gosec
gosec copied to clipboard
Published
20 hours ago •
cosmos
cosmos
rules/sdk: G701 IntegerCast invalid warnings casting int to int64
I've just seen this report for G701 for code already in the rules themselbves
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:39] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
38: issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
> 39: ", Severity: " + strconv.Itoa(int(issue.Severity)) +
40: ", CWE: " + issue.Cwe.ID + ")\n" + "> " + htmlLib.EscapeString(issue.Code)
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/output/junit_xml_format.go:38] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
37: "[" + issue.File + ":" + issue.Line + "] - " +
> 38: issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
39: ", Severity: " + strconv.Itoa(int(issue.Severity)) +
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:77] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
76: if err != nil {
> 77: return int64(len(data)), err
78: }
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:69] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
68: c.convertGlobals()
> 69: return int64(len(data)), nil
70: }
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:66] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
65: if err = json.Unmarshal(data, &c); err != nil {
> 66: return int64(len(data)), err
67: }
[/Users/emmanuelodeke/go/src/github.com/informalsystems/gosec/config.go:63] - G701 (CWE-): Potential integer overflow by integer type conversion (Confidence: MEDIUM, Severity: HIGH)
62: if err != nil {
> 63: return int64(len(data)), err
64: }
notice the int64 cast from int. There isn't a way that a positive int(32, 64) can overflow when turned into an int64. As long as both are signed and the resultant is larger or equal to the source. Same for negative int(32, 64), no way that casting to an int64 can turn into anything else.
