Refactor query

---
 .../CWE-681/IncorrectNumericConversion.ql     | 231 ++++++++----------
 .../IncorrectNumericConversion.expected       | 120 ++++-----
 2 files changed, 165 insertions(+), 186 deletions(-)

diff --git a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
index d2c9b7f590c..1746f70701a 100644
--- a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
+++ b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
@@ -27,66 +27,95 @@ class ParseUint extends Function {
   ParseUint() { this.hasQualifiedName("strconv", "ParseUint") }
 }
 
-/**
- * A type conversion expression towards a numeric type that has
- * a bit size equal to or lower than 32 bits.
- */
-class Lte32BitNumericConversionExpr extends ConversionExpr {
-  string conversionTypeName;
+module ParserCall {
+  /**
+   * A data-flow call node that parses a number.
+   */
+  abstract class Range extends DataFlow::CallNode {
+    /** Gets the bit size of the result number. */
+    abstract int getTargetBitSize();
 
-  Lte32BitNumericConversionExpr() {
+    /** Gets the name of the parser function. */
+    abstract string getParserName();
+  }
+}
+
+class ParserCall extends DataFlow::CallNode {
+  ParserCall::Range self;
+
+  ParserCall() { this = self }
+
+  int getTargetBitSize() { result = self.getTargetBitSize() }
+
+  string getParserName() { result = self.getParserName() }
+}
+
+int archBasedBitSize() { result = 0 }
+
+class AtoiCall extends DataFlow::CallNode, ParserCall::Range {
+  AtoiCall() { exists(Atoi atoi | this = atoi.getACall()) }
+
+  override int getTargetBitSize() { result = archBasedBitSize() }
+
+  override string getParserName() { result = "strconv.Atoi" }
+}
+
+class ParseIntCall extends DataFlow::CallNode, ParserCall::Range {
+  ParseIntCall() { exists(ParseInt parseInt | this = parseInt.getACall()) }
+
+  override int getTargetBitSize() { result = this.getArgument(2).getIntValue() }
+
+  override string getParserName() { result = "strconv.ParseInt" }
+}
+
+class ParseUintCall extends DataFlow::CallNode, ParserCall::Range {
+  ParseUintCall() { exists(ParseUint parseUint | this = parseUint.getACall()) }
+
+  override int getTargetBitSize() { result = this.getArgument(2).getIntValue() }
+
+  override string getParserName() { result = "strconv.ParseUint" }
+}
+
+class ParseFloatCall extends DataFlow::CallNode, ParserCall::Range {
+  ParseFloatCall() { exists(ParseFloat parseFloat | this = parseFloat.getACall()) }
+
+  override int getTargetBitSize() { result = this.getArgument(1).getIntValue() }
+
+  override string getParserName() { result = "strconv.ParseFloat" }
+}
+
+class NumericConversionExpr extends ConversionExpr {
+  string fullTypeName;
+  int bitSize;
+
+  NumericConversionExpr() {
     exists(ConversionExpr conv |
-      conversionTypeName = conv.getTypeExpr().getType().getUnderlyingType*().getName() and
+      fullTypeName = conv.getTypeExpr().getType().getUnderlyingType*().getName() and
       (
-        // anything lower than int64:
-        conversionTypeName = ["int8", "int16", "int32"]
+        // 8 bit
+        fullTypeName = ["int8", "uint8"] and
+        bitSize = 8
         or
-        // anything lower than uint64:
-        conversionTypeName = ["uint8", "uint16", "uint32"]
+        // 16 bit
+        fullTypeName = ["int16", "uint16"] and
+        bitSize = 16
         or
-        // anything lower than float64:
-        conversionTypeName = "float32"
+        // 32 bit
+        fullTypeName = ["int32", "uint32", "float32"] and
+        bitSize = 32
+        or
+        // 64 bit
+        fullTypeName = ["int64", "uint64", "float64"] and
+        bitSize = 64
       )
     |
       this = conv
     )
   }
 
-  string getTypeName() { result = conversionTypeName }
-}
+  string getFullTypeName() { result = fullTypeName }
 
