hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Go: convert IncorrectIntegerConversion test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-19 14:02:46 +02:00
parent 76a3306c63
commit cf92b0e91b
11 changed files with 167 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @kind test-postprocess
* @description Remove the query predicates that differ based on 32/64-bit architecture. This should leave behind `invalidModelRowAdd` and `testFailures` in case of test failures.
*/
/**
* The input test results: query predicate `relation` contains `data` at (`row`, `column`).
*/
external private predicate queryResults(string relation, int row, int column, string data);
/** Holds if the test output's query predicate `relation` contains `data` at (`row`, `column`). */
query predicate results(string relation, int row, int column, string data) {
queryResults(relation, row, column, data) and
not relation in ["#select", "nodes", "edges"]
}

2
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected
View File

@@ -1,2 +0,0 @@
invalidModelRow
testFailures

262
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go
View File

@@ -24,7 +24,7 @@ func lookupNumberByName(reg *registry, name string) (int32, error) {
return 567, nil
}
func lab(s string) (*something, error) {
num, err := strconv.Atoi(s)
num, err := strconv.Atoi(s) // $ Source
if err != nil {
number, err := lookupNumberByName(&registry{}, s)
@@ -33,7 +33,7 @@ func lab(s string) (*something, error) {
}
num = int(number)
}
target, err := lookupTarget(&config{}, int32(num)) // $ hasValueFlow="num"
target, err := lookupTarget(&config{}, int32(num)) // $ Alert
if err != nil {
return nil, err
}
@@ -63,12 +63,12 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 16)
parsed, err := strconv.ParseInt("3456", 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed)
_ = uint16(parsed)
_ = int32(parsed)
@@ -79,14 +79,14 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 32)
parsed, err := strconv.ParseInt("3456", 10, 32) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed)
_ = uint32(parsed)
_ = int64(parsed)
@@ -95,32 +95,32 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 64)
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
{
parsed, err := strconv.ParseInt("3456", 10, 0)
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -130,11 +130,11 @@ func testParseInt() {
func testParseUint() {
{
parsed, err := strconv.ParseUint("3456", 10, 8)
parsed, err := strconv.ParseUint("3456", 10, 8) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed)
_ = int16(parsed)
_ = uint16(parsed)
@@ -146,13 +146,13 @@ func testParseUint() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 16)
parsed, err := strconv.ParseUint("3456", 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed)
_ = int32(parsed)
_ = uint32(parsed)
@@ -162,66 +162,66 @@ func testParseUint() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 32)
parsed, err := strconv.ParseUint("3456", 10, 32) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}
func testAtoi() {
parsed, err := strconv.Atoi("3456")
parsed, err := strconv.Atoi("3456") // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -233,19 +233,19 @@ type customInt int16
// these should be caught:
func typeAliases(input string) {
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
// NOTE: byte is uint8
_ = byte(parsed) // $ hasValueFlow="parsed"
_ = customInt(parsed) // $ hasValueFlow="parsed"
_ = byte(parsed) // $ Alert
_ = customInt(parsed) // $ Alert
}
}
func testBoundsChecking(input string) {
{
parsed, err := strconv.Atoi(input)
parsed, err := strconv.Atoi(input) // $ Source
if err != nil {
panic(err)
}
@@ -253,13 +253,13 @@ func testBoundsChecking(input string) {
_ = int8(parsed)
}
if parsed < math.MaxInt8 {
_ = int8(parsed) // $ MISSING: hasValueFlow="parsed" // Not found because we only check for upper bounds
_ = int8(parsed) // $ MISSING: Alert // Not found because we only check for upper bounds
if parsed >= 0 {
_ = int16(parsed)
}
}
if parsed >= math.MinInt8 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
if parsed <= 0 {
_ = int16(parsed)
}
@@ -271,51 +271,51 @@ func testBoundsChecking(input string) {
}
}
{
parsed, err := strconv.ParseUint(input, 10, 0)
parsed, err := strconv.ParseUint(input, 10, 0) // $ Source
if err != nil {
panic(err)
}
if parsed <= math.MaxUint64 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxInt64 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxUint32 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxInt32 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed)
_ = uint32(parsed)
_ = int64(parsed)
@@ -325,25 +325,25 @@ func testBoundsChecking(input string) {
}
}
{
parsed, err := strconv.ParseUint(input, 10, 32)
parsed, err := strconv.ParseUint(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
if parsed <= math.MaxUint16 {
_ = uint16(parsed)
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ Alert
}
if parsed <= 255 {
_ = uint8(parsed)
}
if parsed <= 256 {
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ Alert
}
if err == nil && 1 == 1 && parsed < math.MaxInt8 {
_ = int8(parsed)
}
if parsed > 42 {
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ Alert
}
if parsed >= math.MaxUint8+1 {
return
@@ -389,64 +389,64 @@ func testRightShifted(input string) {
_ = byte(parsed >> 8 & 0xff)
}
{
parsed, err := strconv.ParseInt(input, 10, 16)
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = byte(parsed) // $ hasValueFlow="parsed"
_ = byte(parsed) // $ Alert
_ = byte(parsed << 8)
}
}
func testPathWithMoreThanOneSink(input string) {
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v1 := int16(parsed) // $ hasValueFlow="parsed"
v1 := int16(parsed) // $ Alert
_ = int16(v1)
}
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v := int16(parsed) // $ hasValueFlow="parsed"
v := int16(parsed) // $ Alert
_ = int8(v)
}
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v1 := int32(parsed)
v2 := int16(v1) // $ hasValueFlow="v1"
v2 := int16(v1) // $ Alert
_ = int8(v2)
}
{
parsed, err := strconv.ParseInt(input, 10, 16)
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
if err != nil {
panic(err)
}
v1 := int64(parsed)
v2 := int32(v1)
v3 := int16(v2)
_ = int8(v3) // $ hasValueFlow="v3"
_ = int8(v3) // $ Alert
}
}
func testUsingStrConvIntSize(input string) {
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize)
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -490,7 +490,7 @@ func dealWithArchSizeCorrectly(s string) uint {
}
func typeSwitch1(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
switch v := input.(type) {
case int16, string:
@@ -498,19 +498,19 @@ func typeSwitch1(s string) {
return
}
_ = int16(v.(int16))
_ = int8(v.(int16)) // $ hasValueFlow="type assertion"
_ = int8(v.(int16)) // $ Alert
case int32:
_ = int32(v)
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
case int64:
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
default:
_ = int8(v.(int64)) // $ hasValueFlow="type assertion"
_ = int8(v.(int64)) // $ Alert
}
}
func typeSwitch2(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
switch input.(type) {
case int16, string:
@@ -518,25 +518,25 @@ func typeSwitch2(s string) {
return
}
_ = int16(input.(int16))
_ = int8(input.(int16)) // $ hasValueFlow="type assertion"
_ = int8(input.(int16)) // $ Alert
case int32:
_ = int32(input.(int32))
_ = int8(input.(int32)) // $ hasValueFlow="type assertion"
_ = int8(input.(int32)) // $ Alert
case int64:
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
_ = int8(input.(int64)) // $ Alert
default:
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
_ = int8(input.(int64)) // $ Alert
}
}
func checkedTypeAssertion(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
if v, ok := input.(int16); ok {
// Need to account for the fact that within this case clause, v is an int16
_ = int16(v)
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
} else if v, ok := input.(int32); ok {
_ = int16(v) // $ hasValueFlow="v"
_ = int16(v) // $ Alert
}
}

