Merge pull request #718 from owen-mc/fix-incorrect-integer-conversion-for-type-assertions

smowton · web-flow · commit a8eeef6ef8f9 · 2022-04-12T12:44:43.000+01:00
Integer conversion should ignore type assertions
diff --git a/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -110,6 +110,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
    * a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on.
    */
   predicate isSink(DataFlow::TypeCastNode sink, int bitSize) {
+    sink.asExpr() instanceof ConversionExpr and
     exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
       bitSize = integerType.getSize()
       or
diff --git a/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go b/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go
@@ -409,3 +409,13 @@ func parsePositiveInt2(value string) (int, error) {
 	}
 	return int(i64), nil
 }
+
+func typeAssertion(s string) {
+	n, err := strconv.ParseInt(s, 10, 0)
+	if err == nil {
+		var itf interface{} = n
+		i32 := itf.(int32)
+		println(i32)
+	}
+
+}

Original file line number	Diff line number	Diff line change
`@@ -409,3 +409,13 @@ func parsePositiveInt2(value string) (int, error) {`
`409`	`409`	`}`
`410`	`410`	`return int(i64), nil`
`411`	`411`	`}`
	`412`	`+`
	`413`	`+func typeAssertion(s string) {`
	`414`	`+ n, err := strconv.ParseInt(s, 10, 0)`
	`415`	`+ if err == nil {`
	`416`	`+ var itf interface{} = n`
	`417`	`+ i32 := itf.(int32)`
	`418`	`+ println(i32)`
	`419`	`+ }`
	`420`	`+`
	`421`	`+}`