Fix TypeAssertionCheck to not block successor flow

owen-mc · owen-mc · commit a3f940d65cf1 · 2025-03-07T20:50:02.000Z
diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -290,13 +290,17 @@ private predicate integerTypeBound(IntegerType it, int bitSize, int architecture
  * the type assertion succeeded. If it is not checked then there will be a
  * run-time panic if the type assertion fails, so we can assume it succeeded.
  */
-class TypeAssertionCheck extends DataFlow::ExprNode, FlowStateTransformer {
+class TypeAssertionCheck extends DataFlow::InstructionNode, FlowStateTransformer {
   IntegerType it;
 
   TypeAssertionCheck() {
-    exists(TypeAssertExpr tae |
-      this = DataFlow::exprNode(tae.getExpr()) and
-      it = tae.getTypeExpr().getType().getUnderlyingType()
+    exists(IR::Instruction evalAssert, TypeAssertExpr assert |
+      it = assert.getTypeExpr().getType().getUnderlyingType() and
+      evalAssert = IR::evalExprInstruction(assert)
+    |
+      if exists(IR::extractTupleElement(evalAssert, _))
+      then this.asInstruction() = IR::extractTupleElement(evalAssert, 0)
+      else this.asInstruction() = evalAssert
     )
   }
 
diff --git a/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected b/go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected
@@ -143,6 +143,7 @@
 | IncorrectIntegerConversion.go:526:7:526:25 | type conversion | IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:526:12:526:24 | type assertion | Incorrect conversion of a signed 64-bit integer from $@ to a lower bit size type int8 without an upper bound check. | IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | strconv.ParseInt |
 | IncorrectIntegerConversion.go:528:7:528:25 | type conversion | IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:528:12:528:24 | type assertion | Incorrect conversion of a signed 64-bit integer from $@ to a lower bit size type int8 without an upper bound check. | IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | strconv.ParseInt |
 | IncorrectIntegerConversion.go:538:7:538:13 | type conversion | IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | IncorrectIntegerConversion.go:538:12:538:12 | v | Incorrect conversion of a signed 64-bit integer from $@ to a lower bit size type int8 without an upper bound check. | IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | strconv.ParseInt |
+| IncorrectIntegerConversion.go:540:7:540:14 | type conversion | IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | IncorrectIntegerConversion.go:540:13:540:13 | v | Incorrect conversion of a signed 64-bit integer from $@ to a lower bit size type int16 without an upper bound check. | IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | strconv.ParseInt |
 | Test64BitArchitectureBuildConstraints.go:26:7:26:17 | type conversion | Test64BitArchitectureBuildConstraints.go:22:3:22:50 | ... := ...[0] | Test64BitArchitectureBuildConstraints.go:26:11:26:16 | parsed | Incorrect conversion of an unsigned 64-bit integer from $@ to a lower bit size type int without an upper bound check. | Test64BitArchitectureBuildConstraints.go:22:3:22:50 | ... := ...[0] | strconv.ParseUint |
 | TestNoArchitectureBuildConstraints.go:16:7:16:19 | type conversion | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | TestNoArchitectureBuildConstraints.go:16:13:16:18 | parsed | Incorrect conversion of an integer with architecture-dependent bit size from $@ to a lower bit size type int32 without an upper bound check. | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | strconv.ParseInt |
 | TestNoArchitectureBuildConstraints.go:17:7:17:20 | type conversion | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | TestNoArchitectureBuildConstraints.go:17:14:17:19 | parsed | Incorrect conversion of an integer with architecture-dependent bit size from $@ to a lower bit size type uint32 without an upper bound check. | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | strconv.ParseInt |
@@ -367,32 +368,31 @@ edges
 | IncorrectIntegerConversion.go:440:2:440:60 | ... := ...[0] | IncorrectIntegerConversion.go:448:12:448:17 | parsed | provenance |  |
 | IncorrectIntegerConversion.go:440:2:440:60 | ... := ...[0] | IncorrectIntegerConversion.go:449:13:449:18 | parsed | provenance |  |
 | IncorrectIntegerConversion.go:493:2:493:38 | ... := ...[0] | IncorrectIntegerConversion.go:495:14:495:18 | input | provenance |  |
-| IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:496:2:501:21 | definition of v | provenance |  |
+| IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:500:13:500:13 | v | provenance |  |
 | IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:502:2:504:13 | definition of v | provenance | Config |
 | IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:505:2:506:13 | definition of v | provenance | Config |
-| IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:507:2:508:21 | definition of v | provenance |  |
-| IncorrectIntegerConversion.go:496:2:501:21 | definition of v | IncorrectIntegerConversion.go:500:13:500:13 | v | provenance | Config |
+| IncorrectIntegerConversion.go:495:14:495:18 | input | IncorrectIntegerConversion.go:508:12:508:12 | v | provenance |  |
 | IncorrectIntegerConversion.go:500:13:500:13 | v | IncorrectIntegerConversion.go:501:12:501:12 | v | provenance |  |
-| IncorrectIntegerConversion.go:501:12:501:12 | v | IncorrectIntegerConversion.go:501:12:501:20 | type assertion | provenance |  |
+| IncorrectIntegerConversion.go:501:12:501:12 | v | IncorrectIntegerConversion.go:501:12:501:20 | type assertion | provenance | Config |
 | IncorrectIntegerConversion.go:502:2:504:13 | definition of v | IncorrectIntegerConversion.go:504:12:504:12 | v | provenance |  |
 | IncorrectIntegerConversion.go:505:2:506:13 | definition of v | IncorrectIntegerConversion.go:506:12:506:12 | v | provenance |  |
-| IncorrectIntegerConversion.go:507:2:508:21 | definition of v | IncorrectIntegerConversion.go:508:12:508:12 | v | provenance | Config |
-| IncorrectIntegerConversion.go:508:12:508:12 | v | IncorrectIntegerConversion.go:508:12:508:20 | type assertion | provenance |  |
-| IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:515:9:515:13 | input | provenance |  |
-| IncorrectIntegerConversion.go:515:9:515:13 | input | IncorrectIntegerConversion.go:517:15:517:19 | input | provenance |  |
-| IncorrectIntegerConversion.go:515:9:515:13 | input | IncorrectIntegerConversion.go:523:13:523:17 | input | provenance | Config |
-| IncorrectIntegerConversion.go:515:9:515:13 | input | IncorrectIntegerConversion.go:526:12:526:16 | input | provenance | Config |
-| IncorrectIntegerConversion.go:515:9:515:13 | input | IncorrectIntegerConversion.go:528:12:528:16 | input | provenance | Config |
-| IncorrectIntegerConversion.go:517:15:517:19 | input | IncorrectIntegerConversion.go:520:13:520:17 | input | provenance | Config |
+| IncorrectIntegerConversion.go:508:12:508:12 | v | IncorrectIntegerConversion.go:508:12:508:20 | type assertion | provenance | Config |
+| IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:520:13:520:17 | input | provenance |  |
+| IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:523:13:523:17 | input | provenance |  |
+| IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:526:12:526:16 | input | provenance |  |
+| IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | IncorrectIntegerConversion.go:528:12:528:16 | input | provenance |  |
 | IncorrectIntegerConversion.go:520:13:520:17 | input | IncorrectIntegerConversion.go:521:12:521:16 | input | provenance |  |
-| IncorrectIntegerConversion.go:521:12:521:16 | input | IncorrectIntegerConversion.go:521:12:521:24 | type assertion | provenance |  |
+| IncorrectIntegerConversion.go:521:12:521:16 | input | IncorrectIntegerConversion.go:521:12:521:24 | type assertion | provenance | Config |
 | IncorrectIntegerConversion.go:523:13:523:17 | input | IncorrectIntegerConversion.go:524:12:524:16 | input | provenance |  |
-| IncorrectIntegerConversion.go:524:12:524:16 | input | IncorrectIntegerConversion.go:524:12:524:24 | type assertion | provenance |  |
-| IncorrectIntegerConversion.go:526:12:526:16 | input | IncorrectIntegerConversion.go:526:12:526:24 | type assertion | provenance |  |
-| IncorrectIntegerConversion.go:528:12:528:16 | input | IncorrectIntegerConversion.go:528:12:528:24 | type assertion | provenance |  |
-| IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | IncorrectIntegerConversion.go:534:6:534:10 | definition of input | provenance |  |
-| IncorrectIntegerConversion.go:534:6:534:10 | definition of input | IncorrectIntegerConversion.go:535:14:535:18 | input | provenance | Config |
-| IncorrectIntegerConversion.go:535:14:535:18 | input | IncorrectIntegerConversion.go:538:12:538:12 | v | provenance |  |
+| IncorrectIntegerConversion.go:524:12:524:16 | input | IncorrectIntegerConversion.go:524:12:524:24 | type assertion | provenance | Config |
+| IncorrectIntegerConversion.go:526:12:526:16 | input | IncorrectIntegerConversion.go:526:12:526:24 | type assertion | provenance | Config |
+| IncorrectIntegerConversion.go:528:12:528:16 | input | IncorrectIntegerConversion.go:528:12:528:24 | type assertion | provenance | Config |
+| IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | IncorrectIntegerConversion.go:535:14:535:18 | input | provenance |  |
+| IncorrectIntegerConversion.go:535:5:535:26 | ... := ...[0] | IncorrectIntegerConversion.go:538:12:538:12 | v | provenance |  |
+| IncorrectIntegerConversion.go:535:14:535:18 | input | IncorrectIntegerConversion.go:535:5:535:26 | ... := ...[0] | provenance | Config |
+| IncorrectIntegerConversion.go:535:14:535:18 | input | IncorrectIntegerConversion.go:539:21:539:25 | input | provenance |  |
+| IncorrectIntegerConversion.go:539:12:539:33 | ... := ...[0] | IncorrectIntegerConversion.go:540:13:540:13 | v | provenance |  |
+| IncorrectIntegerConversion.go:539:21:539:25 | input | IncorrectIntegerConversion.go:539:12:539:33 | ... := ...[0] | provenance | Config |
 | Test64BitArchitectureBuildConstraints.go:22:3:22:50 | ... := ...[0] | Test64BitArchitectureBuildConstraints.go:26:11:26:16 | parsed | provenance |  |
 | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | TestNoArchitectureBuildConstraints.go:16:13:16:18 | parsed | provenance |  |
 | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | TestNoArchitectureBuildConstraints.go:17:14:17:19 | parsed | provenance |  |
@@ -635,20 +635,16 @@ nodes
 | IncorrectIntegerConversion.go:449:13:449:18 | parsed | semmle.label | parsed |
 | IncorrectIntegerConversion.go:493:2:493:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | IncorrectIntegerConversion.go:495:14:495:18 | input | semmle.label | input |
-| IncorrectIntegerConversion.go:496:2:501:21 | definition of v | semmle.label | definition of v |
 | IncorrectIntegerConversion.go:500:13:500:13 | v | semmle.label | v |
 | IncorrectIntegerConversion.go:501:12:501:12 | v | semmle.label | v |
 | IncorrectIntegerConversion.go:501:12:501:20 | type assertion | semmle.label | type assertion |
 | IncorrectIntegerConversion.go:502:2:504:13 | definition of v | semmle.label | definition of v |
 | IncorrectIntegerConversion.go:504:12:504:12 | v | semmle.label | v |
 | IncorrectIntegerConversion.go:505:2:506:13 | definition of v | semmle.label | definition of v |
 | IncorrectIntegerConversion.go:506:12:506:12 | v | semmle.label | v |
-| IncorrectIntegerConversion.go:507:2:508:21 | definition of v | semmle.label | definition of v |
 | IncorrectIntegerConversion.go:508:12:508:12 | v | semmle.label | v |
 | IncorrectIntegerConversion.go:508:12:508:20 | type assertion | semmle.label | type assertion |
 | IncorrectIntegerConversion.go:513:2:513:38 | ... := ...[0] | semmle.label | ... := ...[0] |
-| IncorrectIntegerConversion.go:515:9:515:13 | input | semmle.label | input |
-| IncorrectIntegerConversion.go:517:15:517:19 | input | semmle.label | input |
 | IncorrectIntegerConversion.go:520:13:520:17 | input | semmle.label | input |
 | IncorrectIntegerConversion.go:521:12:521:16 | input | semmle.label | input |
 | IncorrectIntegerConversion.go:521:12:521:24 | type assertion | semmle.label | type assertion |
@@ -660,9 +656,12 @@ nodes
 | IncorrectIntegerConversion.go:528:12:528:16 | input | semmle.label | input |
 | IncorrectIntegerConversion.go:528:12:528:24 | type assertion | semmle.label | type assertion |
 | IncorrectIntegerConversion.go:533:2:533:38 | ... := ...[0] | semmle.label | ... := ...[0] |
-| IncorrectIntegerConversion.go:534:6:534:10 | definition of input | semmle.label | definition of input |
+| IncorrectIntegerConversion.go:535:5:535:26 | ... := ...[0] | semmle.label | ... := ...[0] |
 | IncorrectIntegerConversion.go:535:14:535:18 | input | semmle.label | input |
 | IncorrectIntegerConversion.go:538:12:538:12 | v | semmle.label | v |
+| IncorrectIntegerConversion.go:539:12:539:33 | ... := ...[0] | semmle.label | ... := ...[0] |
+| IncorrectIntegerConversion.go:539:21:539:25 | input | semmle.label | input |
+| IncorrectIntegerConversion.go:540:13:540:13 | v | semmle.label | v |
 | Test64BitArchitectureBuildConstraints.go:22:3:22:50 | ... := ...[0] | semmle.label | ... := ...[0] |
 | Test64BitArchitectureBuildConstraints.go:26:11:26:16 | parsed | semmle.label | parsed |
 | TestNoArchitectureBuildConstraints.go:12:3:12:48 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -674,6 +673,3 @@ nodes
 | TestOldBuildConstraints.go:23:3:23:50 | ... := ...[0] | semmle.label | ... := ...[0] |
 | TestOldBuildConstraints.go:27:11:27:16 | parsed | semmle.label | parsed |
 subpaths
-testFailures
-| IncorrectIntegerConversion.go:540:16:540:30 | comment | Missing result: Alert |
-| IncorrectIntegerConversion.go:540:16:540:30 | comment | Missing result: Sink |
