From 67a7294d10c5430115802cdf2826089bebb0e9e4 Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Tue, 12 May 2020 12:51:13 +0300
Subject: [PATCH] Simplify and remove deprecated; add severity

---
 .../CWE-681/IncorrectNumericConversion.ql     | 31 +++++--------------
 1 file changed, 7 insertions(+), 24 deletions(-)

diff --git a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
index e9fa0ad8d95..82f2244f081 100644
--- a/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
+++ b/ql/src/experimental/CWE-681/IncorrectNumericConversion.ql
@@ -3,6 +3,7 @@
  * @description Converting the result of strconv.Atoi (and other parsers from strconv package)
  *              to numeric types of smaller bit size can produce unexpected values.
  * @kind path-problem
+ * @problem.severity warning
  * @id go/incorrect-numeric-conversion
  * @tags security
  *       external/cwe/cwe-190
@@ -28,6 +29,7 @@ class ParseUint extends Function {
   ParseUint() { this.hasQualifiedName("strconv", "ParseUint") }
 }
 
+/** Provides a class for modeling number parser calls. */
 module ParserCall {
   /**
    * A data-flow call node that parses a number.
@@ -51,12 +53,10 @@ class ParserCall extends DataFlow::CallNode {
   string getParserName() { result = self.getParserName() }
 }
 
-int archBasedBitSize() { result = 0 }
-
 class AtoiCall extends DataFlow::CallNode, ParserCall::Range {
   AtoiCall() { exists(Atoi atoi | this = atoi.getACall()) }
 
-  override int getTargetBitSize() { result = archBasedBitSize() }
+  override int getTargetBitSize() { result = 0 }
 
   override string getParserName() { result = "strconv.Atoi" }
 }
@@ -90,27 +90,10 @@ class NumericConversionExpr extends ConversionExpr {
   int bitSize;
 
   NumericConversionExpr() {
-    exists(ConversionExpr conv |
-      fullTypeName = conv.getTypeExpr().getType().getUnderlyingType*().getName() and
-      (
-        // 8 bit
-        fullTypeName = ["int8", "uint8"] and
-        bitSize = 8
-        or
-        // 16 bit
-        fullTypeName = ["int16", "uint16"] and
-        bitSize = 16
-        or
-        // 32 bit
-        fullTypeName = ["int32", "uint32", "float32"] and
-        bitSize = 32
-        or
-        // 64 bit
-        fullTypeName = ["int64", "uint64", "float64"] and
-        bitSize = 64
-      )
-    |
-      this = conv
+    exists(NumericType conv |
+      conv = getTypeExpr().getType().getUnderlyingType() and
+      fullTypeName = conv.getName() and
+      bitSize = conv.getSize()
     )
   }