From 89eae10d963525e11ffdb60312a3aaf256c97060 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 7 Aug 2020 14:57:55 +0100 Subject: [PATCH] Address review comments 2 --- .../CWE-681/IncorrectIntegerConversion.ql | 72 ++++++---- ql/src/semmle/go/frameworks/Stdlib.qll | 130 +++++------------- .../IncorrectIntegerConversion.expected | 40 +++--- 3 files changed, 101 insertions(+), 141 deletions(-) diff --git a/ql/src/Security/CWE-681/IncorrectIntegerConversion.ql b/ql/src/Security/CWE-681/IncorrectIntegerConversion.ql index b27f290ed05..58204f9869a 100644 --- a/ql/src/Security/CWE-681/IncorrectIntegerConversion.ql +++ b/ql/src/Security/CWE-681/IncorrectIntegerConversion.ql @@ -1,7 +1,8 @@ /** * @name Incorrect conversion between integer types - * @description Converting the result of strconv.Atoi, strconv.ParseInt and strconv.ParseUint - * to integer types of smaller bit size can produce unexpected values. + * @description Converting the result of `strconv.Atoi`, `strconv.ParseInt`, + * and `strconv.ParseUint` to integer types of smaller bit size + * can produce unexpected values. * @kind path-problem * @problem.severity warning * @id go/incorrect-integer-conversion @@ -19,7 +20,7 @@ import DataFlow::PathGraph * is true, unsigned otherwise) with `bitSize` bits. */ float getMaxIntValue(int bitSize, boolean isSigned) { - bitSize in [8, 16, 32, 64] and + bitSize in [8, 16, 32] and ( isSigned = true and result = 2.pow(bitSize - 1) - 1 or @@ -33,15 +34,15 @@ float getMaxIntValue(int bitSize, boolean isSigned) { * architecture-dependent. */ private predicate isIncorrectIntegerConversion(int sourceBitSize, int sinkBitSize) { - sourceBitSize in [0, 16, 32, 64] and - sinkBitSize in [0, 8, 16, 32] and - not (sourceBitSize = 0 and sinkBitSize = 0) and - exists(int source, int sink | - (if sourceBitSize = 0 then source = 64 else source = sourceBitSize) and - if sinkBitSize = 0 then sink = 32 else sink = sinkBitSize - | - source > sink - ) + sourceBitSize in [16, 32, 64] and + sinkBitSize in [8, 16, 32] and + sourceBitSize > sinkBitSize + or + sourceBitSize = 0 and + sinkBitSize in [8, 16, 32] + or + sourceBitSize = 64 and + sinkBitSize = 0 } /** @@ -57,15 +58,24 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration { ConversionWithoutBoundsCheckConfig() { sourceIsSigned in [true, false] and isIncorrectIntegerConversion(sourceBitSize, sinkBitSize) and - this = - sourceBitSize.toString() + sourceIsSigned.toString() + sinkBitSize.toString() + - "ConversionWithoutBoundsCheckConfig" + this = "ConversionWithoutBoundsCheckConfig" + sourceBitSize + sourceIsSigned + sinkBitSize } + int getSourceBitSize() { result = sourceBitSize } + override predicate isSource(DataFlow::Node source) { - exists(ParserCall pc, int bitSize | source = pc.getResult(0) | - (if pc.targetIsSigned() then sourceIsSigned = true else sourceIsSigned = false) and - (if pc.getTargetBitSize() = 0 then bitSize = 0 else bitSize = pc.getTargetBitSize()) and + exists(DataFlow::CallNode c, IntegerParser::Range ip, int bitSize | + c.getTarget() = ip and source = c.getResult(0) + | + ( + if ip.getResultType(0) instanceof SignedIntegerType + then sourceIsSigned = true + else sourceIsSigned = false + ) and + ( + bitSize = ip.getTargetBitSize() or + bitSize = ip.getTargetBitSizeInput().getNode(c).getIntValue() + ) and // `bitSize` could be any value between 0 and 64, but we can round // it up to the nearest size of an integer type without changing // behaviour. @@ -76,16 +86,14 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration { /** * Holds if `sink` is a typecast to an integer type with size `bitSize` (where * 0 represents architecture-dependent) and the expression being typecast is - * not also in a right-shift expression. + * not also in a right-shift expression. We allow this case because it is + * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on. */ predicate isSink(DataFlow::TypeCastNode sink, int bitSize) { exists(IntegerType integerType | sink.getType().getUnderlyingType() = integerType | bitSize = integerType.getSize() or - ( - integerType instanceof IntType or - integerType instanceof UintType - ) and + not exists(integerType.getSize()) and bitSize = 0 ) and not exists(ShrExpr shrExpr | @@ -131,12 +139,18 @@ class UpperBoundCheckGuard extends DataFlow::BarrierGuard, DataFlow::RelationalC } } +/** Gets a string describing the size of the integer parsed. */ +string describeBitSize(int bitSize) { + if bitSize != 0 + then bitSize in [8, 16, 32, 64] and result = "a " + bitSize + "-bit integer" + else result = "an integer with architecture-dependent bit size" +} + from DataFlow::PathNode source, DataFlow::PathNode sink, ConversionWithoutBoundsCheckConfig cfg, - ParserCall pc -where cfg.hasFlowPath(source, sink) and pc.getResult(0) = source.getNode() + DataFlow::CallNode call +where cfg.hasFlowPath(source, sink) and call.getResult(0) = source.getNode() select source.getNode(), source, sink, - "Incorrect conversion of " + pc.getBitSizeString() + " from " + pc.getParserName() + - " to a lower bit size type " + - sink.getNode().(DataFlow::TypeCastNode).getType().getUnderlyingType().getName() + - " without an upper bound check." + "Incorrect conversion of " + describeBitSize(cfg.getSourceBitSize()) + " from " + + call.getTarget().getQualifiedName() + " to a lower bit size type " + + sink.getNode().getType().getUnderlyingType().getName() + " without an upper bound check." diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index 17ded52c27a..93eac91ba01 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -507,119 +507,65 @@ module Path { } } +/** Provides a class for modeling functions which convert strings into integers. */ +module IntegerParser { + /** + * A function that converts strings into integers. + * + * Extend this class to model new APIs. If you want to refine existing API models, + * extend `IntegerParser` instead. + */ + abstract class Range extends Function { + /** + * Gets the maximum bit size of the return value, if this makes + * sense, where 0 represents the bit size of `int` and `uint`. + */ + int getTargetBitSize() { none() } + + /** + * Gets the `FunctionInput` containing the maximum bit size of the + * return value, if this makes sense, where 0 represents the bit + * size of `int` and `uint`. + */ + FunctionInput getTargetBitSizeInput() { none() } + } +} + /** * Provides classes for some functions in the `strconv` package for * converting strings to numbers. */ module StrConv { - /** A function that parses integers. */ - class Atoi extends Function { + /** The `Atoi` function. */ + class Atoi extends IntegerParser::Range { Atoi() { this.hasQualifiedName("strconv", "Atoi") } + + override int getTargetBitSize() { result = 0 } } - /** A function that parses floating-point numbers. */ - class ParseFloat extends Function { - ParseFloat() { this.hasQualifiedName("strconv", "ParseFloat") } - } - - /** A function that parses integers with a specifiable bit size. */ - class ParseInt extends Function { + /** The `ParseInt` function. */ + class ParseInt extends IntegerParser::Range { ParseInt() { this.hasQualifiedName("strconv", "ParseInt") } + + override FunctionInput getTargetBitSizeInput() { result.isParameter(2) } } - /** A function that parses unsigned integers with a specifiable bit size. */ - class ParseUint extends Function { + /** The `ParseUint` function. */ + class ParseUint extends IntegerParser::Range { ParseUint() { this.hasQualifiedName("strconv", "ParseUint") } + + override FunctionInput getTargetBitSizeInput() { result.isParameter(2) } } /** - * A constant that gives the size in bits of an `int` or `uint` - * value on the current architecture (32 or 64). + * The `IntSize` constant, that gives the size in bits of an `int` or + * `uint` value on the current architecture (32 or 64). */ class IntSize extends DeclaredConstant { IntSize() { this.hasQualifiedName("strconv", "IntSize") } } } -/** Provides a class for modeling calls to number-parsing functions. */ -module ParserCall { - /** A data-flow call node that parses a number. */ - abstract class Range extends DataFlow::CallNode { - /** Gets the bit size of the type of the result number. */ - abstract int getTargetBitSize(); - - /** Holds if the type of the result number is signed. */ - abstract predicate targetIsSigned(); - - /** Gets the name of the parser function. */ - abstract string getParserName(); - } -} - -/** A call to a number-parsing function. */ -class ParserCall extends DataFlow::CallNode { - ParserCall::Range self; - - ParserCall() { this = self } - - /** Gets the bit size of the type of the result number. */ - int getTargetBitSize() { result = self.getTargetBitSize() } - - /** Holds if the type of the result number is signed. */ - predicate targetIsSigned() { self.targetIsSigned() } - - /** Gets the name of the parser function. */ - string getParserName() { result = self.getParserName() } - - /** Gets a string describing the size of the integer parsed. */ - string getBitSizeString() { - if getTargetBitSize() != 0 - then result = "a " + getTargetBitSize() + "-bit integer" - else result = "an integer with architecture-dependent bit-width" - } -} - -/** A call to `strconv.Atoi`. */ -class AtoiCall extends DataFlow::CallNode, ParserCall::Range { - AtoiCall() { exists(StrConv::Atoi atoi | this = atoi.getACall()) } - - override int getTargetBitSize() { result = 0 } - - override predicate targetIsSigned() { any() } - - override string getParserName() { result = "strconv.Atoi" } -} - -/** A call to `strconv.ParseInt`. */ -class ParseIntCall extends DataFlow::CallNode, ParserCall::Range { - ParseIntCall() { exists(StrConv::ParseInt parseInt | this = parseInt.getACall()) } - - override int getTargetBitSize() { - if exists(StrConv::IntSize intSize | this.getArgument(2).(DataFlow::ReadNode).reads(intSize)) - then result = 0 - else result = this.getArgument(2).getIntValue() - } - - override predicate targetIsSigned() { any() } - - override string getParserName() { result = "strconv.ParseInt" } -} - -/** A call to `strconv.ParseUint`. */ -class ParseUintCall extends DataFlow::CallNode, ParserCall::Range { - ParseUintCall() { exists(StrConv::ParseUint parseUint | this = parseUint.getACall()) } - - override int getTargetBitSize() { - if exists(StrConv::IntSize intSize | this.getArgument(2).