Improvement the int conversion overflow logic to handle bound checks (#1194)

* add test cases Signed-off-by: czechbol <adamludes@gmail.com> * fix bounds check logic Signed-off-by: czechbol <adamludes@gmail.com> * tweak test cases Signed-off-by: czechbol <adamludes@gmail.com> * fix codestyle Signed-off-by: czechbol <adamludes@gmail.com> * improve bounds check logic Signed-off-by: czechbol <adamludes@gmail.com> * max recursion depth Signed-off-by: czechbol <adamludes@gmail.com> * add test case for len function Signed-off-by: czechbol <adamludes@gmail.com> * relax len function bounds checks Co-authored-by: Ben Krieger <ben.krieger@intel.com> * handle cases when convert instruction is after the if blocks Signed-off-by: czechbol <adamludes@gmail.com> * improve range check discovery, add tests Signed-off-by: czechbol <adamludes@gmail.com> * refactor for readability Signed-off-by: czechbol <adamludes@gmail.com> * add cap function test Signed-off-by: czechbol <adamludes@gmail.com> * calculate signed min without throwing overflow warnings Signed-off-by: czechbol <adamludes@gmail.com> * perform bounds checks int size calculations Signed-off-by: czechbol <adamludes@gmail.com> * basic equal operator logic Signed-off-by: czechbol <adamludes@gmail.com> * uintptr -> unsafe.Pointer test case Signed-off-by: czechbol <adamludes@gmail.com> * fix review comments Signed-off-by: czechbol <adamludes@gmail.com> * Rebase and fix go module Change-Id: I8da6495eaaf25b1739389aa98492bd7df338085b Signed-off-by: Cosmin Cojocar <ccojocar@google.com> * fix false positive for negated value Signed-off-by: czechbol <adamludes@gmail.com> * fix range conditions Signed-off-by: czechbol <adamludes@gmail.com> * Ignore the golangci/gosec G115 warning Change-Id: I0db56cb0a5f9ab6e815e2480ec0b66d7061b23d3 Signed-off-by: Cosmin Cojocar <ccojocar@google.com> --------- Signed-off-by: czechbol <adamludes@gmail.com> Signed-off-by: Cosmin Cojocar <ccojocar@google.com> Co-authored-by: Ben Krieger <ben.krieger@intel.com> Co-authored-by: Cosmin Cojocar <ccojocar@google.com>
2025-07-05 00:29:02 +02:00 · 2024-09-04 16:09:54 +02:00
parent ea5b2766bb
commit eaedce9a8b
5 changed files with 838 additions and 71 deletions
--- a/testutils/g115_samples.go
+++ b/testutils/g115_samples.go
@ -287,10 +287,54 @@ package main
 import (
        "fmt"
        "math"
+        "math/rand"
 )

 func main() {
-        var a int64 = 13
+        a := rand.Int63()
+        if a < math.MinInt32 {
+            panic("out of range")
+        }
+        if a > math.MaxInt32 {
+            panic("out of range")
+        }
+        b := int32(a)
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a < math.MinInt32 && a > math.MaxInt32 {
+            panic("out of range")
+        }
+        b := int32(a)
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 1, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
        if a < math.MinInt32 || a > math.MaxInt32 {
            panic("out of range")
        }
@ -330,7 +374,7 @@ import (

 func main() {
        var a int32 = math.MaxInt32
-        if a < math.MinInt32 || a > math.MaxInt32 {
+        if a < math.MinInt32 && a > math.MaxInt32 {
            panic("out of range")
        }
        var b int64 = int64(a) * 2
@ -390,4 +434,286 @@ func main() {
 }
 	`,
 	}, 1, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a < 0 {
+            panic("out of range")
+        }
+        if a > math.MaxUint32 {
+            panic("out of range")
+        }
+        b := uint32(a)
+        fmt.Printf("%d\n", b)
+}
+`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a < 0 {
+            panic("out of range")
+        }
+        b := uint32(a)
+        fmt.Printf("%d\n", b)
+}
+`,
+	}, 1, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "math"
+)
+
+func foo(x int) uint32 {
+        if x < 0 {
+            return 0
+        }
+        if x > math.MaxUint32 {
+            return math.MaxUint32
+        }
+        return uint32(x)
+}
+`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "math"
+)
+
+func foo(items []string) uint32 {
+        x := len(items)
+        if x > math.MaxUint32 {
+            return math.MaxUint32
+        }
+        return uint32(x)
+}
+`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "math"
+)
+
+func foo(items []string) uint32 {
+        x := cap(items)
+        if x > math.MaxUint32 {
+            return math.MaxUint32
+        }
+        return uint32(x)
+}
+`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "math"
+)
+
+func foo(items []string) uint32 {
+        x := len(items)
+        if x < math.MaxUint32 {
+            return uint32(x)
+        }
+        return math.MaxUint32
+}
+`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a >= math.MinInt32 && a <= math.MaxInt32 {
+            b := int32(a)
+            fmt.Printf("%d\n", b)
+        }
+        panic("out of range")
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a >= math.MinInt32 && a <= math.MaxInt32 {
+            b := int32(a)
+            fmt.Printf("%d\n", b)
+        }
+        panic("out of range")
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if !(a >= math.MinInt32) && a > math.MaxInt32 {
+            b := int32(a)
+            fmt.Printf("%d\n", b)
+        }
+        panic("out of range")
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if !(a >= math.MinInt32) || a > math.MaxInt32 {
+            panic("out of range")
+        }
+        b := int32(a)
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if math.MinInt32 <= a && math.MaxInt32 >= a {
+            b := int32(a)
+            fmt.Printf("%d\n", b)
+        }
+        panic("out of range")
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a == 3 || a == 4 {
+            b := int32(a)
+            fmt.Printf("%d\n", b)
+        }
+        panic("out of range")
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+        "fmt"
+        "math/rand"
+)
+
+func main() {
+        a := rand.Int63()
+        if a != 3 || a != 4 {
+            panic("out of range")
+        }
+        b := int32(a)
+        fmt.Printf("%d\n", b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import "unsafe"
+
+func main() {
+	i := uintptr(123)
+	p := unsafe.Pointer(i)
+	_ = p
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+        package main
+
+        import (
+            "fmt"
+            "math/rand"
+        )
+
+        func main() {
+            a := rand.Int63()
+            if a >= 0 {
+                panic("no positivity allowed")
+            }
+            b := uint64(-a)
+            fmt.Printf("%d\n", b)
+        }
+            `,
+	}, 0, gosec.NewConfig()},
 }