Add more test cases: add negative cases

2026-04-30 11:15:13 +02:00 · 2020-04-07 21:39:06 +03:00
parent d713087364
commit c9c7e6c0a9
2 changed files with 113 additions and 36 deletions
--- a/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected
+++ b/ql/test/experimental/CWE-681/IncorrectNumericConversion.expected
@@ -10,15 +10,15 @@ edges
 | IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:110:7:110:19 | type conversion |
 | IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:117:7:117:19 | type conversion |
 | IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:124:7:124:19 | type conversion |
-| IncorrectNumericConversion.go:131:3:131:36 | ... := ...[0] : int | IncorrectNumericConversion.go:135:7:135:18 | type conversion |
-| IncorrectNumericConversion.go:138:3:138:36 | ... := ...[0] : int | IncorrectNumericConversion.go:142:7:142:19 | type conversion |
-| IncorrectNumericConversion.go:145:3:145:36 | ... := ...[0] : int | IncorrectNumericConversion.go:149:7:149:19 | type conversion |
-| IncorrectNumericConversion.go:152:3:152:36 | ... := ...[0] : int | IncorrectNumericConversion.go:156:7:156:19 | type conversion |
-| IncorrectNumericConversion.go:159:3:159:36 | ... := ...[0] : int | IncorrectNumericConversion.go:163:7:163:20 | type conversion |
-| IncorrectNumericConversion.go:166:3:166:36 | ... := ...[0] : int | IncorrectNumericConversion.go:170:7:170:20 | type conversion |
-| IncorrectNumericConversion.go:173:3:173:36 | ... := ...[0] : int | IncorrectNumericConversion.go:177:7:177:21 | type conversion |
-| IncorrectNumericConversion.go:180:3:180:36 | ... := ...[0] : int | IncorrectNumericConversion.go:185:7:185:18 | type conversion |
-| IncorrectNumericConversion.go:189:3:189:36 | ... := ...[0] : int | IncorrectNumericConversion.go:193:7:193:23 | type conversion |
+| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:212:7:212:18 | type conversion |
+| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:219:7:219:19 | type conversion |
+| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:226:7:226:19 | type conversion |
+| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:233:7:233:19 | type conversion |
+| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:240:7:240:20 | type conversion |
+| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:247:7:247:20 | type conversion |
+| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:254:7:254:21 | type conversion |
+| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:262:7:262:18 | type conversion |
+| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:270:7:270:23 | type conversion |
 nodes
 | IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
 | IncorrectNumericConversion.go:35:41:35:50 | type conversion | semmle.label | type conversion |
@@ -42,24 +42,24 @@ nodes
 | IncorrectNumericConversion.go:117:7:117:19 | type conversion | semmle.label | type conversion |
 | IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | semmle.label | ... := ...[0] : uint64 |
 | IncorrectNumericConversion.go:124:7:124:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:131:3:131:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:135:7:135:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:138:3:138:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:142:7:142:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:145:3:145:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:149:7:149:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:152:3:152:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:156:7:156:19 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:159:3:159:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:163:7:163:20 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:166:3:166:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:170:7:170:20 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:173:3:173:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:177:7:177:21 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:180:3:180:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:185:7:185:18 | type conversion | semmle.label | type conversion |
-| IncorrectNumericConversion.go:189:3:189:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
-| IncorrectNumericConversion.go:193:7:193:23 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:212:7:212:18 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:219:7:219:19 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:226:7:226:19 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:233:7:233:19 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:240:7:240:20 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:247:7:247:20 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:254:7:254:21 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:262:7:262:18 | type conversion | semmle.label | type conversion |
+| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | semmle.label | ... := ...[0] : int |
+| IncorrectNumericConversion.go:270:7:270:23 | type conversion | semmle.label | type conversion |
 #select
 | IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectNumericConversion.go:26:2:26:28 | ... := ...[0] : int | IncorrectNumericConversion.go:35:41:35:50 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int32 |
 | IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:53:3:53:47 | ... := ...[0] : float64 | IncorrectNumericConversion.go:57:7:57:19 | type conversion | Incorrect type conversion of float64 from strconv.ParseFloat result to a lower bit size type int16 |
@@ -72,12 +72,12 @@ nodes
 | IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:106:3:106:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:110:7:110:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int16 |
 | IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:113:3:113:50 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:117:7:117:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int32 |
 | IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:120:3:120:49 | ... := ...[0] : uint64 | IncorrectNumericConversion.go:124:7:124:19 | type conversion | Incorrect type conversion of uint64 from strconv.ParseUint result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:131:3:131:36 | ... := ...[0] : int | IncorrectNumericConversion.go:131:3:131:36 | ... := ...[0] : int | IncorrectNumericConversion.go:135:7:135:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int8 |
-| IncorrectNumericConversion.go:138:3:138:36 | ... := ...[0] : int | IncorrectNumericConversion.go:138:3:138:36 | ... := ...[0] : int | IncorrectNumericConversion.go:142:7:142:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
-| IncorrectNumericConversion.go:145:3:145:36 | ... := ...[0] : int | IncorrectNumericConversion.go:145:3:145:36 | ... := ...[0] : int | IncorrectNumericConversion.go:149:7:149:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int32 |
-| IncorrectNumericConversion.go:152:3:152:36 | ... := ...[0] : int | IncorrectNumericConversion.go:152:3:152:36 | ... := ...[0] : int | IncorrectNumericConversion.go:156:7:156:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
-| IncorrectNumericConversion.go:159:3:159:36 | ... := ...[0] : int | IncorrectNumericConversion.go:159:3:159:36 | ... := ...[0] : int | IncorrectNumericConversion.go:163:7:163:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint16 |
-| IncorrectNumericConversion.go:166:3:166:36 | ... := ...[0] : int | IncorrectNumericConversion.go:166:3:166:36 | ... := ...[0] : int | IncorrectNumericConversion.go:170:7:170:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint32 |
-| IncorrectNumericConversion.go:173:3:173:36 | ... := ...[0] : int | IncorrectNumericConversion.go:173:3:173:36 | ... := ...[0] : int | IncorrectNumericConversion.go:177:7:177:21 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type float32 |
-| IncorrectNumericConversion.go:180:3:180:36 | ... := ...[0] : int | IncorrectNumericConversion.go:180:3:180:36 | ... := ...[0] : int | IncorrectNumericConversion.go:185:7:185:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
-| IncorrectNumericConversion.go:189:3:189:36 | ... := ...[0] : int | IncorrectNumericConversion.go:189:3:189:36 | ... := ...[0] : int | IncorrectNumericConversion.go:193:7:193:23 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:208:3:208:36 | ... := ...[0] : int | IncorrectNumericConversion.go:212:7:212:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int8 |
+| IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:215:3:215:36 | ... := ...[0] : int | IncorrectNumericConversion.go:219:7:219:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
+| IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:222:3:222:36 | ... := ...[0] : int | IncorrectNumericConversion.go:226:7:226:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int32 |
+| IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:229:3:229:36 | ... := ...[0] : int | IncorrectNumericConversion.go:233:7:233:19 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
+| IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:236:3:236:36 | ... := ...[0] : int | IncorrectNumericConversion.go:240:7:240:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint16 |
+| IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:243:3:243:36 | ... := ...[0] : int | IncorrectNumericConversion.go:247:7:247:20 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint32 |
+| IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:250:3:250:36 | ... := ...[0] : int | IncorrectNumericConversion.go:254:7:254:21 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type float32 |
+| IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:257:3:257:36 | ... := ...[0] : int | IncorrectNumericConversion.go:262:7:262:18 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type uint8 |
+| IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:266:3:266:36 | ... := ...[0] : int | IncorrectNumericConversion.go:270:7:270:23 | type conversion | Incorrect type conversion of int from strconv.Atoi result to a lower bit size type int16 |
--- a/ql/test/experimental/CWE-681/IncorrectNumericConversion.go
+++ b/ql/test/experimental/CWE-681/IncorrectNumericConversion.go
@@ -125,6 +125,83 @@ func badParseUint() {
 	}
 }

+func goodParseFloat() {
+	{
+		parsed, err := strconv.ParseFloat("1.32", 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = int32(parsed)
+	}
+	{
+		parsed, err := strconv.ParseFloat("1.32", 64)
+		if err != nil {
+			panic(err)
+		}
+		_ = int64(parsed)
+	}
+}
+func goodParseInt() {
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 16)
+		if err != nil {
+			panic(err)
+		}
+		_ = int16(parsed)
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = int32(parsed)
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 64)
+		if err != nil {
+			panic(err)
+		}
+		_ = int64(parsed)
+	}
+	{
+		parsed, err := strconv.ParseInt("3456", 10, 0)
+		if err != nil {
+			panic(err)
+		}
+		_ = int64(parsed)
+	}
+}
+func goodParseUint() {
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 16)
+		if err != nil {
+			panic(err)
+		}
+		_ = int16(parsed)
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 32)
+		if err != nil {
+			panic(err)
+		}
+		_ = int32(parsed)
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 64)
+		if err != nil {
+			panic(err)
+		}
+		_ = int64(parsed)
+	}
+	{
+		parsed, err := strconv.ParseUint("3456", 10, 0)
+		if err != nil {
+			panic(err)
+		}
+		_ = int64(parsed)
+	}
+}
+
 // these should be caught:
 func upperBoundIsNOTChecked(input string) {
 	{