Class UpperBoundCheck
A node that is safely guarded by an UpperBoundCheckGuard.
When this guarantees that a variable in the non-constant operand is less than some value this may be a barrier guard which should block some flow states and transform some others as they flow through.
For example, in the following code:
if parsed <= math.MaxInt16 {
_ = uint16(parsed)
}
parsed <= math.MaxInt16 is an UpperBoundCheckGuard and uint16(parsed)
is an UpperBoundCheck that would be a barrier for flow states with bit
size greater than 15 and would transform them to a flow state with bit size
15 and the same architecture bit size.
However, in the following code:
parsed, _ := strconv.ParseUint(input, 10, 32)
if parsed < 5 {
_ = uint16(parsed)
}
parsed < 5 is an UpperBoundCheckGuard and uint16(parsed) is a barrier
for all flow states and would not transform any flow states, thus
effectively blocking them.
Import path
import semmle.go.security.IncorrectIntegerConversionLibDirect supertypes
Fields
Predicates
| barrierFor | Holds if this should be a barrier for a flow state with bit size |
Inherited predicates
| asExpr | Gets the expression corresponding to this node, if any. | from Node |
| asInstruction | Gets the IR instruction corresponding to this node, if any. | from Node |
| asParameter | Gets the parameter corresponding to this node, if any. | from Node |
| getAPredecessor | Gets a data-flow node from which data may flow to this node in one (intra-procedural) step. | from Node |
| getASuccessor | Gets a data-flow node to which data may flow from this node in one (intra-procedural) step. | from Node |
| getBasicBlock | Gets the basic block to which this data-flow node belongs, if any. | from Node |
| getBoolValue | Gets the Boolean value this data-flow node contains, if any. | from Node |
| getEnclosingCallable | INTERNAL: Use | from Node |
| getEndColumn | Gets the end column of the location of this node. | from Node |
| getEndLine | Gets the end line of the location of this node. | from Node |
| getExactValue | Gets the string representation of the exact value this data-flow node contains, if any. | from Node |
| getFile | Gets the file in which this node appears. | from Node |
| getFloatValue | Gets the floating-point value this data-flow node contains, if any. | from Node |
| getIntValue | Gets the integer value this data-flow node contains, if any. | from Node |
| getLocation | Gets the location of this node. | from Node |
| getNodeKind | Gets a textual representation of the kind of this data-flow node. | from Node |
| getNumericValue | Gets either | from Node |
| getRoot | Gets the function to which this node belongs. | from Node |
| getStartColumn | Gets the start column of the location of this node. | from Node |
| getStartLine | Gets the start line of the location of this node. | from Node |
| getStringValue | Gets the string value this data-flow node contains, if any. | from Node |
| getType | Gets the type of this node. | from Node |
| getTypeBound | Gets an upper bound on the type of this node. | from Node |
| hasComplexValue | Holds if the complex value this data-flow node contains has real part | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| isConst | Holds if the value of this data-flow node is known at compile time. | from Node |
| isPlatformIndependentConstant | Holds if the result of this instruction is known at compile time, and is guaranteed not to depend on the platform where it is evaluated. | from Node |
| toString | Gets a textual representation of this element. | from Node |
| transform | Gets the flow state that | from FlowStateTransformer |