Incorrect Type Conversion or Cast (CWE-704)

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Type conversions often have implications for resource and bounds checking. When types are not converted properly, this can lead to access of out-of-bounds memory or misinterpretation of data.

Prevalência

Média

1 linguagens cobertas

Impacto

Alto

3 regras de severidade alta

Prevenção

Documentada

5 exemplos de correção

2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Incorrect Type Conversion baseadas em 5 regras de detecção do Shoulder.

🟨 JavaScript Ver tudo JavaScript detalhes →

tRPC Type Safety Bypass with Any MEDIUM

Use Zod schemas with type inference instead of 'any' to maintain end-to-end type safety in tRPC

+19 -9 javascript

  import { router, publicProcedure } from './trpc';
- 
- export const postRouter = router({
-   createPost: publicProcedure
-     .mutation(async ({ input }: { input: any }) => {
-       return await db.post.create({ data: input });
-     }),
- 
-   getPost: publicProcedure
-     .query(async ({ input }: any) => {
+ import { z } from 'zod';
+ 
+ const createPostInput = z.object({
+   title: z.string().min(1).max(200),
+   content: z.string().min(1),
+   published: z.boolean().default(false),
+ });
+ 
+ export const postRouter = router({
+   createPost: publicProcedure
+     .input(createPostInput)
+     .mutation(async ({ input }) => {
+       // input is typed as { title: string; content: string; published: boolean }
+       return await db.post.create({ data: input });
+     }),
+ 
+   getPost: publicProcedure
+     .input(z.object({ postId: z.number().int().positive() }))
+     .query(async ({ input }) => {
        return await db.post.findUnique({
          where: { id: input.postId },
        });
      }),
  });

TypeScript Unconstrained Generic Type Parameters MEDIUM

Add type constraints using 'extends' to ensure generic parameters have required properties

+15 -7 javascript

- function getIdentifier<T>(entity: T): string {
-   return entity.id.toString(); // T has no guaranteed 'id' property
- }
- 
- function processEntities<T>(items: T[]): void {
-   items.forEach(item => {
-     console.log(item.name); // Runtime error if 'name' missing
+ interface Identifiable {
+   id: number | string;
+ }
+ 
+ interface Named {
+   name: string;
+ }
+ 
+ function getIdentifier<T extends Identifiable>(entity: T): string {
+   return entity.id.toString();
+ }
+ 
+ function processEntities<T extends Named>(items: T[]): void {
+   items.forEach(item => {
+     console.log(item.name);
    });
  }

TypeScript Strict Mode Disabled HIGH

Enable strict mode in tsconfig.json to activate all strict type-checking options

+3 -3 javascript

  {
    "compilerOptions": {
      "target": "ES2020",
      "module": "commonjs",
-     "strict": false,
-     "strictNullChecks": false,
-     "noImplicitAny": false
+     "strict": true,
+     "forceConsistentCasingInFileNames": true,
+     "skipLibCheck": true
    }
  }

3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Incorrect Type Conversion or Cast. 5 regras.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=704

# Or scan entire project
npx @shoulderdev/cli trust .

Regras de Detecção (5)

🔷 Typescript 5 rules

tRPC Type Safety Bypass with Any MEDIUM

Using 'any' type in tRPC procedures defeats type safety and allows unvalidated data to pass through, enabling injection and runtime errors.

TypeScript Unconstrained Generic Type Parameters MEDIUM

Unconstrained generics (<T> or <T extends any>) allow any type to pass through, causing runtime errors and type confusion when accessing properties that do not exist.

TypeScript Strict Mode Disabled HIGH

Disabled TypeScript strict mode flags weaken type safety and allow null/undefined errors, implicit any types, and unsafe function parameters that lead to runtime vulnerabilities.

Unsafe 'any' Type in Security-Sensitive Context HIGH

Using 'any' type with untrusted input bypasses TypeScript's type safety, allowing unvalidated data to flow into security-sensitive operations.

TypeScript Unsafe Type Guard HIGH

Type guards that always return true or use assertions without validation create type confusion, allowing untrusted data to bypass security checks.

🟨 Javascript 1 rules

tRPC Type Safety Bypass with Any MEDIUM

Using 'any' type in tRPC procedures defeats type safety and allows unvalidated data to pass through, enabling injection and runtime errors.

4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Incorrect Type Conversion or Cast. Procure-os durante revisões de código e auditorias de segurança.

🟠

tsconfig.json has '...' disabled. Enable strict mode for better type safety and security. typescript-strict-mode-violations

🟠

Variable declared with 'any' type receives untrusted input from .... This bypasses TypeScript's type safety and may lead typescript-unsafe-any-usage

🟠

Type guard '...' uses 'is' predicate but lacks proper runtime validation. This creates type confusion vulnerabilities. typescript-unsafe-type-guard

🟡

tRPC code uses 'any' type which defeats type safety. Use proper TypeScript types or Zod inference. trpc-type-inference-bypass

🟡

Generic type parameter '...' lacks constraints. Add 'extends' constraint to ensure type safety. typescript-generic-constraint-bypass

🔍

Escaneie seu código para Incorrect Type Conversion or Cast

O Shoulder CLI encontra padrões vulneráveis em todo o seu código.

npx shoulder trust Ver todas as regras