(DataFlow::ReadNode).reads(intSize)) - then result = 0 - else result = this.getArgument(2).getIntValue() - } - - override predicate targetIsSigned() { none() } - - override string getParserName() { result = "strconv.ParseUint" } -} - /** Provides models of commonly used functions in the `strings` package. */ module Strings { /** The `Join` function. */ diff --git a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected index 8eaad5f4c9e..b73a4f419b1 100644 --- a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected +++ b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected @@ -140,7 +140,7 @@ nodes | IncorrectIntegerConversion.go:313:2:313:47 | ... := ...[0] : int64 | semmle.label | ... := ...[0] : int64 | | IncorrectIntegerConversion.go:317:7:317:19 | type conversion | semmle.label | type conversion | #select -| IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] | IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectIntegerConversion.go:35:41:35:50 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int32 without an upper bound check. | +| IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] | IncorrectIntegerConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectIntegerConversion.go:35:41:35:50 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type int32 without an upper bound check. | | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:69:7:69:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type int8 without an upper bound check. | | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] | IncorrectIntegerConversion.go:65:3:65:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:70:7:70:19 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. | | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] | IncorrectIntegerConversion.go:81:3:81:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:85:7:85:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int8 without an upper bound check. | @@ -155,12 +155,12 @@ nodes | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:106:7:106:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint32 without an upper bound check. | | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:109:7:109:17 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type int without an upper bound check. | | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] | IncorrectIntegerConversion.go:97:3:97:49 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:110:7:110:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseInt to a lower bit size type uint without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:117:7:117:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int8 without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:118:7:118:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:119:7:119:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int16 without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:120:7:120:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint16 without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:121:7:121:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type int32 without an upper bound check. | -| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:122:7:122:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseInt to a lower bit size type uint32 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:117:7:117:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type int8 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:118:7:118:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:119:7:119:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type int16 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:120:7:120:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type uint16 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:121:7:121:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type int32 without an upper bound check. | +| IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] | IncorrectIntegerConversion.go:113:3:113:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:122:7:122:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseInt to a lower bit size type uint32 without an upper bound check. | | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:152:7:152:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseUint to a lower bit size type int8 without an upper bound check. | | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] | IncorrectIntegerConversion.go:148:3:148:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:153:7:153:19 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. | | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] | IncorrectIntegerConversion.go:164:3:164:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:168:7:168:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type int8 without an upper bound check. | @@ -175,21 +175,21 @@ nodes | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:189:7:189:20 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint32 without an upper bound check. | | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:192:7:192:17 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type int without an upper bound check. | | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] | IncorrectIntegerConversion.go:180:3:180:50 