From 08b94f9392935d370dfa208af1c526477865cdf6 Mon Sep 17 00:00:00 2001 From: Alex Gartner Date: Tue, 16 Jul 2024 09:12:16 -0700 Subject: [PATCH] Resolve underlying type to detect overflows in type aliases --- analyzers/conversion_overflow.go | 4 ++-- testutils/g115_samples.go | 36 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/analyzers/conversion_overflow.go b/analyzers/conversion_overflow.go index c3a4f3a..11cfaf5 100644 --- a/analyzers/conversion_overflow.go +++ b/analyzers/conversion_overflow.go @@ -47,8 +47,8 @@ func runConversionOverflow(pass *analysis.Pass) (interface{}, error) { for _, instr := range block.Instrs { switch instr := instr.(type) { case *ssa.Convert: - src := instr.X.Type().String() - dst := instr.Type().String() + src := instr.X.Type().Underlying().String() + dst := instr.Type().Underlying().String() if isIntOverflow(src, dst) { issue := newIssue(pass.Analyzer.Name, fmt.Sprintf("integer overflow conversion %s -> %s", src, dst), diff --git a/testutils/g115_samples.go b/testutils/g115_samples.go index 12c5574..0f33b26 100644 --- a/testutils/g115_samples.go +++ b/testutils/g115_samples.go @@ -154,4 +154,40 @@ func ExampleFunction() { } `, }, 0, gosec.NewConfig()}, + {[]string{ + ` +package main + +import ( + "fmt" + "math" +) + +type Uint uint + +func main() { + var a uint8 = math.MaxUint8 + b := Uint(a) + fmt.Println(b) +} + `, + }, 0, gosec.NewConfig()}, + {[]string{ + ` +package main + +import ( + "fmt" + "math" +) + +type CustomType int + +func main() { + var a uint = math.MaxUint + b := CustomType(a) + fmt.Println(b) +} + `, + }, 1, gosec.NewConfig()}, }