Resolve underlying type to detect overflows in type aliases

securego · Jul 20, 2024 · 08b94f9 · 08b94f9
1 parent 4487a0c
commit 08b94f9
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/analyzers/conversion_overflow.go b/analyzers/conversion_overflow.go
@@ -47,8 +47,8 @@ func runConversionOverflow(pass *analysis.Pass) (interface{}, error) {
 			for _, instr := range block.Instrs {
 				switch instr := instr.(type) {
 				case *ssa.Convert:
-					src := instr.X.Type().String()
-					dst := instr.Type().String()
+					src := instr.X.Type().Underlying().String()
+					dst := instr.Type().Underlying().String()
 					if isIntOverflow(src, dst) {
 						issue := newIssue(pass.Analyzer.Name,
 							fmt.Sprintf("integer overflow conversion %s -> %s", src, dst),

diff --git a/testutils/g115_samples.go b/testutils/g115_samples.go
@@ -154,4 +154,40 @@ func ExampleFunction() {
 }
 `,
 	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+	"fmt"
+	"math"
+)
+
+type Uint uint
+
+func main() {
+    var a uint8 = math.MaxUint8
+    b := Uint(a)
+    fmt.Println(b)
+}
+	`,
+	}, 0, gosec.NewConfig()},
+	{[]string{
+		`
+package main
+
+import (
+	"fmt"
+	"math"
+)
+
+type CustomType int
+
+func main() {
+    var a uint = math.MaxUint
+    b := CustomType(a)
+    fmt.Println(b)
+}
+	`,
+	}, 1, gosec.NewConfig()},
 }