-/**
- * A type conversion expression towards a numeric type that has
- * a bit size equal to or lower than 16 bits.
- */
-class Lte16BitNumericConversionExpr extends Lte32BitNumericConversionExpr {
-  Lte16BitNumericConversionExpr() {
-    conversionTypeName = this.getTypeName() and
-    (
-      // anything lower than int32:
-      conversionTypeName = ["int8", "int16"]
-      or
-      // anything lower than uint32:
-      conversionTypeName = ["uint8", "uint16"]
-    )
-  }
-}
-
-/**
- * A type conversion expression towards a numeric type that has
- * a bit size equal to 8 bits.
- */
-class Lte8BitNumericConversionExpr extends Lte16BitNumericConversionExpr {
-  Lte8BitNumericConversionExpr() {
-    conversionTypeName = this.getTypeName() and
-    (
-      // anything lower than int16:
-      conversionTypeName = "int8"
-      or
-      // anything lower than uint16:
-      conversionTypeName = "uint8"
-    )
-  }
+  int getBitSize() { result = bitSize }
 }
 
 /**
@@ -106,33 +135,15 @@ class IfRelationalComparison extends IfStmt {
 /**
  * Flow of result of parsing a 64 bit number, to conversion to lower bit numbers.
  */
-class Lte64FlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
-  Lte64FlowConfig() { this = "Lte64FlowConfig" }
+class Lt64BitFlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
+  Lt64BitFlowConfig() { this = "Lt64BitFlowConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(Atoi atoi | source = atoi.getACall().getResult(0))
-    or
-    exists(ParseFloat parseFloat, DataFlow::CallNode call |
-      call = parseFloat.getACall() and call.getArgument(1).getIntValue() = 64
-    |
-      source = call.getResult(0)
-    )
-    or
-    exists(ParseInt parseInt, DataFlow::CallNode call |
-      call = parseInt.getACall() and call.getArgument(2).getIntValue() = [0, 64]
-    |
-      source = call.getResult(0)
-    )
-    or
-    exists(ParseUint parseUint, DataFlow::CallNode call |
-      call = parseUint.getACall() and call.getArgument(2).getIntValue() = [0, 64]
-    |
-      source = call.getResult(0)
-    )
+    exists(ParserCall call | call.getTargetBitSize() = [0, 64] | source = call)
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(Lte32BitNumericConversionExpr conv | sink.asExpr() = conv)
+    exists(NumericConversionExpr conv | conv.getBitSize() = [32, 16, 8] | sink.asExpr() = conv)
   }
 
   override predicate isSanitizerIn(DataFlow::Node node) { isSanitizedInsideAnIfBoundCheck(node) }
@@ -141,31 +152,15 @@ class Lte64FlowConfig extends TaintTracking::Configuration, DataFlow::Configurat
 /**
  * Flow of result of parsing a 32 bit number, to conversion to lower bit numbers.
  */
-class Lte32FlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
-  Lte32FlowConfig() { this = "Lte32FlowConfig" }
+class Lt32BitFlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
+  Lt32BitFlowConfig() { this = "Lt32BitFlowConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(ParseFloat parseFloat, DataFlow::CallNode call |
-      call = parseFloat.getACall() and call.getArgument(1).getIntValue() = 32
-    |
-      source = call.getResult(0)
-    )
-    or
-    exists(ParseInt parseInt, DataFlow::CallNode call |
-      call = parseInt.getACall() and call.getArgument(2).getIntValue() = 32
-    |
-      source = call.getResult(0)
-    )
-    or
-    exists(ParseUint parseUint, DataFlow::CallNode call |
-      call = parseUint.getACall() and call.getArgument(2).getIntValue() = 32
-    |
-      source = call.getResult(0)
-    )
+    exists(ParserCall call | call.getTargetBitSize() = [/*0,*/ 32] | source = call)
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(Lte16BitNumericConversionExpr conv | sink.asExpr() = conv)
+    exists(NumericConversionExpr conv | conv.getBitSize() = [16, 8] | sink.asExpr() = conv)
   }
 
   override predicate isSanitizerIn(DataFlow::Node node) { isSanitizedInsideAnIfBoundCheck(node) }
@@ -174,25 +169,15 @@ class Lte32FlowConfig extends TaintTracking::Configuration, DataFlow::Configurat
 /**
  * Flow of result of parsing a 16 bit number, to conversion to lower bit numbers.
  */
-class Lte16FlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
-  Lte16FlowConfig() { this = "Lte16FlowConfig" }
+class Lt16BitFlowConfig extends TaintTracking::Configuration, DataFlow::Configuration {
+  Lt16BitFlowConfig() { this = "Lt16BitFlowConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(ParseInt parseInt, DataFlow::CallNode call |
-      call = parseInt.getACall() and call.getArgument(2).getIntValue() = 16
-    |
-      source = call.getResult(0)
-    )
-    or
-    exists(ParseUint parseUint, DataFlow::CallNode call |
-      call = parseUint.getACall() and call.getArgument(2).getIntValue() = 16
-    |
-      source = call.getResult(0)
-    )
+    exists(ParserCall call | call.getTargetBitSize() = 16 | source = call)
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(Lte8BitNumericConversionExpr conv | sink.asExpr() = conv)
+    exists(NumericConversionExpr conv | conv.getBitSize() = 8 | sink.asExpr() = conv)
   }
 