20
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.ql
View File

@@ -1,20 +0,0 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import utils.test.InlineExpectationsTest
import semmle.go.security.IncorrectIntegerConversionLib
module TestIncorrectIntegerConversion implements TestSig {
string getARelevantTag() { result = "hasValueFlow" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasValueFlow" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = "\"" + sink.toString() + "\""
)
}
}
import MakeTest<TestIncorrectIntegerConversion>

5
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref Normal file
View File

@@ -0,0 +1,5 @@
query: Security/CWE-681/IncorrectIntegerConversionQuery.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
- ./FilterTestResults.ql

4
go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go
View File

@@ -16,11 +16,11 @@ func testIntSource386() {
_ = uint32(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
}
{

4
go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go
View File

@@ -19,11 +19,11 @@ func testIntSource32() {
_ = uint32(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
}
{

4
go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go
View File

@@ -16,11 +16,11 @@ func testIntSinkAmd64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}

4
go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go
View File

@@ -19,11 +19,11 @@ func testIntSink64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}

12
go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go
View File

@@ -9,19 +9,19 @@ import (
func testIntSizeIsArchicturallyDependent1() {
{
parsed, err := strconv.ParseInt("3456", 10, 0)
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
}
{
parsed, err := strconv.ParseInt("3456", 10, 64)
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
}

4
go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go
View File

@@ -20,11 +20,11 @@ func oldTestIntSink64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}