Integer underflows due to incorrect conversion
Description
The code is downcasting or changing the sign of an integer, which can lead to integer underflows. This occurs when using the strconv.Atoi, strconv.ParseInt, or strconv.ParseUint functions and then casting the result to a smaller integer type.
Examples
Insecure Code
go
x, _ := strconv.Atoi("123"); y := int8(x)Secure Code
go
x, _ := strconv.ParseInt("123", 10, 64); y := xRemediation
Use the correct integer type to avoid underflows. For example, use int64 instead of int32 or int16.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0270 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-681 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | integer underflow, incorrect conversion |
| OWASP | N/A |