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:193:7:193:18 | type conversion | Incorrect conversion of a 64-bit integer from strconv.ParseUint to a lower bit size type uint without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:200:7:200:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int8 without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:201:7:201:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:202:7:202:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int16 without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:203:7:203:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:204:7:204:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type int32 without an upper bound check. | -| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:205:7:205:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.ParseUint to a lower bit size type uint32 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:218:6:218:17 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int8 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:219:6:219:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint8 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:220:6:220:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int16 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:221:6:221:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint16 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:222:6:222:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int32 without an upper bound check. | -| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:223:6:223:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type uint32 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:200:7:200:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type int8 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:201:7:201:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:202:7:202:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type int16 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:203:7:203:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:204:7:204:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type int32 without an upper bound check. | +| IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] | IncorrectIntegerConversion.go:196:3:196:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:205:7:205:20 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.ParseUint to a lower bit size type uint32 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:218:6:218:17 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type int8 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:219:6:219:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type uint8 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:220:6:220:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type int16 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:221:6:221:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type uint16 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:222:6:222:18 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type int32 without an upper bound check. | +| IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] | IncorrectIntegerConversion.go:214:2:214:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:223:6:223:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type uint32 without an upper bound check. | | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:240:7:240:18 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. | | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] | IncorrectIntegerConversion.go:235:3:235:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:241:7:241:23 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseInt to a lower bit size type int16 without an upper bound check. | -| IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] | IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:261:8:261:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit-width from strconv.Atoi to a lower bit size type int8 without an upper bound check. | +| IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] | IncorrectIntegerConversion.go:247:3:247:36 | ... := ...[0] : int | IncorrectIntegerConversion.go:261:8:261:19 | type conversion | Incorrect conversion of an integer with architecture-dependent bit size from strconv.Atoi to a lower bit size type int8 without an upper bound check. | | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:282:8:282:21 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint16 without an upper bound check. | | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] | IncorrectIntegerConversion.go:268:3:268:49 | ... := ...[0] : uint64 | IncorrectIntegerConversion.go:287:7:287:19 | type conversion | Incorrect conversion of a 32-bit integer from strconv.ParseUint to a lower bit size type uint8 without an upper bound check. | | IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] | IncorrectIntegerConversion.go:303:3:303:48 | ... := ...[0] : int64 | IncorrectIntegerConversion.go:307:7:307:18 | type conversion | Incorrect conversion of a 16-bit integer from strconv.ParseInt to a lower bit size type uint8 without an upper bound check. |