rules/sdk: potential integer flow: do not flag any value with uint(,32,64)(len(...)) depending on bitsize because by the spec len can never be negative but even int will always fit inside uint, uint32, uint64

[odeke-em]

Seen in code flagged by gosec where this existed

uint32(len(msgs))

given that len can NEVER return any value < 0, its range is [0, maxInt]

int

32 bit machine size

• int(len(...)) will never overflow because len(...) is of type int32 and int is of type int32 too
• int32(len(...)) will never overflow because len(...) is of type int32 and int32 is the same type
• int64(len(...)) will never overflow because

64 bit machine size

• int(len(...)) will never overflow because len(...) is of type int64 and int is of type int64 too
• int32(len(...)) can overflow because len(...) is of type int64 and int32 has a smaller range
• int64(len(...)) will never overflow because len(...) is of type int aka int64 and int64 is the same type

uint

32 bit machine size

• uint(len(...)) will never overflow because uintMax=32([0, maxInt32])
• uint32(len(...)) will never overflow becauseuint32([0, maxInt32])
• uint64(len(...)) will never overflow because uint64([0, maxInt64])

64 bit machine size

• uint(len(...) will never overflow because uintMax=64([0, maxInt64])
• uint32(len(...)) can overflow because uint32([0, maxInt64])
• uint64(len(...)) will never overflow because uint64([0, maxInt64])

Using the above rules we should narrow down how we flag overflows depending on the machine being run on to reduce false positives