Redundant check for negative value¶
ID: go/negative-length-check
Kind: problem
Security severity:
Severity: warning
Precision: very-high
Tags:
- correctness
Query suites:
- go-security-and-quality.qls
Click to see the query in the CodeQL repository
The built-in len function returns the length of an array, slice or similar, which is never less than zero. Hence, checking whether the result of a call to len is negative is either redundant or indicates a logic mistake.
The same applies to the built-in function cap, and to unsigned integer values.
Recommendation¶
Examine the length check to see whether it is redundant and can be removed, or a mistake that should be fixed.
Example¶
The example below shows a function that returns the first element of an array, triggering a panic if the array is empty:
package main
func getFirst(xs []int) int {
if len(xs) < 0 {
panic("No elements provided")
}
return xs[0]
}
However, the emptiness check is ineffective: since len(xs) is never less than zero, the condition will never hold and no panic will be triggered. Instead, the index expression xs[0] will cause a panic.
The check should be rewritten like this:
package main
func getFirstGood(xs []int) int {
if len(xs) == 0 {
panic("No elements provided")
}
return xs[0]
}