Add static analysis for unsafe uint casting (#10318)

* Add static analysis for unsafe uint casting * Fix violations of uintcast * go mod tidy * Add exclusion to nogo for darwin build * Add test for math.Int * Move some things to const so they are assured not to exceed int64 * Self review * lint * fix tests * fix test * Add init check for non 64 bit OS * Move new deps from WORKSPACE to deps.bzl * fix bazel build for go analysis runs * Update BUILD.bazel Remove TODO * add math.AddInt method * Add new test casts * Add case where builtin functions and declared functions are covered * Fix new findings * cleanup Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Nishant Das <nishdas93@gmail.com>
2026-01-08 23:18:15 -05:00 · 2022-03-11 03:34:30 -06:00
parent 693cc79cc9
commit c1197d7881
99 changed files with 1081 additions and 220 deletions
--- a/encoding/bytesutil/bytes.go
+++ b/encoding/bytesutil/bytes.go
@@ -190,7 +190,7 @@ func ToLowInt64(x []byte) int64 {
 	}
 	// Use the first 8 bytes.
 	x = x[:8]
-	return int64(binary.LittleEndian.Uint64(x))
+	return int64(binary.LittleEndian.Uint64(x)) // lint:ignore uintcast -- A negative number might be the expected result.
 }

 // SafeCopyRootAtIndex takes a copy of an 32-byte slice in a slice of byte slices. Returns error if index out of range.
--- a/encoding/ssz/merkleize.go
+++ b/encoding/ssz/merkleize.go
@@ -206,7 +206,7 @@ func MerkleizeVector(elements [][32]byte, length uint64) [32]byte {
 	if len(elements) == 0 {
 		return trie.ZeroHashes[depth]
 	}
-	for i := 0; i < int(depth); i++ {
+	for i := uint8(0); i < depth; i++ {
 		layerLen := len(elements)
 		oddNodeLength := layerLen%2 == 1
 		if oddNodeLength {