   override predicate isSanitizerIn(DataFlow::Node node) { isSanitizedInsideAnIfBoundCheck(node) }
@@ -203,15 +188,14 @@ class Lte16FlowConfig extends TaintTracking::Configuration, DataFlow::Configurat
  * the `if` condition contains an upper bound check on the conversion operand.
  */
 predicate isSanitizedInsideAnIfBoundCheck(DataFlow::Node node) {
-  exists(IfRelationalComparison comp, Lte32BitNumericConversionExpr conv |
-    // NOTE: using Lte32BitNumericConversionExpr because it also catches
-    // any lower bit conversions.
-    conv = node.asExpr().(Lte32BitNumericConversionExpr) and
+  exists(IfRelationalComparison comp, NumericConversionExpr conv |
+    conv = node.asExpr().(NumericConversionExpr) and
+    conv.getBitSize() = [8, 16, 32] and
     comp.getThen().getAChild*() = conv and
     (
       // If the conversion is inside an `if` block that compares the source as
       // `source > 0` or `source >= 0`, then that sanitizes conversion of int to int32;
-      conv.getTypeName() = "int32" and
+      conv.getFullTypeName() = "int32" and
       comp.getComparison().getLesserOperand().getNumericValue() = 0 and
       comp.getComparison().getGreaterOperand().getGlobalValueNumber() =
         conv.getOperand().getGlobalValueNumber()
@@ -244,9 +228,9 @@ int getMaxUint16() { result = 2.pow(16) - 1 }
  * the greater operand is equal to `value`, and the lesses operand is the conversion operand.
  */
 predicate comparisonGreaterOperandValueIsEqual(
-  string typeName, IfRelationalComparison ifExpr, Lte32BitNumericConversionExpr conv, int value
+  string typeName, IfRelationalComparison ifExpr, NumericConversionExpr conv, int value
 ) {
-  conv.getTypeName() = typeName and
+  conv.getFullTypeName() = typeName and
   (
     // exclude cases like: if parsed < math.MaxInt8 {return int8(parsed)}
     exists(RelationalComparisonExpr comp | comp = ifExpr.getComparison() |
@@ -268,23 +252,18 @@ predicate comparisonGreaterOperandValueIsEqual(
   )
 }
 
-string getParserQualifiedNameFromResultType(string resultTypeName) {
-  resultTypeName = "int" and result = "strconv.Atoi"
+string formatBitSize(ParserCall call) {
+  call.getTargetBitSize() = 0 and result = "(arch-dependent)"
   or
-  resultTypeName = "int64" and result = "strconv.ParseInt"
-  or
-  resultTypeName = "uint64" and result = "strconv.ParseUint"
-  or
-  resultTypeName = "float64" and result = "strconv.ParseFloat"
+  call.getTargetBitSize() > 0 and result = call.getTargetBitSize().toString()
 }
 
