codeql-coding-standards icon indicating copy to clipboard operation
codeql-coding-standards copied to clipboard
verified publisher icon github

`A4-7-1`: Incorporate CERT C integer data loss rules

Open lcartey opened this issue 2 years ago • 0 comments

Affected rules

  • A4-7-1

Description

The IntegerExpressionLeadToDataLoss.ql query should be replaced by the more refined queries from CERT, specifically INT30-C (UnsignedIntegerOperationsWrapAround.ql), INT31-C (IntegerConversionCausesDataLoss.ql), INT32-C (SignedIntegerOverflow.ql) and INT34-C (ExprShiftedByNegativeOrGreaterPrecisionOperand.ql). These provide:

  • Additional results not covered by the original query (particularly around lossy casts and conversions).
  • Improved alert messages with more additional information and no inaccurate descriptions.
  • Additional guard and validation detection, to reduce false positives.

lcartey avatar Jan 17 '24 23:01 lcartey