mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Resolve underlying type to detect overflows in type aliases
This commit is contained in:
parent
4487a0c5a2
commit
08b94f9392
2 changed files with 38 additions and 2 deletions
|
@ -47,8 +47,8 @@ func runConversionOverflow(pass *analysis.Pass) (interface{}, error) {
|
||||||
for _, instr := range block.Instrs {
|
for _, instr := range block.Instrs {
|
||||||
switch instr := instr.(type) {
|
switch instr := instr.(type) {
|
||||||
case *ssa.Convert:
|
case *ssa.Convert:
|
||||||
src := instr.X.Type().String()
|
src := instr.X.Type().Underlying().String()
|
||||||
dst := instr.Type().String()
|
dst := instr.Type().Underlying().String()
|
||||||
if isIntOverflow(src, dst) {
|
if isIntOverflow(src, dst) {
|
||||||
issue := newIssue(pass.Analyzer.Name,
|
issue := newIssue(pass.Analyzer.Name,
|
||||||
fmt.Sprintf("integer overflow conversion %s -> %s", src, dst),
|
fmt.Sprintf("integer overflow conversion %s -> %s", src, dst),
|
||||||
|
|
|
@ -154,4 +154,40 @@ func ExampleFunction() {
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
}, 0, gosec.NewConfig()},
|
}, 0, gosec.NewConfig()},
|
||||||
|
{[]string{
|
||||||
|
`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"math"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Uint uint
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
var a uint8 = math.MaxUint8
|
||||||
|
b := Uint(a)
|
||||||
|
fmt.Println(b)
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
}, 0, gosec.NewConfig()},
|
||||||
|
{[]string{
|
||||||
|
`
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"math"
|
||||||
|
)
|
||||||
|
|
||||||
|
type CustomType int
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
var a uint = math.MaxUint
|
||||||
|
b := CustomType(a)
|
||||||
|
fmt.Println(b)
|
||||||
|
}
|
||||||
|
`,
|
||||||
|
}, 1, gosec.NewConfig()},
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue