If a numeric value string is parsed using strconv.Atoi into an int, and subsequently that int
- is converted into another type of a lower bit size, the result can produce unexpected values.
+ is converted into another type of a smaller size, the result can produce unexpected values.
- This also applie to the results of strconv.ParseFloat, strconv.ParseInt,
- and strconv.ParseUint when the specified bit size is higher than the bit size of the
+ This also applies to the results of strconv.ParseFloat, strconv.ParseInt,
+ and strconv.ParseUint when the specified size is larger than the size of the
type that number is converted to.
- If you need to parse numeric values with specific bit sizes, avoid strconv.Atoi, and, instead,
+ If you need to parse numeric values with specific bit sizes, avoid strconv.Atoi, and instead
use the functions specific to each type (strconv.ParseFloat, strconv.ParseInt,
strconv.ParseUint) that also allow to specify the wanted bit size.
- When using those functions, be careful to not convert the result to another type with a lower bit size than + When using those functions, be careful to not convert the result to another type with a smaller bit size than the bit size you specified when parsing the number.
If this is not possible, then add upper (and lower) bound checks specific to each type and - bit size (you can find the min and max value for each type in the `math` package). + bit size (you can find the minimum and maximum value for each type in the `math` package).
- The bounds are not checked, so this means that if the provided number is greater than max int32,
+ The bounds are not checked, so this means that if the provided number is greater than the maximum value of type int32,
the resulting value from the conversion will be different from the actual provided value.
To avoid unexpected values, you should either use the other functions provided by the strconv
- package to parse the specific types and bit sizes; in this case, strconv.ParseInt as you
- can see in parseAllocateGood2 function; or check bounds as in parseAllocateGood1
+ package to parse the specific types and bit sizes as shown in the
+ parseAllocateGood2 function; or check bounds as in the parseAllocateGood1
function.
- If the provided number is greater than max int32, the resulting value from the conversion will be
+ If the provided number is greater than the maximum value of type int32, the resulting value from the conversion will be
different from the actual provided value.
@@ -70,4 +70,4 @@ mitre.org: CWE-190: Integer Overflow or Wraparound. - \ No newline at end of file + diff --git a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql index 1746f70701a..e9fa0ad8d95 100644 --- a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql +++ b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql @@ -1,10 +1,11 @@ /** - * @name Incorrect Conversion between Numeric Types + * @name Incorrect conversion between numeric types * @description Converting the result of strconv.Atoi (and other parsers from strconv package) - * to numeric types of lower bit size can produce unexpected values. + * to numeric types of smaller bit size can produce unexpected values. * @kind path-problem * @id go/incorrect-numeric-conversion * @tags security + * external/cwe/cwe-190 * external/cwe/cwe-681 */