Go Arithmetic Integer Overflow
Description
Detects potential integer overflow vulnerabilities in Go applications that could occur when processing HTTP request data. These overflows can lead to memory corruption, crashes, or unexpected behavior when handling large numeric values from user input.
Detection Strategy
• Checks if the application imports and uses the net/http package for handling HTTP requests
• Identifies usage of dangerous sink functions that handle numeric values from HTTP requests
• Verifies if numeric values from HTTP requests are used without proper bounds checking
• Reports vulnerabilities when numeric operations could potentially overflow based on user-controlled input
Vulnerable code example
package main
import (
"net/http"
"strconv"
)
func handleRequest(w http.ResponseWriter, r *http.Request) {...✅ Secure code example
package main
import (
"net/http"
"strconv"
)
func handleRequest(w http.ResponseWriter, r *http.Request) {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.