 from DataFlow::PathNode source, DataFlow::PathNode sink
 where
-  exists(Lte64FlowConfig cfg | cfg.hasFlowPath(source, sink)) or
-  exists(Lte32FlowConfig cfg | cfg.hasFlowPath(source, sink)) or
-  exists(Lte16FlowConfig cfg | cfg.hasFlowPath(source, sink))
-select source, source, sink,
-  "Incorrect type conversion of " + source.getNode().getType() + " from " +
-    getParserQualifiedNameFromResultType(source.getNode().getType().toString()) +
-    " result to a lower bit size type " +
-    sink.getNode().asExpr().(Lte32BitNumericConversionExpr).getTypeName()
+  exists(Lt64BitFlowConfig cfg | cfg.hasFlowPath(source, sink)) or
+  exists(Lt32BitFlowConfig cfg | cfg.hasFlowPath(source, sink)) or
+  exists(Lt16BitFlowConfig cfg | cfg.hasFlowPath(source, sink))
+select source.getNode(), source, sink,
+  "Incorrect conversion of a " + formatBitSize(source.getNode().(ParserCall)) + "-bit number from " +
+    source.getNode().(ParserCall).getParserName() + " result to a lower bit size type " +
+    sink.getNode().asExpr().(NumericConversionExpr).getFullTypeName()
diff --git a/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected b/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected
index 4cc0102be01..64aa194012e 100644
--- a/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected
+++ b/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected
@@ -1,83 +1,83 @@
 edges
-| IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectNumericConversion.go:35:41:35:50 | type conversion |
-| IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:57:7:57:19 | type conversion |
-| IncorrectNumericConversion.go:60:3:60:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:64:7:64:19 | type conversion |
-| IncorrectNumericConversion.go:69:3:69:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:73:7:73:18 | type conversion |
-| IncorrectNumericConversion.go:76:3:76:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:80:7:80:19 | type conversion |
-| IncorrectNumericConversion.go:83:3:83:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:87:7:87:19 | type conversion |
-| IncorrectNumericConversion.go:90:3:90:48 | ... := ...[0] : int64 | IncorrectNumericConversion.go:94:7:94:19 | type conversion |
-| IncorrectNumericConversion.go:99:3:99:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:103:7:103:18 | type conversion |
-| IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:110:7:110:19 | type conversion |
-| IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:117:7:117:19 | type conversion |
-| IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:124:7:124:19 | type conversion |
-| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:212:7:212:18 | type conversion |
-| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:219:7:219:19 | type conversion |
-| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:226:7:226:19 | type conversion |
-| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:233:7:233:19 | type conversion |
-| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:240:7:240:20 | type conversion |
-| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:247:7:247:20 | type conversion |
-| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:254:7:254:21 | type conversion |
-| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:262:7:262:18 | type conversion |
-| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:270:7:270:23 | type conversion |
+| IncorrectNumericConversion.go:26:14:26:28 | call to Atoi : tuple type | IncorrectNumericConversion.go:35:41:35:50 | type conversion |
+| IncorrectNumericConversion.go:53:18:53:47 | call to ParseFloat : tuple type | IncorrectNumericConversion.go:57:7:57:19 | type conversion |
+| IncorrectNumericConversion.go:60:18:60:47 | call to ParseFloat : tuple type | IncorrectNumericConversion.go:64:7:64:19 | type conversion |
+| IncorrectNumericConversion.go:69:18:69:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:73:7:73:18 | type conversion |
+| IncorrectNumericConversion.go:76:18:76:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:80:7:80:19 | type conversion |
+| IncorrectNumericConversion.go:83:18:83:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:87:7:87:19 | type conversion |
+| IncorrectNumericConversion.go:90:18:90:48 | call to ParseInt : tuple type | IncorrectNumericConversion.go:94:7:94:19 | type conversion |
+| IncorrectNumericConversion.go:99:18:99:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:103:7:103:18 | type conversion |
+| IncorrectNumericConversion.go:106:18:106:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:110:7:110:19 | type conversion |
+| IncorrectNumericConversion.go:113:18:113:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:117:7:117:19 | type conversion |
+| IncorrectNumericConversion.go:120:18:120:49 | call to ParseUint : tuple type | IncorrectNumericConversion.go:124:7:124:19 | type conversion |
+| IncorrectNumericConversion.go:208:18:208:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:212:7:212:18 | type conversion |
+| IncorrectNumericConversion.go:215:18:215:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:219:7:219:19 | type conversion |
+| IncorrectNumericConversion.go:222:18:222:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:226:7:226:19 | type conversion |
+| IncorrectNumericConversion.go:229:18:229:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:233:7:233:19 | type conversion |
+| IncorrectNumericConversion.go:236:18:236:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:240:7:240:20 | type conversion |
+| IncorrectNumericConversion.go:243:18:243:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:247:7:247:20 | type conversion |
+| IncorrectNumericConversion.go:250:18:250:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:254:7:254:21 | type conversion |
+| IncorrectNumericConversion.go:257:18:257:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:262:7:262:18 | type conversion |
+| IncorrectNumericConversion.go:266:18:266:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:270:7:270:23 | type conversion |
 nodes
-| IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:26:14:26:28 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:35:41:35:50 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | semmle.label | ... := ...[0] : float64 |
+| IncorrectNumericConversion.go:53:18:53:47 | call to ParseFloat : tuple type | semmle.label | call to ParseFloat : tuple type |
 | IncorrectNumericConversion.go:57:7:57:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:60:3:60:47 | ... := ...[0] : float64 | semmle.label | ... := ...[0] : float64 |
+| IncorrectNumericConversion.go:60:18:60:47 | call to ParseFloat : tuple type | semmle.label | call to ParseFloat : tuple type |
 | IncorrectNumericConversion.go:64:7:64:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:69:3:69:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectNumericConversion.go:69:18:69:49 | call to ParseInt : tuple type | semmle.label | call to ParseInt : tuple type |
 | IncorrectNumericConversion.go:73:7:73:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:76:3:76:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectNumericConversion.go:76:18:76:49 | call to ParseInt : tuple type | semmle.label | call to ParseInt : tuple type |
 | IncorrectNumericConversion.go:80:7:80:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:83:3:83:49 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectNumericConversion.go:83:18:83:49 | call to ParseInt : tuple type | semmle.label | call to ParseInt : tuple type |
 | IncorrectNumericConversion.go:87:7:87:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:90:3:90:48 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 |
+| IncorrectNumericConversion.go:90:18:90:48 | call to ParseInt : tuple type | semmle.label | call to ParseInt : tuple type |
 | IncorrectNumericConversion.go:94:7:94:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:99:3:99:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectNumericConversion.go:99:18:99:50 | call to ParseUint : tuple type | semmle.label | call to ParseUint : tuple type |
 | IncorrectNumericConversion.go:103:7:103:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectNumericConversion.go:106:18:106:50 | call to ParseUint : tuple type | semmle.label | call to ParseUint : tuple type |
 | IncorrectNumericConversion.go:110:7:110:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectNumericConversion.go:113:18:113:50 | call to ParseUint : tuple type | semmle.label | call to ParseUint : tuple type |
 | IncorrectNumericConversion.go:117:7:117:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
+| IncorrectNumericConversion.go:120:18:120:49 | call to ParseUint : tuple type | semmle.label | call to ParseUint : tuple type |
 | IncorrectNumericConversion.go:124:7:124:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:208:18:208:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:212:7:212:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:215:18:215:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:219:7:219:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:222:18:222:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:226:7:226:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:229:18:229:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:233:7:233:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:236:18:236:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:240:7:240:20 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:243:18:243:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:247:7:247:20 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:250:18:250:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:254:7:254:21 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:257:18:257:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:262:7:262:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:266:18:266:36 | call to Atoi : tuple type | semmle.label | call to Atoi : tuple type |
 | IncorrectNumericConversion.go:270:7:270:23 | type conversion | semmle.label | type conversion |
 #select
-| IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectNumericConversion.go:35:41:35:50 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:57:7:57:19 | type conversion | Incorrect type conversion of float64 from strconv.ParseFloat result to a lower bit size type int16 |
-| IncorrectNumericConversion.go:60:3:60:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:60:3:60:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:64:7:64:19 | type conversion | Incorrect type conversion of float64 from strconv.ParseFloat result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:69:3:69:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:69:3:69:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:73:7:73:18 | type conversion | Incorrect type conversion of int64 from strconv.ParseInt result to a lower bit size type int8 |
-| IncorrectNumericConversion.go:76:3:76:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:76:3:76:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:80:7:80:19 | type conversion | Incorrect type conversion of int64 from strconv.ParseInt result to a lower bit size type int16 |
-| IncorrectNumericConversion.go:83:3:83:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:83:3:83:49 | ... := ...[0] : int64 | IncorrectNumericConversion.go:87:7:87:19 | type conversion | Incorrect type conversion of int64 from strconv.ParseInt result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:90:3:90:48 | ... := ...[0] : int64 | IncorrectNumericConversion.go:90:3:90:48 | ... := ...[0] : int64 | IncorrectNumericConversion.go:94:7:94:19 | type conversion | Incorrect type conversion of int64 from strconv.ParseInt result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:99:3:99:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:99:3:99:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:103:7:103:18 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int8 |
-| IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:110:7:110:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int16 |
-| IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:117:7:117:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:124:7:124:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:212:7:212:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int8 |
-| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:219:7:219:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
-| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:226:7:226:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:233:7:233:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
-| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:240:7:240:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint16 |
-| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:247:7:247:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint32 |
-| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:254:7:254:21 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type float32 |
-| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:262:7:262:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
-| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:270:7:270:23 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:26:14:26:28 | call to Atoi | IncorrectNumericConversion.go:26:14:26:28 | call to Atoi : tuple type | IncorrectNumericConversion.go:35:41:35:50 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:53:18:53:47 | call to ParseFloat | IncorrectNumericConversion.go:53:18:53:47 | call to ParseFloat : tuple type | IncorrectNumericConversion.go:57:7:57:19 | type conversion | Incorrect conversion of a 32-bit number from strconv.ParseFloat result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:60:18:60:47 | call to ParseFloat | IncorrectNumericConversion.go:60:18:60:47 | call to ParseFloat : tuple type | IncorrectNumericConversion.go:64:7:64:19 | type conversion | Incorrect conversion of a 64-bit number from strconv.ParseFloat result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:69:18:69:49 | call to ParseInt | IncorrectNumericConversion.go:69:18:69:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:73:7:73:18 | type conversion | Incorrect conversion of a 16-bit number from strconv.ParseInt result to a lower bit size type int8 |
+| IncorrectNumericConversion.go:76:18:76:49 | call to ParseInt | IncorrectNumericConversion.go:76:18:76:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:80:7:80:19 | type conversion | Incorrect conversion of a 32-bit number from strconv.ParseInt result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:83:18:83:49 | call to ParseInt | IncorrectNumericConversion.go:83:18:83:49 | call to ParseInt : tuple type | IncorrectNumericConversion.go:87:7:87:19 | type conversion | Incorrect conversion of a 64-bit number from strconv.ParseInt result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:90:18:90:48 | call to ParseInt | IncorrectNumericConversion.go:90:18:90:48 | call to ParseInt : tuple type | IncorrectNumericConversion.go:94:7:94:19 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.ParseInt result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:99:18:99:50 | call to ParseUint | IncorrectNumericConversion.go:99:18:99:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:103:7:103:18 | type conversion | Incorrect conversion of a 16-bit number from strconv.ParseUint result to a lower bit size type int8 |
+| IncorrectNumericConversion.go:106:18:106:50 | call to ParseUint | IncorrectNumericConversion.go:106:18:106:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:110:7:110:19 | type conversion | Incorrect conversion of a 32-bit number from strconv.ParseUint result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:113:18:113:50 | call to ParseUint | IncorrectNumericConversion.go:113:18:113:50 | call to ParseUint : tuple type | IncorrectNumericConversion.go:117:7:117:19 | type conversion | Incorrect conversion of a 64-bit number from strconv.ParseUint result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:120:18:120:49 | call to ParseUint | IncorrectNumericConversion.go:120:18:120:49 | call to ParseUint : tuple type | IncorrectNumericConversion.go:124:7:124:19 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.ParseUint result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:208:18:208:36 | call to Atoi | IncorrectNumericConversion.go:208:18:208:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:212:7:212:18 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type int8 |
+| IncorrectNumericConversion.go:215:18:215:36 | call to Atoi | IncorrectNumericConversion.go:215:18:215:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:219:7:219:19 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:222:18:222:36 | call to Atoi | IncorrectNumericConversion.go:222:18:222:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:226:7:226:19 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:229:18:229:36 | call to Atoi | IncorrectNumericConversion.go:229:18:229:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:233:7:233:19 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type uint8 |
+| IncorrectNumericConversion.go:236:18:236:36 | call to Atoi | IncorrectNumericConversion.go:236:18:236:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:240:7:240:20 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type uint16 |
+| IncorrectNumericConversion.go:243:18:243:36 | call to Atoi | IncorrectNumericConversion.go:243:18:243:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:247:7:247:20 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type uint32 |
+| IncorrectNumericConversion.go:250:18:250:36 | call to Atoi | IncorrectNumericConversion.go:250:18:250:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:254:7:254:21 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type float32 |
+| IncorrectNumericConversion.go:257:18:257:36 | call to Atoi | IncorrectNumericConversion.go:257:18:257:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:262:7:262:18 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type uint8 |
+| IncorrectNumericConversion.go:266:18:266:36 | call to Atoi | IncorrectNumericConversion.go:266:18:266:36 | call to Atoi : tuple type | IncorrectNumericConversion.go:270:7:270:23 | type conversion | Incorrect conversion of a (arch-dependent)-bit number from strconv.Atoi result to a lower bit size type int16 |