Fix false positive in conversion overflow check from uint8/int8 type

Change-Id: I543545e22fa12de0d85dcf92664a0a54e8f7244a Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
2024-11-05 11:35:51 +00:00 · 2024-08-22 07:41:27 +00:00 · 2024-08-22 07:41:27 +00:00 · ab3f6c1c83
commit ab3f6c1c83
parent a39ec5a16b
2 changed files with 31 additions and 1 deletions
--- a/analyzers/conversion_overflow.go
+++ b/analyzers/conversion_overflow.go
@ -76,7 +76,7 @@ type integer struct {
 }

 func parseIntType(intType string) (integer, error) {
-	re := regexp.MustCompile(`(?P<type>u?int)(?P<size>\d{2})?`)
+	re := regexp.MustCompile(`(?P<type>u?int)(?P<size>\d{1,2})?`)
 	matches := re.FindStringSubmatch(intType)
 	if matches == nil {
 		return integer{}, fmt.Errorf("no integer type match found for %s", intType)
--- a/testutils/g115_samples.go
+++ b/testutils/g115_samples.go
@ -235,4 +235,34 @@ func main() {
 }
 	`,
 	}, 1, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+)
+
+func main() {
+        a := "A\xFF"
+        b := int64(a[0])
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+)
+
+func main() {
+        var a uint8 = 13
+        b := int(a)
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
 }