Integer Overflow or Wraparound (CWE-190)

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.

An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. This can lead to buffer overflows, incorrect financial calculations, or security bypasses.

普及度

中

3 言語をカバー

影響度

ミディアム

レビュー推奨

予防

文書化済み

3 件の修正例

2 予防

この脆弱性の修正方法

3 件の Shoulder 検出ルールに基づく Integer Overflow の予防策。

🐹 Go すべて表示 Go 詳細 →

Integer Overflow via Unchecked Arithmetic MEDIUM

Validate bounds before arithmetic operations with user-controlled integers

+5 -1 go

  func handler(w http.ResponseWriter, r *http.Request) {
-     count, _ := strconv.Atoi(r.URL.Query().Get("count"))
+     count, err := strconv.Atoi(r.URL.Query().Get("count"))
+     if err != nil || count < 0 || count > 10000 {
+         http.Error(w, "Invalid count", 400)
+         return
+     }
      buffer := make([]byte, count*1024)
  }

🟨 JavaScript すべて表示 JavaScript 詳細 →

Integer Overflow via Unchecked Arithmetic MEDIUM

Validate numeric bounds before using user input in allocations or arithmetic

+5 -1 javascript

- const size = parseInt(req.query.size, 10);
+ const MAX_SIZE = 1024 * 1024;
+ const size = parseInt(req.query.size, 10);
+ if (isNaN(size) || size < 0 || size > MAX_SIZE) {
+   return res.status(400).json({ error: 'Invalid size' });
+ }
  const buffer = Buffer.alloc(size);

🐍 Python すべて表示 Python 詳細 →

Integer Overflow / Large Number Handling LOW

Validate numeric bounds before arithmetic operations on user input

+9 -7 python

- from flask import request
- 
- @app.route('/calculate')
- def calculate():
-     count = int(request.args.get('count'))
-     total = count * unit_price
-     return {'total': total}
+ from flask import request, jsonify
+ 
+ @app.route('/calculate')
+ def calculate():
+     count = int(request.args.get('count', 0))
+     if count < 0 or count > 10000:
+         return jsonify({'error': 'Invalid count'}), 400
+     total = count * unit_price
+     return jsonify({'total': total})

3 検出

コードの脆弱性を見つける

Shoulderを使用してコードのInteger Overflow or Wraparoundパターンをスキャンしましょう。 3 ルール.

ターミナル

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=190

# Or scan entire project
npx @shoulderdev/cli trust .

検出ルール (3)

🐹 Go 1 rules

Integer Overflow via Unchecked Arithmetic MEDIUM

User-controlled integer used in arithmetic or allocation without bounds checking.

🟨 Javascript 1 rules

Integer Overflow via Unchecked Arithmetic MEDIUM

Detects user-controlled values flowing into arithmetic operations without bounds checking. While JavaScript uses 64-bit floats for most numbers, integer overflow is still a concern in these scenarios: 1. TypedArrays (Uint8Array, Int32Array, etc.) - values wrap on overflow 2. Bitwise operations - convert to 32-bit signed integers 3. Large number arithmetic affecting security decisions 4. Array/Buffer allocation with user-controlled sizes Common vulnerable patterns: - Buffer allocation: Buffer.a

🔷 Typescript 1 rules

Integer Overflow via Unchecked Arithmetic MEDIUM

🐍 Python 1 rules

Integer Overflow / Large Number Handling LOW

Detects potential integer overflow in numeric operations.

4 警告サイン

コードレビューで注目すべき点

これらのパターンはInteger Overflow or Wraparoundの潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。

🟡

user-controlled values flowing into arithmetic operations without bounds checking javascript-integer-overflow

🔵

potential integer overflow in numeric operations python-integer-overflow

🔍

コードベースをスキャン: Integer Overflow or Wraparound

Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。

npx shoulder trust すべてのルールを表示