Incorrect Type Conversion or Cast (CWE-704)

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Type conversions often have implications for resource and bounds checking. When types are not converted properly, this can lead to access of out-of-bounds memory or misinterpretation of data.

Prévalence

Moyenne

1 langages couverts

Impact

Élevé

3 règles de sévérité élevée

Prévention

Documentée

5 exemples de correctifs

2 Prévention

Comment corriger cette vulnérabilité

Stratégies de prévention pour Incorrect Type Conversion basées sur 5 règles de détection Shoulder.

🟨 JavaScript Tout voir JavaScript détails →

tRPC Type Safety Bypass with Any MEDIUM

Use Zod schemas with type inference instead of 'any' to maintain end-to-end type safety in tRPC

+19 -9 javascript

  import { router, publicProcedure } from './trpc';
- 
- export const postRouter = router({
-   createPost: publicProcedure
-     .mutation(async ({ input }: { input: any }) => {
-       return await db.post.create({ data: input });
-     }),
- 
-   getPost: publicProcedure
-     .query(async ({ input }: any) => {
+ import { z } from 'zod';
+ 
+ const createPostInput = z.object({
+   title: z.string().min(1).max(200),
+   content: z.string().min(1),
+   published: z.boolean().default(false),
+ });
+ 
+ export const postRouter = router({
+   createPost: publicProcedure
+     .input(createPostInput)
+     .mutation(async ({ input }) => {
+       // input is typed as { title: string; content: string; published: boolean }
+       return await db.post.create({ data: input });
+     }),
+ 
+   getPost: publicProcedure
+     .input(z.object({ postId: z.number().int().positive() }))
+     .query(async ({ input }) => {
        return await db.post.findUnique({
          where: { id: input.postId },
        });
      }),
  });

TypeScript Unconstrained Generic Type Parameters MEDIUM

Add type constraints using 'extends' to ensure generic parameters have required properties

+15 -7 javascript

- function getIdentifier<T>(entity: T): string {
-   return entity.id.toString(); // T has no guaranteed 'id' property
- }
- 
- function processEntities<T>(items: T[]): void {
-   items.forEach(item => {
-     console.log(item.name); // Runtime error if 'name' missing
+ interface Identifiable {
+   id: number | string;
+ }
+ 
+ interface Named {
+   name: string;
+ }
+ 
+ function getIdentifier<T extends Identifiable>(entity: T): string {
+   return entity.id.toString();
+ }
+ 
+ function processEntities<T extends Named>(items: T[]): void {
+   items.forEach(item => {
+     console.log(item.name);
    });
  }

TypeScript Strict Mode Disabled HIGH

Enable strict mode in tsconfig.json to activate all strict type-checking options

+3 -3 javascript

  {
    "compilerOptions": {
      "target": "ES2020",
      "module": "commonjs",
-     "strict": false,
-     "strictNullChecks": false,
-     "noImplicitAny": false
+     "strict": true,
+     "forceConsistentCasingInFileNames": true,
+     "skipLibCheck": true
    }
  }

3 Détection

Trouvez les vulnérabilités dans votre code

Utilisez Shoulder pour scanner votre code à la recherche de patterns Incorrect Type Conversion or Cast. 5 règles.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=704

# Or scan entire project
npx @shoulderdev/cli trust .

Règles de Détection (5)

🔷 Typescript 5 rules

tRPC Type Safety Bypass with Any MEDIUM

Using 'any' type in tRPC procedures defeats type safety and allows unvalidated data to pass through, enabling injection and runtime errors.

TypeScript Unconstrained Generic Type Parameters MEDIUM

Unconstrained generics (<T> or <T extends any>) allow any type to pass through, causing runtime errors and type confusion when accessing properties that do not exist.

TypeScript Strict Mode Disabled HIGH

Disabled TypeScript strict mode flags weaken type safety and allow null/undefined errors, implicit any types, and unsafe function parameters that lead to runtime vulnerabilities.

Unsafe 'any' Type in Security-Sensitive Context HIGH

Using 'any' type with untrusted input bypasses TypeScript's type safety, allowing unvalidated data to flow into security-sensitive operations.

TypeScript Unsafe Type Guard HIGH

Type guards that always return true or use assertions without validation create type confusion, allowing untrusted data to bypass security checks.

🟨 Javascript 1 rules

tRPC Type Safety Bypass with Any MEDIUM

Using 'any' type in tRPC procedures defeats type safety and allows unvalidated data to pass through, enabling injection and runtime errors.

4 Signes d'Alerte

Ce qu'il faut surveiller lors des revues de code

Ces patterns indiquent des vulnérabilités potentielles Incorrect Type Conversion or Cast. Recherchez-les lors des revues de code et des audits de sécurité.

🟠

tsconfig.json has '...' disabled. Enable strict mode for better type safety and security. typescript-strict-mode-violations

🟠

Variable declared with 'any' type receives untrusted input from .... This bypasses TypeScript's type safety and may lead typescript-unsafe-any-usage

🟠

Type guard '...' uses 'is' predicate but lacks proper runtime validation. This creates type confusion vulnerabilities. typescript-unsafe-type-guard

🟡

tRPC code uses 'any' type which defeats type safety. Use proper TypeScript types or Zod inference. trpc-type-inference-bypass

🟡

Generic type parameter '...' lacks constraints. Add 'extends' constraint to ensure type safety. typescript-generic-constraint-bypass

🔍

Scannez votre base de code pour Incorrect Type Conversion or Cast

Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.

npx shoulder trust Parcourir toutes les règles