Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.
An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. This can lead to buffer overflows, incorrect financial calculations, or security bypasses.
如何修复此漏洞
基于 3 条 Shoulder 检测规则的 Integer Overflow 预防策略。
Validate bounds before arithmetic operations with user-controlled integers
func handler(w http.ResponseWriter, r *http.Request) { - count, _ := strconv.Atoi(r.URL.Query().Get("count")) + count, err := strconv.Atoi(r.URL.Query().Get("count")) + if err != nil || count < 0 || count > 10000 { + http.Error(w, "Invalid count", 400) + return + } buffer := make([]byte, count*1024) }
Validate numeric bounds before using user input in allocations or arithmetic
- const size = parseInt(req.query.size, 10); + const MAX_SIZE = 1024 * 1024; + const size = parseInt(req.query.size, 10); + if (isNaN(size) || size < 0 || size > MAX_SIZE) { + return res.status(400).json({ error: 'Invalid size' }); + } const buffer = Buffer.alloc(size);
Validate numeric bounds before arithmetic operations on user input
- from flask import request - - @app.route('/calculate') - def calculate(): - count = int(request.args.get('count')) - total = count * unit_price - return {'total': total} + from flask import request, jsonify + + @app.route('/calculate') + def calculate(): + count = int(request.args.get('count', 0)) + if count < 0 or count > 10000: + return jsonify({'error': 'Invalid count'}), 400 + total = count * unit_price + return jsonify({'total': total})
查找代码中的漏洞
使用Shoulder扫描代码中的Integer Overflow or Wraparound模式。 3 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=190 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (3)
代码审查中需要关注的内容
这些模式表明潜在的Integer Overflow or Wraparound漏洞。在代码审查和安全审计中注意查找。