# Integer Overflow or Wraparound (CWE-190)

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.

**Stack:** Python

- Prevalence: 中 覆盖 3 种语言
- Impact: 中 建议审查
- Prevention: 已记录 3 个修复示例

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. This can lead to buffer overflows, incorrect financial calculations, or security bypasses.

## Prevention

基于 1 条 Shoulder 检测规则的 Integer Overflow 预防策略。

### Python

Validate numeric bounds before arithmetic operations on user input

## Warning Signs

- [LOW] potential integer overflow in numeric operations

## Consequences

- 拒绝服务 (DoS)
- 执行未授权代码
- 修改应用程序数据

## Mitigations

- 使用能检查整数溢出的语言或库
- 验证输入处于预期范围内
- 使用能检查溢出的安全算术函数

## Detection

- Total rules: 3
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (1 rules)

- **Integer Overflow / Large Number Handling** [LOW]: Detects potential integer overflow in numeric operations.
  - Remediation: Validate numeric bounds before arithmetic operations.

```python
from flask import request, jsonify

@app.route('/calculate')
def calculate():
    count = int(request.args.get('count', 0))
    if count < 0 or count > 10000:
        return jsonify({'error': 'Invalid count'}), 400

    result = count * unit_price
    return jsonify({'total': result})
```

Learn more: https://shoulder.dev/learn/python/cwe-190/integer-overflow