CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module IncorrectIntegerConversionLib

Import path

import semmle.go.security.IncorrectIntegerConversionLib

Imports

go

Provides classes for working with Go programs.

Predicates

describeBitSize

Gets a string describing the size of the integer parsed.

describeBitSize2

Gets a string describing the size of the integer parsed.

getIntTypeBitSize

Get the size of int or uint in file, or architectureSpecificBitSize if it is architecture-specific.

isSourceWithBitSize

Holds if source is the result of a call to strconv.Atoi, strconv.ParseInt, or strconv.ParseUint, bitSize is the bitSize argument to that call (or 0 for strconv.Atoi) and hence must be between 0 and 64, and isSigned is true for strconv.Atoi, true for strconv.ParseInt and false for strconv.ParseUint.

Classes

ConversionWithoutBoundsCheckConfig

DEPRECATED: use Flow instead.

FlowState

Flow state for ConversionWithoutBoundsCheckConfig.

FlowStateTransformer

A node that blocks some flow states and transforms some others as they flow through it.

TypeAssertionCheck

An expression which a type assertion guarantees will have a particular integer type.

TypeSwitchVarFlowStateTransformer

The implicit definition of a variable with integer type for a case clause of a type switch statement which declares a variable in its guard, which has effectively had a checked type assertion.

UpperBoundCheck

A node that is safely guarded by an UpperBoundCheckGuard.

UpperBoundCheckGuard

An upper bound check that compares a variable to a constant value.

Aliases

Flow

Tracks taint flow from an integer obtained from parsing a string that flows to a type conversion to a smaller integer type, which could cause data loss.