Avoid SetString() from big.Rat

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: go-security/avoid-rat-setstring

Language: Go

Severity: Warning

Category: Security

CWE: 109

Description

Do not use the function SetString from big.Rat as it as a potential overflow in some Go versions. Even if your current Go runtime is not vulnerable to this issue, your code may be used by runtime that are. We recommend avoiding the function SetString from the math/big package for this reason.

Learn More

Non-Compliant Code Examples

package main

import (
	"math/big"
	"fmt"
)

func main() {
	var r = big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}
package main

import (
	"math/big"
	"fmt"
)

func anotherFunction() {
	r = big.Rat{}
	fmt.Println(r)
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

func anotherFunction2() {
	var r big.Rat
	fmt.Println(r)
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

func main() {
	var r = big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}
package main

import (
	"math/big"
	"fmt"
)

func main() {
	r := big.Rat{}
	r.SetString("13e-9223372036854775808")

	fmt.Println(r)
}

Compliant Code Examples

package main

import (
	"math/big"
	"fmt"
)

func main() {
	r := big.NewRat(10, 3)

	fmt.Println(r)
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis