Integer trunk #383
Integer trunk #383
Conversation
Now you can do `char oops = 3458079` if you must
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| short short_var; | ||
|
|
||
| // ruleid: integer-truncation | ||
| short_var = int_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
| { | ||
| short short_var; | ||
| // ruleid: integer-truncation | ||
| int int_var = long_var + 1; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
| int int_var = long_var + 1; | ||
|
|
||
| // ruleid: integer-truncation | ||
| short_var = long_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
| { | ||
| int a = 42; | ||
| return a; | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
| int assign_int(int int_var) | ||
| { | ||
| // ruleid: integer-truncation | ||
| char char_var = int_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
| short short_var; | ||
|
|
||
| // ruleid: integer-truncation | ||
| short_var = int_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| { | ||
| short short_var; | ||
| // ruleid: integer-truncation | ||
| int int_var = long_var + 1; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| int int_var = long_var + 1; | ||
|
|
||
| // ruleid: integer-truncation | ||
| short_var = long_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| short shortPrimitive; | ||
| intPrimitive = (int)(~((int)0) ^ (1 << (sizeof(int)*8-1))); | ||
| // ruleid: integer-truncation | ||
| shortPrimitive = intPrimitive; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| { | ||
| int a = 42; | ||
| return a; | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| int assign_int(int int_var) | ||
| { | ||
| // ruleid: integer-truncation | ||
| char char_var = int_var; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml
Cc @thypon @bcaller
| shortPrimitive = intPrimitive; | ||
| printf("Int MAXINT: %d\nShort MAXINT: %d\n", intPrimitive, shortPrimitive); | ||
| // ok: integer-truncation | ||
| char c = 0x0; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
There was a problem hiding this comment.
@thypon why is the blocklist not working?
There was a problem hiding this comment.
I think that LARGE is not captured since it's in an inner pattern-either. The variable will most probably be nil in that metavariable scope
There was a problem hiding this comment.
No, the new rule works. I think this is the original version of the rule from audit.yaml with
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
rather than
Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/integer-truncation.yaml - it somehow didn't get removed by the blocklist
| // ok: integer-truncation | ||
| char c = 0x0; | ||
| // ok: integer-truncation | ||
| char cc = 127; |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Source: https://github.com/0xdea/semgrep-rules/blob/main/c/integer-truncation.yaml
Cc @thypon @bcaller
Closes #382