Investigate CWE-369, Divide by Zero #988
Description
When trying to demonstrate a compliant solution for CWE-369, we ran into a lot of questions on how to handle this.
When performing division or remainder calculations on integers in Python, a ZeroDivisionError can occur if the divisor is zero. To prevent this, the divisor should be checked to ensure it is not zero before proceeding, or handle the ZeroDivisionError exception if the divisor is zero. This rule only applies to integers, not floating-point numbers. In floating-point arithmetic, dividing a positive non-zero value by zero yields positive infinity, while dividing a negative non-zero value by zero produces negative infinity. However, attempting to divide zero by zero leads to a ZeroDivisionError, as the outcome is undefined.
'Decimal' is used in division calculations, as it ensures the accuracy of the math, and it also prevents float overflow from occurring.
Emax and Emin are the upper and lower bounds of the Decimal class. Overflow can occur in decimal calculation if the calculated number is above or below the Emax or Emin. The default precision of decimal numbers is 28. So all integers up to 999999999999999999999999999999 (28 nines) can be represented exactly, and higher numbers might be rounded.
We have this potentially compliant code example:
Which tries to include error handling for division by zero and potential overflow errors:
""" Compliant Code Example """
from decimal import Decimal, ROUND_HALF_UP, Overflow
def divide(first_number: int, second_number: int):
'''Function to divide 2 numbers'''
if second_number == 0:
raise ZeroDivisionError("TODO: implement zero division error handling here")
# This operation may cause an overflow due to a large exponent
try:
result = Decimal(first_number / second_number)
except Overflow as e:
raise Overflow("TODO: implement overflow error handling here") from e
rounded_result = Decimal(result).quantize(Decimal("0.01"), rounding=ROUND_HALF_UP)
# Rounding result to 2 decimal place
return rounded_result
#####################
# Trying to exploit above code example
#####################
for number in (10, 41, 200, -10, 0):
# Dividing 100 by each number 10, 41, 200, -10, and 0 separately.
print("-" * 20 + f"divide by {number}" + "-" * 20 + "\n")
print(f"100 / {number} = ", end="")
print(divide(100, number))However, after more thought and discussion with the python community on this issue, perhaps since dividing two integers already raises ZeroDivisionError. You don’t need to check if the divisor is zero and raise ZeroDivisionError because it happens automatically.
Hence the only risk may come from using ctypes... in which case the following compliant solutions a possibilities:
Maybe there could just be numerous examples of compliant solutions:
- running the code in a safe environment that raises a divide by zero exception, and handles exceptions gracefully.
- user input checking.
- a Maybe Monad.
- return float('nan') (or requiring zeros to be signed and returning + or - float('inf') accordingly)
- intrinsically non-zero denominators, e.g. len(...) + 1.
- converting the numerator and denominator to a class T on which T(1)/T(0) is valid, (e.g. the Projectively Extended Real Line).
Full discussion with python.org can be seen here:
https://discuss.python.org/t/is-this-a-compliant-solution-for-cwe-369/86953/8