Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix conversion overflow false positives #1189

Merged
merged 1 commit into from
Aug 26, 2024

Conversation

czechbol
Copy link
Contributor

@czechbol czechbol commented Aug 23, 2024

This pull request hopefully fixes the issue of false positives in the overflow analysis whenever bounds checks are performed or the size is already pre-determined.

Disclaimer:
This is my first time contributing to any linter and I don't consider myself being an AST wizard so please be more cautious when reviewing this code.

fixes #1187

@czechbol czechbol force-pushed the feat/int-overflow-bounds-checks branch 2 times, most recently from 7dac408 to 6ab531c Compare August 23, 2024 14:42
…determined

Signed-off-by: czechbol <adamludes@gmail.com>
Copy link
Member

@ccojocar ccojocar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this great contribution!

@ccojocar ccojocar merged commit bcec04e into securego:master Aug 26, 2024
6 checks passed
@codecov-commenter
Copy link

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 77.35849% with 12 lines in your changes missing coverage. Please review.

Project coverage is 67.34%. Comparing base (ab3f6c1) to head (df0206f).
Report is 3 commits behind head on master.

Files Patch % Lines
analyzers/conversion_overflow.go 77.35% 7 Missing and 5 partials ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1189      +/-   ##
==========================================
+ Coverage   67.30%   67.34%   +0.03%     
==========================================
  Files          74       74              
  Lines        3992     4045      +53     
==========================================
+ Hits         2687     2724      +37     
- Misses       1186     1195       +9     
- Partials      119      126       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@czechbol czechbol deleted the feat/int-overflow-bounds-checks branch August 26, 2024 16:29
@ccojocar
Copy link
Member

@czechbol It seems that there some more use cases to handle #1187 (comment). I would be great if you could also check the bounds. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

G115 ignores bounds checks
3 participants