Skip to content

Commit a8eeef6

Browse files
authored
Merge pull request #718 from owen-mc/fix-incorrect-integer-conversion-for-type-assertions
Integer conversion should ignore type assertions
2 parents b953fe3 + f9f21e9 commit a8eeef6

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
110110
* a common pattern to serialise `byte(v)`, `byte(v >> 8)`, and so on.
111111
*/
112112
predicate isSink(DataFlow::TypeCastNode sink, int bitSize) {
113+
sink.asExpr() instanceof ConversionExpr and
113114
exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
114115
bitSize = integerType.getSize()
115116
or

ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -409,3 +409,13 @@ func parsePositiveInt2(value string) (int, error) {
409409
}
410410
return int(i64), nil
411411
}
412+
413+
func typeAssertion(s string) {
414+
n, err := strconv.ParseInt(s, 10, 0)
415+
if err == nil {
416+
var itf interface{} = n
417+
i32 := itf.(int32)
418+
println(i32)
419+
}
420+
421+
}

0 commit comments

Comments
 (0)